1. Cross-site scripting (reflected)
2. Cookie scoped to parent domain
3. Cross-domain Referer leakage
4. Cookie without HttpOnly flag set
5. HTML does not specify charset
Severity: | High |
Confidence: | Certain |
Host: | http://pixel.invitemedia |
Path: | /rubicon_sync |
GET /rubicon_sync?publisher Host: pixel.invitemedia.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://tap2-cdn Cookie: optout=* Content-Length: 10 |
HTTP/1.1 200 OK Date: Mon, 02 Jan 2012 22:30:10 GMT Pragma: no-cache Content-Type: text/html P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Length: 264 Connection: close Server: Jetty(7.3.1.v20110307) <html><body><img width="0" height="0" src="http://tap ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://pixel.invitemedia |
Path: | /rubicon_sync |
GET /rubicon_sync HTTP/1.1 Host: pixel.invitemedia.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Date: Tue, 03 Jan 2012 02:30:44 GMT Set-Cookie: uid=b19fd6d3-c9ba-4fa7 Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Content-Type: text/javascript P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Cache-Control: no-cache Content-Length: 155 Connection: close Server: Jetty(7.3.1.v20110307) document.write('<img width="0" height="0" src="None?Expiration |
Severity: | Information |
Confidence: | Certain |
Host: | http://pixel.invitemedia |
Path: | /rubicon_sync |
GET /rubicon_sync?publisher Host: pixel.invitemedia.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://tap2-cdn Cookie: optout=* Content-Length: 10 |
HTTP/1.1 200 OK Date: Mon, 02 Jan 2012 22:30:06 GMT Pragma: no-cache Content-Type: text/html P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Length: 221 Connection: close Server: Jetty(7.3.1.v20110307) <html><body><img width="0" height="0" src="http://tap ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://pixel.invitemedia |
Path: | /rubicon_sync |
GET /rubicon_sync HTTP/1.1 Host: pixel.invitemedia.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Date: Tue, 03 Jan 2012 02:30:44 GMT Set-Cookie: uid=b19fd6d3-c9ba-4fa7 Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Content-Type: text/javascript P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Cache-Control: no-cache Content-Length: 155 Connection: close Server: Jetty(7.3.1.v20110307) document.write('<img width="0" height="0" src="None?Expiration |
Severity: | Information |
Confidence: | Certain |
Host: | http://pixel.invitemedia |
Path: | /rubicon_sync |
GET /rubicon_sync?publisher Host: pixel.invitemedia.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://tap2-cdn Cookie: optout=* Content-Length: 10 |
HTTP/1.1 200 OK Date: Mon, 02 Jan 2012 22:30:06 GMT Pragma: no-cache Content-Type: text/html P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Length: 221 Connection: close Server: Jetty(7.3.1.v20110307) <html><body><img width="0" height="0" src="http://tap ...[SNIP]... |